Switch back to the "stable" branch in SRC_URI now that upstream
has changed its branch maintenance model so it is indeed stable.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Fixes:
- typo in the RDEPENDS class-target override ('-' instead of ':')
- typo SUMARRY -> SUMMARY
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Move to fetching from GitHub hashes to avoid issues at releases,
when the last-recent release changes place.
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Tested on master (whinlatter) with beaglebone-yocto
New in version 3.1.5 (2025-07-29):
https://cisofy.com/changelog/lynis/#315
Added:
- Support for OpenWrt
- Bitdefender detection on Linux
- Detection of openSUSE Tumbleweed-Slowroll
Changed:
- Corrected detection of service manager SMF
- Extended GetHostID function to allow HostID and HostID2 creation on OpenWrt
- Check modules also under /usr/lib/modules.d
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
Enabling ptest will significantly increase build time. Additionally,
since the ptest distro_feature is enabled by default in poky distro,
build time can be very long, which is annoying.
On my build host:
Enable ptest:
$ time build scap-security-guide
real 219m54.529s
user 0m49.040s
sys 0m1.304s
Disable ptest:
$ time build scap-security-guide
real 1m25.222s
user 0m3.306s
sys 0m0.166s
Since no one cares about this ptest and no one fixes the test failures.
Let's disable it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
The project does not use release branches; their release model currently
rebases the stable branch each release and relies on the release tags to
keep the commits referenced. Until their release model changes, just
use the release commit with nobranch.
See upstream issue [1] for details.
[1] https://github.com/ComplianceAsCode/content/issues/13543
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
[tweaked commit message]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
v2 : also fix some typos while we are here.
v3 : add fixes for isic and checksecurity
Signed-off-by: Jason Schonberg <schonm@gmail.com>
[removed already applied change]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
ChangeLog:
https://github.com/OpenSCAP/openscap/releases/tag/1.4.1
* Introduce "oscap-im" - script that can be used in Containerfiles to
build hardened bootable container images to run as Image Mode
Operating System
* Add support for containers with no entrypoint/cmd in "oscap-docker"
* Stop printing useless component reference information in "oscap info"
* Fix missing declaration of PATH_MAX on Solaris
* Fix RPM database path in RPM probes (RHEL-55251, #2151)
* Fix issues reported by OpenScanHub after 1.4.0 release
* Fix failing test probes/filehash58/test_probes_filehash58.sh on s390x
architecture
* Ensure xlink namespace exists (RHEL-34104)
* Minor fixes in test suite and CI
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Fix typo: remdediate_service -> remediate_service
* No need to manually install oscap-remediate.service, as it is already
installed when ENABLE_OSCAP_REMEDIATE_SERVICE=ON is set.
* Add a patch to fix installation directory for systemd service file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
0001-osdetection-add-OpenEmbedded-and-Poky.patch
removed since it's included in 3.1.1.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport a patch to fix build with python 3.12:
$ bitbake openscap-native
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'distutils'
CMake Error at swig/python3/CMakeLists.txt:35 (install):
install TARGETS given no LIBRARY DESTINATION for module target
"_openscap_py".
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Update to tip of branch
Drop 0001-scap-security-guide-add-openembedded-distro-support.patch is now included in tip
Signed-off-by: Armin Kuster <akuster808@gmail.com>
There is a build error when using openscap-native sstate cache mirror.
Steps to reproduce:
Create a new build project in build-1 directory.
$ bitbake openscap-native
Then remove all directories in build-1 directory except sstate-cache.
Use the sstate-cache directory as sstate mirror.
Create another new build project in build-2 directory.
Set SSATE_MIRRORS to point to the sstate-cache in build-1 directory.
$ bitbake scap-security-guide
Error message:
OpenSCAP Error: Schema file 'sds/1.3/scap-source-data-stream_1.3.xsd' not found in path
'/build-1/tmp-glibc/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate
'/build-2/tmp-glibc/work/corei7-64-wrs-linux/scap-security-guide/0.1.67/build/ssg-openembedded-ds.xml'
[/build-1/tmp-glibc/work/x86_64-linux/openscap-native/1.3.8/git/src/source/validate.c:103]
The oscap command from openscap-native tries to find the schema files in
build-1 directory since these paths are hardcoded when building
openscap-native.
We need to pass the correct cpe/schemas/xsl paths to oscap to make sure
it can find the files in right location.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This add the basic framework to allow the test suite to run. It takes a very long time
so it my not be practical to run in some cases (days in my case).
The ptest log format has not been verified.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Variables PREFERRED_PYTHON_PATH and PYTHON3_PATH are set with
${PYTHON_EXECUTABLE}. For cross compile, ${PYTHON_EXECUTABLE} may point
to other path rather than standard dir such as /usr/bin. Then the
generated library file contains such path which should NOT. Update to
make variables PREFERRED_PYTHON_PATH and PYTHON3_PATH configurable to
fix buildpaths issue:
| WARNING: openscap-1.3.7-r0 do_package_qa: QA Issue: File
| /usr/lib/libopenscap.so.25.5.1 in package openscap contains reference
| to TMPDIR [buildpaths]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Zhang Peng
Yi Zhao
Scott Murray
hongxu
Louis Rannou
Yi Zhao
Marta Rybczynska
Michael Opdenacker
J. S.
Armin Kuster
Changqing Li
Wang Mingyu
BELOUARGA Mohamed
Kai Kang
Martin Jansa