diff options
Diffstat (limited to 'meta-security-compliance')
21 files changed, 0 insertions, 696 deletions
diff --git a/meta-security-compliance/README b/meta-security-compliance/README deleted file mode 100644 index 320f856..0000000 --- a/meta-security-compliance/README +++ /dev/null @@ -1,41 +0,0 @@ -# Meta-security-compliance - -This layer is meant to contain programs to help in security compliance and auditing - - -Dependencies -============ - -This layer depends on: - - URI: git://git.openembedded.org/bitbake - branch: master - - URI: git://git.openembedded.org/openembedded-core - layers: meta - branch: master - -or - - URI: git://git.yoctoproject.org/poky - branch: master - - - -Maintenance ------------ - -Send pull requests, patches, comments or questions to yocto@yoctoproject.org - -When sending single patches, please using something like: -'git send-email -1 --to yocto@yoctoproject.org --subject-prefix=meta-security-compliance][PATCH' - -Layer Maintainer: Armin Kuster <akuster808@gmail.com> - - -License -======= - -All metadata is MIT licensed unless otherwise stated. Source code included -in tree for individual recipes is under the LICENSE stated in each recipe -(.bb file) unless otherwise stated. diff --git a/meta-security-compliance/conf/layer.conf b/meta-security-compliance/conf/layer.conf deleted file mode 100644 index 8572a1f..0000000 --- a/meta-security-compliance/conf/layer.conf +++ /dev/null @@ -1,15 +0,0 @@ -# We have a conf and classes directory, add to BBPATH -BBPATH .= ":${LAYERDIR}" - -# We have a recipes directory, add to BBFILES -BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend" - -BBFILE_COLLECTIONS += "scanners-layer" -BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/" -BBFILE_PRIORITY_scanners-layer = "10" - -LAYERSERIES_COMPAT_scanners-layer = "zeus" - -LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python" - -BBLAYERS_LAYERINDEX_NAME_scanners-layer = "meta-security-compliance" diff --git a/meta-security-compliance/recipes-auditors/lynis/lynis_2.7.5.bb b/meta-security-compliance/recipes-auditors/lynis/lynis_2.7.5.bb deleted file mode 100644 index 21e4517..0000000 --- a/meta-security-compliance/recipes-auditors/lynis/lynis_2.7.5.bb +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (C) 2017 Armin Kuster <akuster808@gmail.com> -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMMARY = "Lynis is a free and open source security and auditing tool." -HOMEDIR = "https://cisofy.com/" -LICENSE = "GPL-3.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1" - -SRC_URI = "https://cisofy.com/files/${BPN}-${PV}.tar.gz" - -SRC_URI[md5sum] = "fb527b6976e70a6bcd57036c9cddc242" -SRC_URI[sha256sum] = "3d27ade73a5c1248925ad9c060024940ce5d2029f40aaa901f43314888fe324d" - -S = "${WORKDIR}/${BPN}" - -inherit autotools-brokensep - -do_compile[noexec] = "1" -do_configure[noexec] = "1" - -do_install () { - install -d ${D}/${bindir} - install -d ${D}/${sysconfdir}/lynis - install -m 555 ${S}/lynis ${D}/${bindir} - - install -d ${D}/${datadir}/lynis/db - install -d ${D}/${datadir}/lynis/plugins - install -d ${D}/${datadir}/lynis/include - install -d ${D}/${datadir}/lynis/extras - - cp -r ${S}/db/* ${D}/${datadir}/lynis/db/. - cp -r ${S}/plugins/* ${D}/${datadir}/lynis/plugins/. - cp -r ${S}/include/* ${D}/${datadir}/lynis/include/. - cp -r ${S}/extras/* ${D}/${datadir}/lynis/extras/. - cp ${S}/*.prf ${D}/${sysconfdir}/lynis -} - -FILES_${PN} += "${sysconfdir}/developer.prf ${sysconfdir}/default.prf" -FILES_${PN}-doc += "lynis.8 FAQ README CHANGELOG.md CONTRIBUTIONS.md CONTRIBUTORS.md" - -RDEPENDS_${PN} += "procps" diff --git a/meta-security-compliance/recipes-core/openembedded-release/openembedded-release_1.0.bb b/meta-security-compliance/recipes-core/openembedded-release/openembedded-release_1.0.bb deleted file mode 100644 index 0ad427d..0000000 --- a/meta-security-compliance/recipes-core/openembedded-release/openembedded-release_1.0.bb +++ /dev/null @@ -1,32 +0,0 @@ -inherit allarch - -SUMMARY = "Operating release identification" -DESCRIPTION = "The /etc/openembedded-release file contains operating system identification data." -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -INHIBIT_DEFAULT_DEPS = "1" - -do_fetch[noexec] = "1" -do_unpack[noexec] = "1" -do_patch[noexec] = "1" -do_configure[noexec] = "1" - -VERSION = "0" -RELEASE_NAME = "${DISTRO_NAME} ${DISTRO} ${VERSION}" - -def sanitise_version(ver): - ret = ver.replace('+', '-').replace(' ','_') - return ret.lower() - -python do_compile () { - import shutil - release_name = d.getVar('RELEASE_NAME') - with open(d.expand('${B}/openemebedded-release'), 'w') as f: - f.write('%s\n' % release_name) -} -do_compile[vardeps] += "${RELEASE_NAME}" - -do_install () { - install -d ${D}${sysconfdir} - install -m 0644 openemebedded-release ${D}${sysconfdir}/ -} diff --git a/meta-security-compliance/recipes-core/os-release/os-release.bbappend b/meta-security-compliance/recipes-core/os-release/os-release.bbappend deleted file mode 100644 index 604bacb..0000000 --- a/meta-security-compliance/recipes-core/os-release/os-release.bbappend +++ /dev/null @@ -1 +0,0 @@ -CPE_NAME="cpe:/o:openembedded:nodistro:0" diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xccdf.xml b/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xccdf.xml deleted file mode 100644 index d3b2c9a..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xccdf.xml +++ /dev/null @@ -1,14 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<xccdf:Benchmark xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="generated-xccdf" resolved="1"> - <xccdf:status>incomplete</xccdf:status> - <xccdf:title>Automatically generated XCCDF from OVAL file: OpenEmbedded_nodistro_0.xml</xccdf:title> - <xccdf:description>This file has been generated automatically from oval definitions file.</xccdf:description> - <xccdf:version time="2017-06-07T04:05:05">None, generated from OVAL file.</xccdf:version> - <xccdf:Rule selected="true" id="oval-com.redhat.rhsa-def-20171365"> - <xccdf:title>CPE-2017:1365: nss security and bug fix update (Important)</xccdf:title> - <xccdf:ident system="http://cve.mitre.org">CVE-2017-7502</xccdf:ident> - <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"> - <xccdf:check-content-ref href="OpenEmbedded_nodistro_0.xml" name="oval:com.redhat.rhsa:def:20171365"/> - </xccdf:check> - </xccdf:Rule> -</xccdf:Benchmark> diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xml b/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xml deleted file mode 100644 index a9bf2a0..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/OpenEmbedded_nodistro_0.xml +++ /dev/null @@ -1,83 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:red-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd"> - <generator> - <oval:product_name>OpenEmbedded Errata Test System</oval:product_name> - <oval:schema_version>5.10.1</oval:schema_version> - <oval:timestamp>2017-06-07T04:05:05</oval:timestamp> - </generator> - - <definitions> - <definition class="patch" id="oval:com.redhat.rhsa:def:20171365" version="604"> - <metadata> - <title>CPE-2017:1365: nss security and bug fix update (Important)</title> - <affected family="unix"> - <platform>OpenEmbedded Nodistro</platform> - </affected> - <reference ref_id="RHSA-2017:1365-03" ref_url="https://access.redhat.com/errata/RHSA-2017:1365" source="RHSA"/> - <reference ref_id="CVE-2017-7502" ref_url="https://access.redhat.com/security/cve/CVE-2017-7502" source="CVE"/> - <description>Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. - -Security Fix(es): - -* A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library. (CVE-2017-7502) - -Bug Fix(es): - -* The Network Security Services (NSS) code and Certificate Authority (CA) list have been updated to meet the recommendations as published with the latest Mozilla Firefox Extended Support Release (ESR). The updated CA list improves compatibility with the certificates that are used in the Internet Public Key Infrastructure (PKI). To avoid certificate validation refusals, Red Hat recommends installing the updated CA list on June 12, 2017. (BZ#1451421)</description> - -<!-- ~~~~~~~~~~~~~~~~~~~~ advisory details ~~~~~~~~~~~~~~~~~~~ --> - -<advisory from="example.com"> - <severity>Important</severity> - <rights>NA</rights> - <issued date="2017-05-30"/> - <updated date="2017-05-30"/> - <cve cvss3="7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" cwe="CWE-476" href="https://access.redhat.com/security/cve/CVE-2017-7502">CVE-2017-7502</cve> - <bugzilla href="https://bugzilla.redhat.com/1446631" id="1446631">CVE-2017-7502 nss: Null pointer dereference when handling empty SSLv2 messages</bugzilla> - <affected_cpe_list> - <cpe>cpe:/o:openembedded:nodistro:0</cpe> - </affected_cpe_list> -</advisory> - </metadata> - -<criteria operator="AND"> - <criterion comment="Red Hat Enterprise Linux 7 Client is installed" test_ref="oval:com.redhat.rhsa:tst:20171365001"/> - <criterion comment="nss is earlier than 0:3.28.4-r0" test_ref="oval:com.redhat.rhsa:tst:20171365007"/> -</criteria> - - </definition> - </definitions> - <tests> - <!-- ~~~~~~~~~~~~~~~~~~~~~ rpminfo tests ~~~~~~~~~~~~~~~~~~~~~ --> - <rpminfo_test check="at least one" comment="Red Hat Enterprise Linux 7 Client is installed" id="oval:com.redhat.rhsa:tst:20171365001" version="604" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> - <object object_ref="oval:com.redhat.rhsa:obj:20171365001"/> - <state state_ref="oval:com.redhat.rhsa:ste:20171365002"/> -</rpminfo_test> -<rpminfo_test check="at least one" comment="nss is earlier than 0:3.31.4-r0" id="oval:com.redhat.rhsa:tst:20171365007" version="604" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> - <object object_ref="oval:com.redhat.rhsa:obj:20171365006"/> - <state state_ref="oval:com.redhat.rhsa:ste:20171365003"/> -</rpminfo_test> - - </tests> - - <objects> - <!-- ~~~~~~~~~~~~~~~~~~~~ rpminfo objects ~~~~~~~~~~~~~~~~~~~~ --> - <rpminfo_object id="oval:com.redhat.rhsa:obj:20171365006" version="604" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> - <name>nss</name> -</rpminfo_object> -<rpminfo_object id="oval:com.redhat.rhsa:obj:20171365001" version="604" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> - <name>openembedded-release</name> -</rpminfo_object> - - </objects> - <states> - <!-- ~~~~~~~~~~~~~~~~~~~~ rpminfo states ~~~~~~~~~~~~~~~~~~~~~ --> -<rpminfo_state id="oval:com.redhat.rhsa:ste:20171365002" version="604" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> - <version operation="pattern match">^1[^\d]</version> -</rpminfo_state> -<rpminfo_state id="oval:com.redhat.rhsa:ste:20171365003" version="604" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> - <evr datatype="evr_string" operation="less than">0:3.31.4-r0</evr> -</rpminfo_state> - - </states> -</oval_definitions> diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/oval-to-xccdf.xslt b/meta-security-compliance/recipes-openscap/oe-scap/files/oval-to-xccdf.xslt deleted file mode 100644 index 2243ac4..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/oval-to-xccdf.xslt +++ /dev/null @@ -1,72 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Copyright 2012 Red Hat Inc., Durham, North Carolina. All Rights Reserved. - -This transformation is free software; you can redistribute it and/or modify -it under the terms of the GNU Lesser General Public License as published by -the Free Software Foundation; either version 2.1 of the License. - -This transformation is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -for more details. - -You should have received a copy of the GNU Lesser General Public License along -with this library; if not, write to the Free Software Foundation, Inc., 59 -Temple Place, Suite 330, Boston, MA 02111-1307 USA - -Authors: - Šimon Lukašík <slukasik@redhat.com> ---> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0" - xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" - xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" - xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"> - <xsl:output method="xml" encoding="UTF-8"/> - - <xsl:template match="/"> - <xccdf:Benchmark id="generated-xccdf" resolved="1"> - <xccdf:status>incomplete</xccdf:status> - <xccdf:title> - <xsl:text>Automatically generated XCCDF from OVAL file: </xsl:text> - <xsl:value-of select="$ovalfile"/> - </xccdf:title> - <xccdf:description>This file has been generated automatically from oval definitions file.</xccdf:description> - <xccdf:version> - <xsl:attribute name="time"> - <xsl:value-of select="normalize-space(oval-def:oval_definitions/oval-def:generator/oval:timestamp[1]/text())"/> - </xsl:attribute> - <xsl:text>None, generated from OVAL file.</xsl:text> - </xccdf:version> - <xsl:apply-templates select="oval-def:oval_definitions/oval-def:definitions/oval-def:definition"/> - </xccdf:Benchmark> - </xsl:template> - - <xsl:template match="oval-def:definition"> - <xccdf:Rule selected="true"> - <xsl:attribute name="id"> - <xsl:value-of select="translate(@id,':','-')"/> - </xsl:attribute> - <xccdf:title> - <xsl:copy-of select="oval-def:metadata/oval-def:title/text()"/> - </xccdf:title> - <xsl:apply-templates select="oval-def:metadata/oval-def:advisory/oval-def:cve"/> - <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"> - <xccdf:check-content-ref href="file"> - <xsl:attribute name="name"> - <xsl:value-of select="@id"/> - </xsl:attribute> - <xsl:attribute name="href"> - <xsl:value-of select="$ovalfile"/> - </xsl:attribute> - </xccdf:check-content-ref> - </xccdf:check> - </xccdf:Rule> - </xsl:template> - - <xsl:template match="oval-def:cve"> - <xccdf:ident system="http://cve.mitre.org"> - <xsl:copy-of select="text()"/> - </xccdf:ident> - </xsl:template> -</xsl:stylesheet> - diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/run_cve.sh b/meta-security-compliance/recipes-openscap/oe-scap/files/run_cve.sh deleted file mode 100644 index 48a7485..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/run_cve.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -oscap oval eval \ ---report oval.html \ ---verbose-log-file filedevel.log \ ---verbose DEVEL \ -/usr/share/xml/scap/ssg/content/ssg-openembedded-ds.xml diff --git a/meta-security-compliance/recipes-openscap/oe-scap/files/run_test.sh b/meta-security-compliance/recipes-openscap/oe-scap/files/run_test.sh deleted file mode 100644 index 70cd82c..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/files/run_test.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -#oscap oval eval --result-file ./myresults.xml ./OpenEmbedded_nodistro_0.xml - -oscap xccdf eval --results results.xml --report report.html OpenEmbedded_nodistro_0.xccdf.xml diff --git a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb deleted file mode 100644 index fd53fcb..0000000 --- a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright (C) 2017 Armin Kuster <akuster808@gmail.com> -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "OE SCAP files" -LIC_FILES_CHKSUM = "file://README.md;md5=46dec9f167b6e05986cb4023df6d92f4" -LICENSE = "MIT" - -SRCREV = "7147871d7f37d408c0dd7720ef0fd3ec1b54ad98" -SRC_URI = "git://github.com/akuster/oe-scap.git" -SRC_URI += " \ - file://run_cve.sh \ - file://run_test.sh \ - file://OpenEmbedded_nodistro_0.xml \ - file://OpenEmbedded_nodistro_0.xccdf.xml \ - " - -S = "${WORKDIR}/git" - -do_configure[noexec] = "1" -do_compile[noexec] = "1" - -do_install () { - install -d ${D}/${datadir}/oe-scap - install ${WORKDIR}/run_cve.sh ${D}/${datadir}/oe-scap/. - install ${WORKDIR}/run_test.sh ${D}/${datadir}/oe-scap/. - install ${WORKDIR}/OpenEmbedded_nodistro_0.xml ${D}/${datadir}/oe-scap/. - install ${WORKDIR}/OpenEmbedded_nodistro_0.xccdf.xml ${D}/${datadir}/oe-scap/. - cp ${S}/* ${D}/${datadir}/oe-scap/. -} - -FILES_${PN} += "${datadir}/oe-scap" - -RDEPENDS_${PN} = "openscap bash" diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/files/0001-Renamed-module-and-variables-to-get-rid-of-async.patch b/meta-security-compliance/recipes-openscap/openscap-daemon/files/0001-Renamed-module-and-variables-to-get-rid-of-async.patch deleted file mode 100644 index 2a518bf..0000000 --- a/meta-security-compliance/recipes-openscap/openscap-daemon/files/0001-Renamed-module-and-variables-to-get-rid-of-async.patch +++ /dev/null @@ -1,130 +0,0 @@ -From c34349720a57997d30946286756e2ba9dbab6ace Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com> -Date: Mon, 2 Jul 2018 11:21:19 +0200 -Subject: [PATCH] Renamed module and variables to get rid of async. - -async is a reserved word in Python 3.7. - -Upstream-Status: Backport -[https://github.com/OpenSCAP/openscap-daemon/commit/c34349720a57997d30946286756e2ba9dbab6ace] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - openscap_daemon/{async.py => async_tools.py} | 0 - openscap_daemon/dbus_daemon.py | 2 +- - openscap_daemon/system.py | 16 ++++++++-------- - tests/unit/test_basic_update.py | 3 ++- - 4 files changed, 11 insertions(+), 10 deletions(-) - rename openscap_daemon/{async.py => async_tools.py} (100%) - -diff --git a/openscap_daemon/async.py b/openscap_daemon/async_tools.py -similarity index 100% -rename from openscap_daemon/async.py -rename to openscap_daemon/async_tools.py -diff --git a/openscap_daemon/dbus_daemon.py b/openscap_daemon/dbus_daemon.py -index e6eadf9..cb6a8b6 100644 ---- a/openscap_daemon/dbus_daemon.py -+++ b/openscap_daemon/dbus_daemon.py -@@ -81,7 +81,7 @@ class OpenSCAPDaemonDbus(dbus.service.Object): - @dbus.service.method(dbus_interface=dbus_utils.DBUS_INTERFACE, - in_signature="", out_signature="a(xsi)") - def GetAsyncActionsStatus(self): -- return self.system.async.get_status() -+ return self.system.async_manager.get_status() - - @dbus.service.method(dbus_interface=dbus_utils.DBUS_INTERFACE, - in_signature="s", out_signature="(sssn)") -diff --git a/openscap_daemon/system.py b/openscap_daemon/system.py -index 2012f6e..85c2680 100644 ---- a/openscap_daemon/system.py -+++ b/openscap_daemon/system.py -@@ -26,7 +26,7 @@ import logging - from openscap_daemon.task import Task - from openscap_daemon.config import Configuration - from openscap_daemon import oscap_helpers --from openscap_daemon import async -+from openscap_daemon import async_tools - - - class ResultsNotAvailable(Exception): -@@ -40,7 +40,7 @@ TASK_ACTION_PRIORITY = 10 - - class System(object): - def __init__(self, config_file): -- self.async = async.AsyncManager() -+ self.async_manager = async_tools.AsyncManager() - - logging.info("Loading configuration from '%s'.", config_file) - self.config = Configuration() -@@ -90,7 +90,7 @@ class System(object): - input_file, tailoring_file, None - ) - -- class AsyncEvaluateSpecAction(async.AsyncAction): -+ class AsyncEvaluateSpecAction(async_tools.AsyncAction): - def __init__(self, system, spec): - super(System.AsyncEvaluateSpecAction, self).__init__() - -@@ -113,7 +113,7 @@ class System(object): - return "Evaluate Spec '%s'" % (self.spec) - - def evaluate_spec_async(self, spec): -- return self.async.enqueue( -+ return self.async_manager.enqueue( - System.AsyncEvaluateSpecAction( - self, - spec -@@ -488,7 +488,7 @@ class System(object): - - return ret - -- class AsyncUpdateTaskAction(async.AsyncAction): -+ class AsyncUpdateTaskAction(async_tools.AsyncAction): - def __init__(self, system, task_id, reference_datetime): - super(System.AsyncUpdateTaskAction, self).__init__() - -@@ -536,7 +536,7 @@ class System(object): - - if task.should_be_updated(reference_datetime): - self.tasks_scheduled.add(task.id_) -- self.async.enqueue( -+ self.async_manager.enqueue( - System.AsyncUpdateTaskAction( - self, - task.id_, -@@ -662,7 +662,7 @@ class System(object): - fix_type - ) - -- class AsyncEvaluateCVEScannerWorkerAction(async.AsyncAction): -+ class AsyncEvaluateCVEScannerWorkerAction(async_tools.AsyncAction): - def __init__(self, system, worker): - super(System.AsyncEvaluateCVEScannerWorkerAction, self).__init__() - -@@ -680,7 +680,7 @@ class System(object): - return "Evaluate CVE Scanner Worker '%s'" % (self.worker) - - def evaluate_cve_scanner_worker_async(self, worker): -- return self.async.enqueue( -+ return self.async_manager.enqueue( - System.AsyncEvaluateCVEScannerWorkerAction( - self, - worker -diff --git a/tests/unit/test_basic_update.py b/tests/unit/test_basic_update.py -index 6f683e6..7f953f7 100755 ---- a/tests/unit/test_basic_update.py -+++ b/tests/unit/test_basic_update.py -@@ -37,8 +37,9 @@ class BasicUpdateTest(unit_test_harness.APITest): - print(self.system.tasks) - self.system.schedule_tasks() - -- while len(self.system.async.actions) > 0: -+ while len(self.system.async_manager.actions) > 0: - time.sleep(1) - -+ - if __name__ == "__main__": - BasicUpdateTest.run() --- -2.7.4 - diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb deleted file mode 100644 index ca6e030..0000000 --- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (C) 2017 Armin Kuster <akuster808@gmail.com> -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "The OpenSCAP Daemon is a service that runs in the background." -HOME_URL = "https://www.open-scap.org/tools/openscap-daemon/" -LIC_FILES_CHKSUM = "file://LICENSE;md5=40d2542b8c43a3ec2b7f5da31a697b88" -LICENSE = "LGPL-2.1" - -DEPENDS = "python3-dbus" - -SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76" -SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git \ - file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \ - " - -inherit setuptools3 - -S = "${WORKDIR}/git" - -RDEPENDS_${PN} = "python" diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc deleted file mode 100644 index afa576a..0000000 --- a/meta-security-compliance/recipes-openscap/openscap/openscap.inc +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (C) 2017 Armin Kuster <akuster808@gmail.com> -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "NIST Certified SCAP 1.2 toolkit" -HOME_URL = "https://www.open-scap.org/tools/openscap-base/" -LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" -LICENSE = "LGPL-2.1" - -DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig" -DEPENDS_class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native" - -S = "${WORKDIR}/git" - -inherit cmake pkgconfig python3native perlnative - -PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" -PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3" -PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl" -PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm" -PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt" -PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss" -PACKAGECONFIG[selinux] = ", ,libselinux" - -EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \ - -DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \ - -DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \ - -DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \ - -DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \ - -DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \ - -DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \ - -DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \ - " - -STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source" -STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" - -do_configure_append_class-native () { - sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h - sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h - sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h -} - -do_install_class-native[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" -do_install_append_class-native () { - oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} - install -d $oscapdir - cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir -} - - -FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS_${PN} += "libxml2 python3-core libgcc bash" - -BBCLASSEXTEND = "native" diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb deleted file mode 100644 index ad29efd..0000000 --- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb +++ /dev/null @@ -1,9 +0,0 @@ -SUMARRY = "NIST Certified SCAP 1.2 toolkit" - -require openscap.inc - -SRCREV = "3a4c635691380fa990a226acc8558db35d7ebabc" -SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \ -" - -DEFAULT_PREFERENCE = "-1" diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb deleted file mode 100644 index 963d3de..0000000 --- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb +++ /dev/null @@ -1,12 +0,0 @@ -# Copyright (C) 2017 Armin Kuster <akuster808@gmail.com> -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes" - -include openscap.inc - -SRCREV = "4bbdb46ff651f809d5b38ca08d769790c4bfff90" -SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \ -" - -PV = "1.3.1+git${SRCPV}" diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-XML-parsing-of-the-remediation-functions-file.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-XML-parsing-of-the-remediation-functions-file.patch deleted file mode 100644 index c0b93e4..0000000 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-XML-parsing-of-the-remediation-functions-file.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 174293162e5840684d967e36840fc1f9f57c90be Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com> -Date: Thu, 5 Dec 2019 15:02:05 +0100 -Subject: [PATCH] Fix XML "parsing" of the remediation functions file. - -A proper fix is not worth the effort, as we aim to kill shared Bash remediation -with Jinja2 macros. - -Upstream-Status: Backport -[https://github.com/ComplianceAsCode/content/commit/174293162e5840684d967e36840fc1f9f57c90be] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - ssg/build_remediations.py | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/ssg/build_remediations.py b/ssg/build_remediations.py -index 7da807bd6..13e90f732 100644 ---- a/ssg/build_remediations.py -+++ b/ssg/build_remediations.py -@@ -56,11 +56,11 @@ def get_available_functions(build_dir): - remediation_functions = [] - with codecs.open(xmlfilepath, "r", encoding="utf-8") as xmlfile: - filestring = xmlfile.read() -- # This regex looks implementation dependent but we can rely on -- # ElementTree sorting XML attrs alphabetically. Hidden is guaranteed -- # to be the first attr and ID is guaranteed to be second. -+ # This regex looks implementation dependent but we can rely on the element attributes -+ # being present on one line. -+ # We can't rely on ElementTree sorting XML attrs in any way since Python 3.7. - remediation_functions = re.findall( -- r'<Value hidden=\"true\" id=\"function_(\S+)\"', -+ r'<Value.*id=\"function_(\S+)\"', - filestring, re.DOTALL - ) - --- -2.17.1 - diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch deleted file mode 100644 index f0c9909..0000000 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 28a35d63a0cc6b7beb51c77d93bb30778e6960cd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com> -Date: Mon, 9 Dec 2019 13:41:47 +0100 -Subject: [PATCH] Fixed the broken fix, when greedy regex ate the whole file. - -We want to match attributes in an XML element, not in the whole file. - -Upstream-Status: Backport -[https://github.com/ComplianceAsCode/content/commit/28a35d63a0cc6b7beb51c77d93bb30778e6960cd] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - ssg/build_remediations.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ssg/build_remediations.py b/ssg/build_remediations.py -index 13e90f732..edf31c0cf 100644 ---- a/ssg/build_remediations.py -+++ b/ssg/build_remediations.py -@@ -57,10 +57,10 @@ def get_available_functions(build_dir): - with codecs.open(xmlfilepath, "r", encoding="utf-8") as xmlfile: - filestring = xmlfile.read() - # This regex looks implementation dependent but we can rely on the element attributes -- # being present on one line. -+ # being present. Beware, DOTALL means we go through the whole file at once. - # We can't rely on ElementTree sorting XML attrs in any way since Python 3.7. - remediation_functions = re.findall( -- r'<Value.*id=\"function_(\S+)\"', -+ r'<Value[^>]+id=\"function_(\S+)\"', - filestring, re.DOTALL - ) - --- -2.17.1 - diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc deleted file mode 100644 index 3212310..0000000 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright (C) 2017 Armin Kuster <akuster808@gmail.com> -# Released under the MIT license (see COPYING.MIT for the terms) - -SUMARRY = "SCAP content for various platforms" -HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/" -LIC_FILES_CHKSUM = "file://LICENSE;md5=97662e4486d9a1d09f358851d9f41a1a" -LICENSE = "LGPL-2.1" - -DEPENDS = "openscap-native python3 python3-pyyaml-native python3-jinja2-native libxml2-native" - -S = "${WORKDIR}/git" - -inherit cmake pkgconfig python3native - -STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" - -OECMAKE_GENERATOR = "Unix Makefiles" - -EXTRA_OECMAKE += "-DENABLE_PYTHON_COVERAGE=OFF" - -B = "${S}/build" - -do_configure[depends] += "openscap-native:do_install" - -do_configure_prepend () { - sed -i -e 's:NAMES\ sed:NAMES\ ${HOSTTOOLS_DIR}/sed:g' ${S}/CMakeLists.txt - sed -i -e 's:NAMES\ grep:NAMES\ ${HOSTTOOLS_DIR}/grep:g' ${S}/CMakeLists.txt -} - -FILES_${PN} += "${datadir}/xml" - -RDEPENDS_${PN} = "openscap" diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb deleted file mode 100644 index d80ecd7..0000000 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb +++ /dev/null @@ -1,8 +0,0 @@ -SUMARRY = "SCAP content for various platforms, upstream version" - -SRCREV = "8cb2d0f351faff5440742258782281164953b0a6" -SRC_URI = "git://github.com/ComplianceAsCode/content.git" - -DEFAULT_PREFERENCE = "-1" - -require scap-security-guide.inc diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb deleted file mode 100644 index f35d769..0000000 --- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb +++ /dev/null @@ -1,12 +0,0 @@ -SUMARRY = "SCAP content for various platforms, OE changes" - -SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed" -SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \ - file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \ - file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \ - " -PV = "0.1.44+git${SRCPV}" - -require scap-security-guide.inc - -EXTRA_OECMAKE += "-DSSG_PRODUCT_OPENEMBEDDED=ON" |