The getchildren and getiterator functions are deprecated in Python 3.9.
Backport 3 patches to fix the build issue.
Fixes:
File
"/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/ssg/build_stig.py",
line 41, in add_references
index = rule.getchildren().index(ref)
AttributeError: 'xml.etree.ElementTree.Element' object has no attribute 'getchildren'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
There is a build error when using openscap-native sstate cache.
Steps to reproduce:
Create a new build project in build-1 directory.
$ bitbake openscap-native
Then remove the whole build directory only keep the sstate-cache
directory as a sstate mirror.
Create another new build project in build-2 directory.
Set SSTATE_MIRRORS
$ bitbake scap-security-guide
Error message:
OpenSCAP Error: Schema file 'xccdf/1.1/xccdf-schema.xsd' not found in path
'/buildarea/build-1/tmp/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas' when trying to validate
'/buildarea/build-2/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/jre/xccdf-unlinked-resolved.xml'
[/buildarea/build-1/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/validate.c:104]
The oscap command from openscap-native tries to find the schema files in
build-1 directory since these paths are hardcoded when building
openscap-native.
We need to pass the correct schema/xslt/cpe paths to oscap to make sure
it can find the files in right location.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport 2 patches to fix the build error:
Processing fix.text for: java_jre_configure_crypto_policy rule
Unable to extract part of the fix.text after inclusion of remediation functions. Aborting..
jre/CMakeFiles/generate-internal-jre-bash-fixes.xml.dir/build.make:60:
recipe for target 'jre/bash-fixes.xml' failed
make[2]: *** [jre/bash-fixes.xml] Error 1
make[2]: *** Deleting file 'jre/bash-fixes.xml'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ERROR: oe-scap-1.0-r0 do_package_qa: QA Issue: /usr/share/oe-scap/run_tests.sh contained in package oe-scap requires /bin/bash, but no providers found in RDEPENDS_oe-scap? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This ensures openscap-native does install the needed patches
security guilde needs to build
Minor recipe cleanup too
Signed-off-by: Armin Kuster <akuster808@gmail.com>
add cleandir depends to do_install task
This nostamp is causing issues with the yocto-check-layer when checking
hash changes.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes:
ERROR: QA Issue: /usr/bin/oscap-ssh contained in package openscap requires /bin/bash, but no providers found in RDEPENDS_openscap? [file-rdeps]
ERROR: QA Issue: /usr/bin/scap-as-rpm contained in package openscap requires /usr/bin/python3, but no providers found in RDEPENDS_openscap? [file-rdeps]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It would fail to build scap-security-guide when use openscap-native
sstate cache.
Steps to reproduce:
Create a new build project:
$ bitbake openscap-native
$ bitbake openscap-native -c clean
$ bitbake scap-security-guide
Error message:
OpenSCAP Error: Schema file 'xccdf/1.1/xccdf-schema.xsd' not found in path
'/buildarea/build/tmp/work-shared/openscap/oscap-build-artifacts/usr/share/openscap/schemas'
when trying to validate
'/buildarea/build/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/chromium/xccdf-unlinked-resolved.xml'
[/buildarea/build/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/validate.c:104]
Invalid XCCDF Checklist (1.1) content in
/buildarea/build/tmp/work/core2-64-poky-linux/scap-security-guide/0.1.44+gitAUTOINC+5fdfdcb2e9-r0/git/build/chromium/xccdf-unlinked-resolved.xml.
[/buildarea/build/tmp/work/x86_64-linux/openscap-native/1.3.1+gitAUTOINC+4bbdb46ff6-r0/git/src/source/oscap_source.c:346]
chromium/CMakeFiles/generate-internal-chromium-xccdf-unlinked-resolved.xml.dir/build.make:63: recipe for target 'chromium/xccdf-unlinked-resolved.xml' failed
When using sstate cache, the openscap-native doesn't install the
artifacts to work-shared/openscap/oscap-build-artifacts when prepare
recipe sysroot for scap-security-guide.
Set do_install[nostamp] to 1 to ensure the openscap-native artifacts
are installed to work-shared/openscap/oscap-build-artifacts even if
using sstate cache.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove autoconf-archive from DEPENDS because it is using CMake/Ninjia
build now. Also remove unused dpkg-native dependency from
DEPENDS_class-native.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Set B="${S}/build" to fix the build failure for out of source
directory
* Remove do_complile and do_install. Use the default functions from
cmake.bbclass.
* Install the artifacts to /usr/share rather than /usr/local/share
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Add PACKAGECONFIG for gcrypt, nss3 and selinux
* Use EXTRA_OECMAKE rather than EXTRA_OECONF
* Set CMAKE_SKIP_RPATH and CMAKE_SKIP_INSTALL_RPATH instead of chrpath
* Remove ptest since there are many host contamination issues on target.
We will add it back when these issues are solved.
* Drop the unused patch
* Add PV
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
In order to facilate the reuse of the recipe code via layer or distro
specific bbappends rename the recipe files to use _git instead of
versined filenames. Specifically this allows for minimal bbappends in
additional layers which may use the upstream, non-forked, repos that
can be version skewed when compared to what is present in this repo.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
update to 1.2.15
plus
ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/probes/process58/all.sh contained in package openscap-ptest requires /bin/bash, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps]
ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/xmldiff.pl contained in package openscap-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps]
ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/nist/test_worker.py contained in package openscap-ptest requires /usr/bin/python2, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
