forked from ComplianceAsCode/content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
scap-security-guide.spec
113 lines (99 loc) · 3.78 KB
/
scap-security-guide.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# SSG build system and tests count with build directory name `build`.
# For more details see:
# https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
%global _vpath_builddir build
%global _default_patch_fuzz 2
%if 0%{?rhel}
%global _rhel_like %{rhel}
%else
%if 0%{?centos}
%global _rhel_like %{centos}
%endif
%endif
Name: scap-security-guide
# Version placeholder. Copr build version is determined by utils/version.sh. See .packit.yaml config
Version: 0.0.1
Release: 0%{?dist}
Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause
URL: https://github.com/ComplianceAsCode/content/
Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
BuildArch: noarch
%if 0%{?_rhel_like} == 7
BuildRequires: libxslt, openscap-scanner >= 1.2.5, cmake >= 2.8, python, python-jinja2, PyYAML, python-setuptools
%else
BuildRequires: libxslt, openscap-scanner >= 1.2.5, cmake >= 2.8, python%{python3_pkgversion}, python%{python3_pkgversion}-jinja2, python%{python3_pkgversion}-PyYAML, python%{python3_pkgversion}-setuptools
%endif
Requires: xml-common, openscap-scanner >= 1.2.5
%description
The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is specified
in the Security Content Automation Protocol (SCAP) format and constitutes
a catalog of practical hardening advice, linked to government requirements
where applicable. The project bridges the gap between generalized policy
requirements and specific implementation guidelines. The system
administrator can use the oscap CLI tool from openscap-scanner package, or the
scap-workbench GUI tool from scap-workbench package to verify that the system
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
further information.
%package doc
Summary: HTML formatted security guides generated from XCCDF benchmarks
Requires: %{name} = %{version}-%{release}
%description doc
The %{name}-doc package contains HTML formatted documents containing
hardening guidances that have been generated from XCCDF benchmarks
present in %{name} package.
%prep
%autosetup -p1
%define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=OFF -DSSG_BUILD_DISA_DELTA_FILES=OFF
%define cmake_defines_specific %{nil}
%define centos_8_specific %{nil}
%if 0%{?_rhel_like}
%if 0%{?_rhel_like} == 7 || 0%{?_rhel_like} == 8
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{_rhel_like}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON
%else
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{_rhel_like}:BOOLEAN=TRUE -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -DSSG_SCE_ENABLED:BOOL=ON
%endif
%endif
%if 0%{?fedora}
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_FEDORA:BOOLEAN=TRUE
%endif
mkdir -p build
%build
%if 0%{?_rhel_like} == 7 || 0%{?_rhel_like} == 8
cd build
%cmake %{cmake_defines_common} %{cmake_defines_specific} ../
%else
%cmake %{cmake_defines_common} %{cmake_defines_specific}
%endif
%if 0%{?_rhel_like} == 7
make %{?_smp_mflags}
%else
%cmake_build
%endif
%install
%if 0%{?_rhel_like} == 7 || 0%{?_rhel_like} == 8
cd build
%endif
%if 0%{?_rhel_like} == 7
%make_install
%else
%cmake_install
%endif
rm %{buildroot}/%{_docdir}/%{name}/README.md
rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
%files
%{_datadir}/xml/scap/ssg/content
# No kickstarts for Fedora
%if 0%{?_rhel_like}
%{_datadir}/%{name}/kickstart
%endif
%{_datadir}/%{name}/ansible/*.yml
%lang(en) %{_mandir}/man8/scap-security-guide.8.*
%doc %{_docdir}/%{name}/LICENSE
%files doc
%doc %{_docdir}/%{name}/guides/*.html
# No tables for Fedora
%if 0%{?_rhel_like}
%doc %{_docdir}/%{name}/tables/*.html
%endif