[yocto] [meta-security][PATCH 1/2 V2] openscap: update recipe
Yi Zhao
yi.zhao at windriver.com
Mon Jul 29 00:18:26 PDT 2019
* Add PACKAGECONFIG for gcrypt, nss3 and selinux
* Use EXTRA_OECMAKE rather than EXTRA_OECONF
* Set CMAKE_SKIP_RPATH and CMAKE_SKIP_INSTALL_RPATH instead of chrpath
* Remove ptest since there are many host contamination issues on target.
We will add it back when these issues are solved.
* Drop the unused patch
* Add PV
* Clean up DEPENDS
Signed-off-by: Yi Zhao <yi.zhao at windriver.com>
---
.../openscap/files/probe_dir_fixup.patch | 17 ------
.../recipes-openscap/openscap/files/run-ptest | 3 -
.../recipes-openscap/openscap/openscap.inc | 67 ++++++++--------------
.../recipes-openscap/openscap/openscap_1.3.1.bb | 1 -
.../recipes-openscap/openscap/openscap_git.bb | 3 +-
5 files changed, 25 insertions(+), 66 deletions(-)
delete mode 100644 meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
delete mode 100644 meta-security-compliance/recipes-openscap/openscap/files/run-ptest
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch b/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
deleted file mode 100644
index ecbe602..0000000
--- a/meta-security-compliance/recipes-openscap/openscap/files/probe_dir_fixup.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Index: git/configure.ac
-===================================================================
---- git.orig/configure.ac
-+++ git/configure.ac
-@@ -1109,11 +1109,7 @@ AC_ARG_WITH([crypto],
- [],
- [crypto=gcrypt])
-
--if test "x${libexecdir}" = xNONE; then
-- probe_dir="/usr/local/libexec/openscap"
--else
-- EXPAND_DIR(probe_dir,"${libexecdir}/openscap")
--fi
-+probe_dir="/usr/local/libexec/openscap"
-
- AC_SUBST(probe_dir)
-
diff --git a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest b/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
deleted file mode 100644
index 454a6a3..0000000
--- a/meta-security-compliance/recipes-openscap/openscap/files/run-ptest
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-cd tests
-make -k check
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
index e5daaf8..5a66d5e 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap.inc
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -6,71 +6,50 @@ HOME_URL = "https://www.open-scap.org/tools/openscap-base/"
LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
LICENSE = "LGPL-2.1"
-DEPENDS = "autoconf-archive dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libgcrypt chrpath-replacement-native "
-
-DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native"
+DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig"
+DEPENDS_class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native"
S = "${WORKDIR}/git"
-inherit cmake pkgconfig python3native perlnative ptest
-
-PACKAGECONFIG ?= "python3 rpm perl"
-PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=True, , python3, python3"
-PACKAGECONFIG[perl] = "-DENABLE_PERL=True,, perl, perl"
-PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=True, ,rpm, rpm"
-
-EXTRA_OECONF += "-DENABLE_PROBES_INDEPENDENT=yes -DENABLE_PROBES_LINUX=yes -DWITH_CRYPTO=gcrypt\
- -DENABLE_PROBES_SOLARIS=yes -DENABLE_PROBES_UNIX=yes -DENABLE_TESTS=no \
- -DENABLE_OSCAP_UTIL_SSH=yes -DENABLE_OSCAP_UTIL=yes -DENABLE_SCE=yes \
- -DENABLE_OSCAP_UTIL_DOCKER=no \
- "
-
+inherit cmake pkgconfig python3native perlnative
+
+PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
+PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3"
+PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl"
+PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm"
+PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt"
+PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss"
+PACKAGECONFIG[selinux] = ", ,libselinux"
+
+EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \
+ -DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \
+ -DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \
+ -DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \
+ -DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \
+ -DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \
+ -DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \
+ -DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \
+ "
STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"
STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
-EXTRANATIVEPATH += "chrpath-native"
-
do_configure_append_class-native () {
sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h
sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h
sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h
}
-do_clean[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}"
-
-do_compile_append_class-target() {
- sed -i -e 's:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:' ${B}/utils/oscap-docker
-}
+do_clean[cleandirs] += "${STAGING_OSCAP_BUILDDIR}"
do_install_append_class-native () {
oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native}
- install -d $oscapdir
+ install -d $oscapdir
cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir
}
-TESTDIR = "tests"
-
-do_compile_ptest() {
- oe-runcmake ${TESTDIR}
-}
-
-do_install_ptest() {
- # install the tests
- cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH}
-}
-
-do_fixup_rpath() {
- chrpath -d ${D}${libdir}/libopenscap.so.25.0.1
- chrpath -d ${D}${libdir}/libopenscap_sce.so.25.0.1
- chrpath -d ${D}${bindir}/oscap
-}
-
-addtask fixup_rpath before do_package after do_install
-
FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"
RDEPENDS_${PN} += "libxml2 python3 libgcc"
-RDEPENDS_${PN}-ptest = "bash perl python3-core"
BBCLASSEXTEND = "native"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
index c29fd42..ad29efd 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
@@ -4,7 +4,6 @@ require openscap.inc
SRCREV = "3a4c635691380fa990a226acc8558db35d7ebabc"
SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
- file://run-ptest \
"
DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index aded920..963d3de 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -7,5 +7,6 @@ include openscap.inc
SRCREV = "4bbdb46ff651f809d5b38ca08d769790c4bfff90"
SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
- file://run-ptest \
"
+
+PV = "1.3.1+git${SRCPV}"
--
2.7.4
More information about the yocto
mailing list