Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
.../openscap/files/crypto_pkgconfig.patch | 36 ++++++++++
.../openscap/files/probe_dir_fixup.patch | 17 +++++
.../recipes-openscap/openscap/files/run-ptest | 3 +
.../recipes-openscap/openscap/openscap.inc | 2 +
.../recipes-openscap/openscap/openscap_1.2.14.bb | 82 ++++++++++++++++++++++
5 files changed, 140 insertions(+)
create mode 100644
meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
create mode 100644
meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
create mode 100644
meta-security-compliance/recipes-openscap/openscap/files/run-ptest
create mode 100644
meta-security-compliance/recipes-openscap/openscap/openscap.inc
create mode 100644
meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb
diff --git
a/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
new file mode 100644
index 0000000..2d70855
--- /dev/null
+++
b/meta-security-compliance/recipes-openscap/openscap/files/crypto_pkgconfig.patch
@@ -0,0 +1,36 @@
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -360,25 +360,13 @@ case "${with_crypto}" in
+ AC_DEFINE([HAVE_NSS3], [1], [Define to 1 if you have 'NSS' library.])
+ ;;
+ gcrypt)
+- SAVE_LIBS=$LIBS
+- AC_CHECK_LIB([gcrypt], [gcry_check_version],
+- [crapi_CFLAGS=`libgcrypt-config --cflags`;
+- crapi_LIBS=`libgcrypt-config --libs`;
+- crapi_libname="GCrypt";],
+- [AC_MSG_ERROR([library 'gcrypt' is required for
GCrypt.])],
+- [])
+- AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'gcrypt'
library.])
+- AC_CACHE_CHECK([for GCRYCTL_SET_ENFORCED_FIPS_FLAG],
+- [ac_cv_gcryctl_set_enforced_fips_flag],
+- [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include<gcrypt.h>],
+- [return
GCRYCTL_SET_ENFORCED_FIPS_FLAG;])],
+-
[ac_cv_gcryctl_set_enforced_fips_flag=yes],
+-
[ac_cv_gcryctl_set_enforced_fips_flag=no])])
++ PKG_CHECK_MODULES([libgcrypt], [libgcrypt >= 1.7.9],[],
++ AC_MSG_FAILURE([libgcrypt devel support is missing]))
+
+- if test "${ac_cv_gcryctl_set_enforced_fips_flag}" == "yes"; then
+- AC_DEFINE([HAVE_GCRYCTL_SET_ENFORCED_FIPS_FLAG], [1], [Define to 1
if you have 'gcrypt' library with GCRYCTL_SET_ENFORCED_FIPS_FLAG.])
+- fi
+- LIBS=$SAVE_LIBS
++ crapi_libname="libgcrypt"
++ crapi_CFLAGS=$libgcrypt_CFLAGS
++ crapi_LIBS=$libgcrypt_LIBS
++ AC_DEFINE([HAVE_GCRYPT], [1], [Define to 1 if you have 'libgcrypt'
library.])
+ ;;
+ *)
+ AC_MSG_ERROR([unknown crypto backend])
diff --git
a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
new file mode 100644
index 0000000..ecbe602
--- /dev/null
+++
b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
@@ -0,0 +1,17 @@
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -1109,11 +1109,7 @@ AC_ARG_WITH([crypto],
+ [],
+ [crypto=gcrypt])
+
+-if test "x${libexecdir}" = xNONE; then
+- probe_dir="/usr/local/libexec/openscap"
+-else
+- EXPAND_DIR(probe_dir,"${libexecdir}/openscap")
+-fi
++probe_dir="/usr/local/libexec/openscap"
+
+ AC_SUBST(probe_dir)
+
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
new file mode 100644
index 0000000..454a6a3
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+cd tests
+make -k check
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc
b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
new file mode 100644
index 0000000..e9589b6
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -0,0 +1,2 @@
+STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"
+STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
diff --git
a/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb
b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb
new file mode 100644
index 0000000..0d26959
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.14.bb
@@ -0,0 +1,82 @@
+# Copyright (C) 2017 Armin Kuster <akuster...@gmail.com>
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SUMARRY = "NIST Certified SCAP 1.2 toolkit"
+HOME_URL = "https://www.open-scap.org/tools/openscap-base/";
+LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
+LICENSE = "LGPL-2.1"
+
+DEPENDS = "autoconf-archive pkgconfig gconf procps curl libxml2 rpm \
+ libxslt libcap swig swig-native"
+
+DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native
curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native
nss-native"
+
+SRCREV = "7a924c0eea10d05f512660192c8c4aef447801a6"
+SRC_URI = "git://github.com/akuster/openscap.git;branch=oe \
+ file://crypto_pkgconfig.patch \
+ file://run-ptest \
+"
+
+inherit autotools-brokensep pkgconfig python3native perlnative ptest
+
+S = "${WORKDIR}/git"
+
+PACKAGECONFIG ?= "nss3 pcre rpm"
+PACKAGECONFIG[pcre] = ",--enable-regex-posix, libpcre"
+PACKAGECONFIG[gcrypt] = "--with-crypto=gcrypt,, libgcrypt "
+PACKAGECONFIG[nss3] = "--with-crypto=nss3,, nss"
+PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python"
+PACKAGECONFIG[python3] = "--enable-python3, --disable-python3, python3,
python3"
+PACKAGECONFIG[perl] = "--enable-perl, --disable-perl, perl, perl"
+PACKAGECONFIG[rpm] = " --enable-util-scap-as-rpm, --disable-util-scap-as-rpm,
rpm, rpm"
+
+EXTRA_OECONF += "--enable-probes-independent --enable-probes-linux \
+ --enable-probes-solaris --enable-probes-unix
--disable-util-oscap-docker\
+ --enable-util-oscap-ssh --enable-util-oscap --enable-ssp
--enable-sce \
+"
+
+EXTRA_OECONF_class-native += "--disable-probes-independent
--enable-probes-linux \
+ --disable-probes-solaris --disable-probes-unix \
+ --enable-util-oscap \
+"
+
+do_configure_prepend () {
+ sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:'
${S}/swig/perl/Makefile.am
+ sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:'
${S}/swig/python3/Makefile.am
+ sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:'
${S}/swig/python2/Makefile.am
+}
+
+
+include openscap.inc
+
+do_configure_append_class-native () {
+ sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${S}/config.h
+ sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${S}/config.h
+ sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH
"${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${S}/config.h
+}
+
+do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}"
+
+do_install_append_class-native () {
+ oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native}
+ install -d $oscapdir
+ cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir
+}
+
+TESTDIR = "tests"
+
+do_compile_ptest() {
+ echo 'buildtest-TESTS: $(check)' >> ${TESTDIR}/Makefile
+ oe_runmake -C ${TESTDIR} buildtest-TESTS
+}
+
+do_install_ptest() {
+ # install the tests
+ cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH}
+}
+
+FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"
+
+RDEPENDS_${PN} += "libxml2 python libgcc"
+
+BBCLASSEXTEND = "native"
--
2.7.4
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
