mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-31 12:50:19 +00:00
Code Issues Projects Releases Wiki Activity

Bastille: accept and observe --os flag in multiple situations.

Browse Source 
[YOCTO #3867]

Five additional patches which cause the --os flag to be accepted and observed
are added. An additional distro, Yocto, is added. The individual patches
are described below.

upgrade_options_processing.patch: Changes setOptions procedure so that it
accepts named parameters for greater flexibility and adjusts all invocations
accordingly. Uses more precise specifications in invocatiosn of
Getop::Long::GetOptions. Omits code associated with a commented out flag.

accept_os_flag_in_backend.patch: Accepts and observes an additional --os
flag in BastilleBackEnd.

allow_os_with_assess.patch: No longer print a usage message and quit if
--assess or its related flags are specified along with the --os flag.

edit_usage_message.patch: Edit usage message to include the specification of
an --os flag with the specification of an --assess flag.

organize_distro_discovery.patch: Separates inferring the distro from
specifying the distro. Adds a "Yocto" distro among the other Linux
distros. Causes the specified distro to override the inferred
distro with a warning message when they are different. Previously if
either the inferred distro or the specified distro was not among supported
distros Bastille would quit with an error.

Signed-off-by: mulhern <mulhern@yoctoproject.org>
This commit is contained in:
mulhern
2013-08-25 17:10:22 -04:00
parent abb566ce89
commit 6e23502b38
6 changed files with 681 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
recipes-security/bastille/bastille_3.2.1.bb
+5
View File
@@ -24,6 +24,11 @@ SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3
file://remove_questions_text_file_references.patch \
file://simplify_B_place.patch \
file://find_existing_config.patch \
file://upgrade_options_processing.patch \
file://accept_os_flag_in_backend.patch \
file://allow_os_with_assess.patch \
file://edit_usage_message.patch \
file://organize_distro_discovery.patch \
"
SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b"
recipes-security/bastille/files/accept_os_flag_in_backend.patch
+34
View File
@@ -0,0 +1,34 @@
Upstream Status: Inappropriate [No upstream maintenance]
Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org>
---
Index: Bastille/BastilleBackEnd
===================================================================
--- Bastille.orig/BastilleBackEnd 2013-08-21 12:40:54.000000000 -0400
+++ Bastille/BastilleBackEnd 2013-08-21 12:43:21.895950001 -0400
@@ -52,11 +52,13 @@
my $force = 0;
my $debug = 0;
my $alternate_config=undef;
+my $os_version=undef;
if( Getopt::Long::GetOptions( "n" => \$nodisclaim,
"v" => \$verbose,
"force" => \$force,
"f=s" => \$alternate_config,
+ "os=s" => \$os_version,
"debug" => \$debug) ) {
$error = 0; # no parse error
@@ -66,7 +68,8 @@
&setOptions(
debug => $debug,
- verbose => $verbose);
+ verbose => $verbose,
+ os => $os_version);
&ConfigureForDistro;
if ( $error ) { # GetOptions couldn't parse all of the args
recipes-security/bastille/files/allow_os_with_assess.patch
+43
View File
@@ -0,0 +1,43 @@
Upstream Status: Inappropriate [No upstream maintenance]
Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org>
---
Index: Bastille/bin/bastille
===================================================================
--- Bastille.orig/bin/bastille 2013-08-21 08:59:06.647950000 -0400
+++ Bastille/bin/bastille 2013-08-21 15:55:53.193631711 -0400
@@ -195,7 +195,6 @@
systemFileLocations
isAssessing='no'
-nonXArg='no'
if [ $PERL_V_MAJ -eq $MIN_V_MAJ -a $PERL_V_MIN -lt $MIN_V_MIN -o $PERL_V_MAJ -lt $MIN_V_MAJ ]; then # invalid Perl
printErr
@@ -316,12 +315,10 @@
'--os')
options_left="$options_left --os"
optarg='yes'
- nonXArg='yes'
;;
'-f')
options_left="$options_left -f"
optarg='yes'
- nonXArg='yes'
;;
# Non-exclusive (undocumented and unsupported) options follow:
# There is no validity/combination checking done with these.
@@ -345,11 +342,6 @@
fi
done
-#Detect case where -f or --os attempted use with --assess
- if [ \( x$nonXArg = xyes \) -a \( x$isAssessing = xyes \) ]; then
- printUsage
- exit 2
- fi
# We have a valid version of perl! Verify that all the required
# modules can be found.
recipes-security/bastille/files/edit_usage_message.patch
+32
View File
@@ -0,0 +1,32 @@
Upstream Status: Inappropriate [No upstream maintenance]
Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org>
---
Index: Bastille/bin/bastille
===================================================================
--- Bastille.orig/bin/bastille 2013-08-25 14:16:35.614779001 -0400
+++ Bastille/bin/bastille 2013-08-25 14:16:38.674779000 -0400
@@ -60,7 +60,7 @@
printUsage () {
cat >&2 << EOF
$ERRSPACES Usage: bastille [ -b | -c | -x ] [ --os <version>] [ -f <alternate config> ]
-$ERRSPACES bastille [-r | -l | -h | --assess | --assessnobrowser ]
+$ERRSPACES bastille [-r | -l | -h | --assess | --assessnobrowser ] [ --os <version> ]
$ERRSPACES -b : use a saved config file to apply changes
$ERRSPACES directly to system
$ERRSPACES -c : use the Curses (non-X11) GUI, not available on HP-UX
Index: Bastille/Bastille/API.pm
===================================================================
--- Bastille.orig/Bastille/API.pm 2013-08-25 08:15:40.266779002 -0400
+++ Bastille/Bastille/API.pm 2013-08-25 14:18:22.750778811 -0400
@@ -206,7 +206,7 @@
#options before interactive or Bastille runs, so this check is often redundant
$GLOBAL_ERROR{"usage"}="\n".
"$spc Usage: bastille [ -b | -c | -x ] [ --os <version> ] [ -f <alternate config> ]\n".
- "$spc bastille [ -r | --assess | --assessnobowser ]\n\n".
+ "$spc bastille [ -r | --assess | --assessnobowser ] [ --os <version> ]\n\n".
"$spc --assess : check status of system and report in browser\n".
"$spc --assessnobrowser : check status of system and list report locations\n".
"$spc -b : use a saved config file to apply changes\n".
recipes-security/bastille/files/organize_distro_discovery.patch
+476
View File
@@ -0,0 +1,476 @@
Upstream Status: Inappropriate [No upstream maintenance]
Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org>
---
Index: Bastille/Bastille/API.pm
===================================================================
--- Bastille.orig/Bastille/API.pm 2013-08-22 04:32:38.269968002 -0400
+++ Bastille/Bastille/API.pm 2013-08-22 11:29:53.137968002 -0400
@@ -141,7 +141,7 @@
checkProcsForService
- $GLOBAL_OS $GLOBAL_ACTUAL_OS $CLI
+ $CLI
$GLOBAL_LOGONLY $GLOBAL_VERBOSE $GLOBAL_DEBUG $GLOBAL_AUDITONLY $GLOBAL_AUDIT_NO_BROWSER $errorFlag
%GLOBAL_BIN %GLOBAL_DIR %GLOBAL_FILE
%GLOBAL_BDIR %GLOBAL_BFILE
@@ -198,7 +198,7 @@
my $err ="ERROR: ";
my $spc =" ";
my $GLOBAL_OS="None";
-my $GLOBAL_ACTUAL_OS="None";
+my $GLOBAL_INFERRED_OS="None";
my %GLOBAL_SUMS=();
my $CLI='';
@@ -306,7 +306,7 @@
###########################################################################
#
-# GetDistro checks to see if the target is a known distribution and reports
+# InferDistro checks to see if the target is a known distribution and reports
# said distribution.
#
# This is used throughout the script, but also by ConfigureForDistro.
@@ -314,205 +314,194 @@
#
###########################################################################
-sub GetDistro() {
+sub InferDistro() {
my ($release,$distro);
- # Only read files for the distro once.
- # if the --os option was used then
- if ($GLOBAL_OS eq "None") {
- if ( -e "/etc/mandrake-release" ) {
- open(MANDRAKE_RELEASE,"/etc/mandrake-release");
- $release=<MANDRAKE_RELEASE>;
-
- if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) {
- $distro="MN$1";
- }
- elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) {
- $distro="MN$1";
- }
- else {
- print STDERR "$err Couldn't determine Mandrake/Mandriva version! Setting to 10.1!\n";
- $distro="MN10.1";
- }
-
- close(MANDRAKE_RELEASE);
- }
- elsif ( -e "/etc/immunix-release" ) {
- open(IMMUNIX_RELEASE,"/etc/immunix-release");
- $release=<IMMUNIX_RELEASE>;
- unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) {
- print STDERR "$err Couldn't determine Immunix version! Setting to 6.2!\n";
- $distro="RH6.2";
- }
- else {
- $distro="RH$1";
- }
- close(*IMMUNIX_RELEASE);
- }
- elsif ( -e '/etc/fedora-release' ) {
- open(FEDORA_RELEASE,'/etc/fedora-release');
- $release=<FEDORA_RELEASE>;
- close FEDORA_RELEASE;
- if ($release =~ /^Fedora Core release (\d+\.?\d*)/) {
- $distro = "RHFC$1";
- }
- elsif ($release =~ /^Fedora release (\d+\.?\d*)/) {
- $distro = "RHFC$1";
- }
- else {
- print STDERR "$err Could not determine Fedora version! Setting to Fedora Core 8\n";
- $distro='RHFC8';
- }
+ if ( -e "/etc/mandrake-release" ) {
+ open(MANDRAKE_RELEASE,"/etc/mandrake-release");
+ $release=<MANDRAKE_RELEASE>;
+
+ if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) {
+ $distro="MN$1";
+ }
+ elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) {
+ $distro="MN$1";
+ }
+ else {
+ print STDERR "$err Could not infer Mandrake/Mandriva version! Setting to 10.1!\n";
+ $distro="MN10.1";
+ }
+
+ close(MANDRAKE_RELEASE);
+ }
+ elsif ( -e "/etc/immunix-release" ) {
+ open(IMMUNIX_RELEASE,"/etc/immunix-release");
+ $release=<IMMUNIX_RELEASE>;
+ unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) {
+ print STDERR "$err Could not infer Immunix version! Setting to 6.2!\n";
+ $distro="RH6.2";
+ }
+ else {
+ $distro="RH$1";
}
- elsif ( -e "/etc/redhat-release" ) {
- open(*REDHAT_RELEASE,"/etc/redhat-release");
- $release=<REDHAT_RELEASE>;
- if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) {
- $distro="RH$1";
- }
- elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) {
- $distro="RHEL$1$2";
- }
- elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) {
- $distro="RHEL$2$1";
+ close(*IMMUNIX_RELEASE);
+ }
+ elsif ( -e '/etc/fedora-release' ) {
+ open(FEDORA_RELEASE,'/etc/fedora-release');
+ $release=<FEDORA_RELEASE>;
+ close FEDORA_RELEASE;
+ if ($release =~ /^Fedora Core release (\d+\.?\d*)/) {
+ $distro = "RHFC$1";
+ }
+ elsif ($release =~ /^Fedora release (\d+\.?\d*)/) {
+ $distro = "RHFC$1";
+ }
+ else {
+ print STDERR "$err Could not infer Fedora version! Setting to Fedora Core 8\n";
+ $distro='RHFC8';
+ }
+ }
+ elsif ( -e "/etc/redhat-release" ) {
+ open(*REDHAT_RELEASE,"/etc/redhat-release");
+ $release=<REDHAT_RELEASE>;
+ if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) {
+ $distro="RH$1";
+ }
+ elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) {
+ $distro="RHEL$1$2";
+ }
+ elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) {
+ $distro="RHEL$2$1";
+ }
+ elsif ($release =~ /^CentOS release (\d+\.\d+)/) {
+ my $version = $1;
+ if ($version =~ /^4\./) {
+ $distro='RHEL4AS';
}
- elsif ($release =~ /^CentOS release (\d+\.\d+)/) {
- my $version = $1;
- if ($version =~ /^4\./) {
- $distro='RHEL4AS';
- }
- elsif ($version =~ /^3\./) {
- $distro='RHEL3AS';
- }
- else {
- print STDERR "$err Could not determine CentOS version! Setting to Red Hat Enterprise 4 AS.\n";
- $distro='RHEL4AS';
- }
- }
- else {
- # JJB/HP - Should this be B_log?
- print STDERR "$err Couldn't determine Red Hat version! Setting to 9!\n";
- $distro="RH9";
- }
- close(REDHAT_RELEASE);
-
- }
- elsif ( -e "/etc/debian_version" ) {
- $stable="3.1"; #Change this when Debian stable changes
- open(*DEBIAN_RELEASE,"/etc/debian_version");
- $release=<DEBIAN_RELEASE>;
- unless ($release =~ /^(\d+\.\d+\w*)/) {
- print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n";
- $distro="DB$stable";
+ elsif ($version =~ /^3\./) {
+ $distro='RHEL3AS';
}
else {
- $distro="DB$1";
- }
- close(DEBIAN_RELEASE);
- }
- elsif ( -e "/etc/SuSE-release" ) {
- open(*SUSE_RELEASE,"/etc/SuSE-release");
- $release=<SUSE_RELEASE>;
- if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) {
- $distro="SE$1";
- }
- elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) {
- $distro="SESLES$1";
- }
- elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) {
- $distro="SESLES$1";
- }
- elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) {
- $distro="SE$1";
+ print STDERR "$err Could not infer CentOS version! Setting to Red Hat Enterprise 4 AS.\n";
+ $distro='RHEL4AS';
}
- else {
- print STDERR "$err Couldn't determine SuSE version! Setting to 10.3!\n";
- $distro="SE10.3";
- }
- close(SUSE_RELEASE);
- }
- elsif ( -e "/etc/turbolinux-release") {
- open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release");
- $release=<TURBOLINUX_RELEASE>;
- unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) {
- print STDERR "$err Couldn't determine TurboLinux version! Setting to 7.0!\n";
- $distro="TB7.0";
- }
- else {
- $distro="TB$1";
- }
- close(TURBOLINUX_RELEASE);
+ }
+ else {
+ # JJB/HP - Should this be B_log?
+ print STDERR "$err Could not infer Red Hat version! Setting to 9!\n";
+ $distro="RH9";
+ }
+ close(REDHAT_RELEASE);
+
+ }
+ elsif ( -e "/etc/debian_version" ) {
+ $stable="3.1"; #Change this when Debian stable changes
+ open(*DEBIAN_RELEASE,"/etc/debian_version");
+ $release=<DEBIAN_RELEASE>;
+ unless ($release =~ /^(\d+\.\d+\w*)/) {
+ print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n";
+ $distro="DB$stable";
+ }
+ else {
+ $distro="DB$1";
+ }
+ close(DEBIAN_RELEASE);
+ }
+ elsif ( -e "/etc/SuSE-release" ) {
+ open(*SUSE_RELEASE,"/etc/SuSE-release");
+ $release=<SUSE_RELEASE>;
+ if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) {
+ $distro="SE$1";
+ }
+ elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) {
+ $distro="SESLES$1";
+ }
+ elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) {
+ $distro="SESLES$1";
+ }
+ elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) {
+ $distro="SE$1";
+ }
+ else {
+ print STDERR "$err Could not infer SuSE version! Setting to 10.3!\n";
+ $distro="SE10.3";
}
+ close(SUSE_RELEASE);
+ }
+ elsif ( -e "/etc/turbolinux-release") {
+ open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release");
+ $release=<TURBOLINUX_RELEASE>;
+ unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) {
+ print STDERR "$err Could not infer TurboLinux version! Setting to 7.0!\n";
+ $distro="TB7.0";
+ }
else {
- # We're either on Mac OS X, HP-UX or an unsupported O/S.
- if ( -x '/usr/bin/uname') {
+ $distro="TB$1";
+ }
+ close(TURBOLINUX_RELEASE);
+ }
+ else {
+ # We're either on Mac OS X, HP-UX or an unsupported O/S.
+ if ( -x '/usr/bin/uname') {
# uname is in /usr/bin on Mac OS X and HP-UX
- $release=`/usr/bin/uname -sr`;
- }
- else {
- print STDERR "$err Could not determine operating system version!\n";
- $distro="unknown"
- }
-
- # Figure out what kind of system we're on.
- if ($release ne "") {
- if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) {
- if ($1 == 6 ) {
- $distro = "OSX10.2";
- }
- elsif ($1 == 7) {
- $distro = "OSX10.3";
- }
- elsif ($1 == 8) {
- $distro = "OSX10.3";
- }
- else {
- $distro = "unknown";
- }
+ $release=`/usr/bin/uname -sr`;
+ }
+ else {
+ print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n";
+ $distro="unknown";
+ }
+
+ # Figure out what kind of system we're on.
+ if ($release ne "") {
+ if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) {
+ if ($1 == 6 ) {
+ $distro = "OSX10.2";
}
- elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) {
- $distro="$1$2";
+ elsif ($1 == 7) {
+ $distro = "OSX10.3";
}
+ elsif ($1 == 8) {
+ $distro = "OSX10.3";
+ }
else {
- print STDERR "$err Could not determine operating system version!\n";
- $distro="unknown";
+ print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n";
+ $distro = "unknown";
}
}
+ elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) {
+ $distro="$1$2";
+ }
+ else {
+ print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n";
+ $distro="unknown";
+ }
}
-
- $GLOBAL_OS=$distro;
- } elsif (not (defined $GLOBAL_OS)) {
- print "ERROR: GLOBAL OS Scoping Issue\n";
- } else {
- $distro = $GLOBAL_OS;
}
-
return $distro;
}
###################################################################################
-# &getActualDistro; #
+# &getInferredDistro; #
# #
# This subroutine returns the actual os version in which is running on. This #
# os version is independent of the --os switch feed to bastille. #
# #
###################################################################################
-sub getActualDistro {
- # set local variable to $GLOBAL_OS
+sub getInferredDistro {
+ if ($GLOBAL_INFERRED_OS eq "None") {
+ $GLOBAL_INFERRED_OS = &InferDistro;
+ }
+ return $GLOBAL_INFERRED_OS;
+}
- if ($GLOBAL_ACTUAL_OS eq "None") {
- my $os = $GLOBAL_OS;
- # undef GLOBAL_OS so that the GetDistro routine will return
- # the actualDistro, it might otherwise return the distro set
- # by the --os switch.
- $GLOBAL_OS = "None";
- $GLOBAL_ACTUAL_OS = &GetDistro;
- # reset the GLOBAL_OS variable
- $GLOBAL_OS = $os;
+sub GetDistro {
+ if ($GLOBAL_OS eq "None") {
+ return &getInferredDistro;
}
- return $GLOBAL_ACTUAL_OS;
+ return $GLOBAL_OS;
}
+
# These are helper routines which used to be included inside GetDistro
sub is_OS_supported($) {
my $os=$_[0];
@@ -556,7 +545,8 @@
"SE7.2","SE7.3", "SE8.0","SE8.1","SE9.0","SE9.1",
"SE9.2","SE9.3","SE10.0","SE10.1","SE10.2","SE10.3",
"SESLES8","SESLES9","SESLES10",
- "TB7.0"
+ "TB7.0",
+ "Yocto"
],
"HP-UX" => [
@@ -882,23 +872,19 @@
###########################################################################
sub ConfigureForDistro {
- my $retval=1;
-
- # checking to see if the os version given is in fact supported
my $distro = &GetDistro;
- # checking to see if the actual os version is in fact supported
- my $actualDistro = &getActualDistro;
+ my $inferredDistro = &getInferredDistro;
+
+ if (! ($inferredDistro eq $distro) ) {
+ print STDERR "WARNING: Inferred distro $inferredDistro is not the same as specified distro $distro. Using specified distro.\n";
+ }
+
$ENV{'LOCALE'}=''; # So that test cases checking for english results work ok.
- if ((! &is_OS_supported($distro)) or (! &is_OS_supported($actualDistro)) ) {
- # if either is not supported then print out a list of supported versions
- if (! &is_OS_supported($distro)) {
- print STDERR "$err '$distro' is not a supported operating system.\n";
- }
- else {
- print STDERR "$err Bastille is unable to operate correctly on this\n";
- print STDERR "$spc $distro operating system.\n";
- }
+
+ if (! &is_OS_supported($distro)) {
+ print STDERR "$err '$distro' is not a supported operating system.\n";
+
my %supportedOSHash = &getSupportedOSHash;
print STDERR "$spc Valid operating system versions are as follows:\n";
@@ -930,7 +916,7 @@
# intend via setting the Perl umask
umask(077);
- &getFileAndServiceInfo($distro,$actualDistro);
+ &getFileAndServiceInfo($distro,$distro);
# &dumpFileInfo; # great for debuging file location issues
# &dumpServiceInfo; # great for debuging service information issues
@@ -942,7 +928,7 @@
"$spc You must use Bastille\'s -n flag (for example:\n" .
"$spc bastille -f -n) or \'touch $nodisclaim_file \'\n";
- return $retval;
+ return 1;
}
Index: Bastille/Bastille/LogAPI.pm
===================================================================
--- Bastille.orig/Bastille/LogAPI.pm 2013-08-22 04:32:38.269968002 -0400
+++ Bastille/Bastille/LogAPI.pm 2013-08-22 04:32:47.509968002 -0400
@@ -111,7 +111,7 @@
# do this here to prevent bootstrapping problem, where we need to
# write an error that the errorlog location isn't defined.
my $logdir="/var/log/Bastille";
- if(&getActualDistro =~ "^HP-UX"){
+ if(&getInferredDistro =~ "^HP-UX"){
$logdir = "/var/opt/sec_mgmt/bastille/log/";
}
recipes-security/bastille/files/upgrade_options_processing.patch
+91
View File
@@ -0,0 +1,91 @@
Upstream Status: Inappropriate [No upstream maintenance]
Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org>
---
Index: Bastille/Bastille/API.pm
===================================================================
--- Bastille.orig/Bastille/API.pm 2013-08-21 11:41:09.235950000 -0400
+++ Bastille/Bastille/API.pm 2013-08-21 11:41:16.183950000 -0400
@@ -271,9 +271,15 @@
# setOptions takes six arguments, $GLOBAL_DEBUG, $GLOBAL_LOGONLY,
# $GLOBAL_VERBOSE, $GLOBAL_AUDITONLY, $GLOBAL_AUDIT_NO_BROWSER, and GLOBAL_OS;
###########################################################################
-sub setOptions($$$$$$) {
- ($GLOBAL_DEBUG,$GLOBAL_LOGONLY,$GLOBAL_VERBOSE,$GLOBAL_AUDITONLY,
- $GLOBAL_AUDIT_NO_BROWSER,$GLOBAL_OS) = @_;
+sub setOptions {
+ my %opts = @_;
+
+ $GLOBAL_DEBUG = $opts{debug};
+ $GLOBAL_LOGONLY = $opts{logonly};
+ $GLOBAL_VERBOSE = $opts{verbose};
+ $GLOBAL_AUDITONLY = $opts{auditonly};
+ $GLOBAL_AUDIT_NO_BROWSER = $opts{audit_no_browser};
+ $GLOBAL_OS = $opts{os};
if ($GLOBAL_AUDIT_NO_BROWSER) {
$GLOBAL_AUDITONLY = 1;
}
Index: Bastille/BastilleBackEnd
===================================================================
--- Bastille.orig/BastilleBackEnd 2013-08-21 11:41:09.235950000 -0400
+++ Bastille/BastilleBackEnd 2013-08-21 12:40:54.055950001 -0400
@@ -50,15 +50,13 @@
my $nodisclaim = 0;
my $verbose = 0;
my $force = 0;
-my $log_only = 0;
my $debug = 0;
my $alternate_config=undef;
if( Getopt::Long::GetOptions( "n" => \$nodisclaim,
"v" => \$verbose,
"force" => \$force,
-# "log" => \$log_only, # broken
- "f:s" => \$alternate_config,
+ "f=s" => \$alternate_config,
"debug" => \$debug) ) {
$error = 0; # no parse error
@@ -66,7 +64,9 @@
$error = 1; # parse error
}
-&setOptions($debug,$log_only,$verbose);
+&setOptions(
+ debug => $debug,
+ verbose => $verbose);
&ConfigureForDistro;
if ( $error ) { # GetOptions couldn't parse all of the args
Index: Bastille/InteractiveBastille
===================================================================
--- Bastille.orig/InteractiveBastille 2013-08-21 11:41:09.235950000 -0400
+++ Bastille/InteractiveBastille 2013-08-21 12:40:30.531950001 -0400
@@ -234,8 +234,8 @@
"a" => \$audit,
"force" => \$force,
"log" => \$log_only,
- "os:s" => \$os_version,
- "f:s" => \$alternate_config,
+ "os=s" => \$os_version,
+ "f=s" => \$alternate_config,
"debug" => \$debug) ) {
$error = 0; # no parse error
} else {
@@ -293,7 +293,13 @@
$UseRequiresRules = 'N';
}
-&setOptions($debug,$log_only,$verbose,$audit,$auditnobrowser,$os_version);
+&setOptions(
+ debug => $debug,
+ logonly => $log_only,
+ verbose => $verbose,
+ auditonly => $audit,
+ audit_no_browser => $auditnobrowser,
+ os => $os_version);
&ConfigureForDistro;
# ensuring mutually exclusive options are exclusive