File openscap.spec of Package openscap

#
# spec file for package openscap
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
  %define _fillupdir /var/adm/fillup-templates
%endif

%define sover 8
%define with_bindings 0

Name:           openscap
Version:        1.2.16
Release:        1.0
Source:         https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
Source2:        sysconfig.oscap-scan
# SUSE specific profile, based on yast2-security
# checks.
# Generated from http://gitorious.org/test-suite/scap
Source3:        scap-yast2sec-xccdf.xml
Source4:        scap-yast2sec-oval.xml
Source5:        oscap-scan.service
Source6:        oscap-scan.sh
Patch0:         openscap-new-suse.patch
Url:            http://www.open-scap.org/
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  doxygen
BuildRequires:  libacl-devel
BuildRequires:  libbz2-devel
BuildRequires:  libcurl-devel
BuildRequires:  libgcrypt-devel
BuildRequires:  libxml2-devel
# Use package name cause of "have choice for perl(XML::Parser): brp-check-suse perl-XML-Parser"
BuildRequires:  autoconf
BuildRequires:  automake
BuildRequires:  gconf2-devel
BuildRequires:  libblkid-devel
BuildRequires:  libcap-devel
BuildRequires:  libselinux-devel
BuildRequires:  libtool
BuildRequires:  libxslt-devel
BuildRequires:  openldap2-devel
BuildRequires:  pcre-devel
BuildRequires:  perl-XML-Parser
BuildRequires:  pkg-config
BuildRequires:  procps-devel
BuildRequires:  python-devel
BuildRequires:  rpm-devel
BuildRequires:  swig
BuildRequires:  unixODBC-devel
Summary:        A Set of Libraries for Integration with SCAP
License:        LGPL-2.1-or-later
Group:          Development/Tools/Other
BuildRequires:  systemd-rpm-macros

%description
OpenSCAP is a set of open source libraries providing an easier path for
integration of the SCAP line of standards.

SCAP is a line of standards managed by NIST with the goal of providing
a standard language for the expression of Computer Network Defense
related information.

More information about SCAP can be found at nvd.nist.gov.


%package -n libopenscap%{sover}
Summary:        OpenSCAP C Library
Group:          System/Libraries

%description -n libopenscap%{sover}
The OpenSCAP C Library for easy integration with SCAP.

%package docker
Summary:        Docker plugin for OpenSCAP
Group:          System/Libraries

%description docker
This package contains the Docker support for OpenSCAP.


%package engine-sce
Summary:        Script Checking Engine for OpenSCAP
Group:          System/Libraries

%description engine-sce
This package contains the Script Checking Engine (SCE) support for OpenSCAP.

%package -n libopenscap_sce%{sover}
Summary:        Script Checking Engine Library for OpenSCAP
Group:          System/Libraries
Recommends:     openscap-engine-sce

%description -n libopenscap_sce%{sover}
This package contains the Script Checking Engine Library (SCE) for OpenSCAP.

%package devel
Requires:       %{name} = %{version}-%{release}
Requires:       libopenscap%{sover} = %{version}
Summary:        Development Files for OpenSCAP
Group:          Development/Libraries/C and C++

%description devel
This package contains the development files (mainly C header files) for the 
OpenSCAP C library.

%if 0%{?with_bindings}
%package -n python-openscap
%py_requires
Requires:       %{name} = %{version}-%{release}
Provides:       openscap-python = %{version}-%{release}
Summary:        OpenSCAP Python Library
Group:          Development/Libraries/Python

%description -n python-openscap
The OpenSCAP Python Library for easy integration with SCAP.

%package -n perl-openscap
Requires:       %{name} = %{version}-%{release}
Requires:       perl = %{perl_version}
Provides:       openscap-perl = %{version}-%{release}
Summary:        OpenSCAP Perl Library
Group:          Development/Libraries/Perl

%description -n perl-openscap
The OpenSCAP Perl Library for easy integration with SCAP.
%endif

%package        utils
Summary:        Openscap utilities
Group:          System/Monitoring
Requires:       %{name} = %{version}-%{release}
PreReq:         %fillup_prereq
%systemd_requires

%description    utils
The %{name}-utils package contains various utilities based on %{name} library.


%package        content
Summary:        SCAP content
Group:          System/Monitoring
Requires:       %{name} = %{version}-%{release}

%description    content
SCAP content for Fedora delivered by Open-SCAP project.


%package        extra-probes
Summary:        SCAP probes
Group:          System/Monitoring
Requires:       %{name} = %{version}-%{release}
#BuildRequires:  opendbx - for sql

%description    extra-probes
The %{name}-extra-probes package contains additional probes that are not
commonly used and require additional dependencies.

%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

%prep
%setup -q
%patch0 -p1

%build

bash ./autogen.sh
%if 0%{?with_bindings}
%configure --disable-silent-rules --enable-sce --enable-cce
%else
%configure --disable-silent-rules --enable-sce --enable-cce --disable-bindings --disable-python --disable-python3
%endif
make %{?_smp_mflags}
cd docs
doxygen
cd ..

%check
make check %{?_smp_mflags} || :

%install
make install DESTDIR=%{buildroot}
find %{buildroot} -name "*.la" -delete

# last python2 user in oscap-utils ... needs porting to python3
rm %{buildroot}/usr/bin/scap-as-rpm

mkdir -p %{buildroot}/%{_fillupdir}
install -m 644 %{SOURCE2} %{buildroot}/%{_fillupdir}

install -m 644 %{SOURCE3} %{buildroot}/%{_datadir}/openscap
install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/openscap

# specific local scan during boot script
mkdir -p %{buildroot}/%{_unitdir}
install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/oscap-scan.service
install -m 755 %{SOURCE6} %{buildroot}/%{_bindir}/oscap-scan

# create symlinks to default content
ln -s  %{_datadir}/openscap/scap-yast2sec-oval.xml %{buildroot}/%{_datadir}/openscap/scap-oval.xml
ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/openscap/scap-xccdf.xml

%post -n libopenscap%{sover} -p /sbin/ldconfig
%post -n libopenscap_sce%{sover} -p /sbin/ldconfig

%postun -n libopenscap%{sover} -p /sbin/ldconfig
%postun -n libopenscap_sce%{sover} -p /sbin/ldconfig

%preun utils
%service_del_preun oscap-scan.service

%post utils
%service_add_post oscap-scan.service
%{fillup_only -n oscap-scan}

%postun utils
%service_del_postun oscap-scan.service

%pre utils
%service_add_pre oscap-scan.service

%files
%defattr(-, root, root)
%doc AUTHORS COPYING NEWS
%dir %{_libexecdir}/openscap
%{_libexecdir}/openscap/probe_dnscache
%{_libexecdir}/openscap/probe_environmentvariable
%{_libexecdir}/openscap/probe_environmentvariable58
%{_libexecdir}/openscap/probe_family
%{_libexecdir}/openscap/probe_file
%{_libexecdir}/openscap/probe_fileextendedattribute
%{_libexecdir}/openscap/probe_filehash
%{_libexecdir}/openscap/probe_filehash58
%{_libexecdir}/openscap/probe_iflisteners
%{_libexecdir}/openscap/probe_inetlisteningservers
%{_libexecdir}/openscap/probe_interface
%{_libexecdir}/openscap/probe_partition
%{_libexecdir}/openscap/probe_password
%{_libexecdir}/openscap/probe_process
%{_libexecdir}/openscap/probe_process58
%{_libexecdir}/openscap/probe_routingtable
%{_libexecdir}/openscap/probe_rpminfo
%{_libexecdir}/openscap/probe_rpmverify*
%{_libexecdir}/openscap/probe_runlevel
%{_libexecdir}/openscap/probe_selinuxboolean
%{_libexecdir}/openscap/probe_selinuxsecuritycontext
%{_libexecdir}/openscap/probe_shadow
%{_libexecdir}/openscap/probe_symlink
%{_libexecdir}/openscap/probe_sysctl
%{_libexecdir}/openscap/probe_systemdunitdependency
%{_libexecdir}/openscap/probe_systemdunitproperty
%{_libexecdir}/openscap/probe_system_info
%{_libexecdir}/openscap/probe_textfilecontent
%{_libexecdir}/openscap/probe_textfilecontent54
%{_libexecdir}/openscap/probe_uname
%{_libexecdir}/openscap/probe_variable
%{_libexecdir}/openscap/probe_xinetd
%{_libexecdir}/openscap/probe_xmlfilecontent

%dir %{_datadir}/openscap
%dir %{_datadir}/openscap/cpe
%dir %{_datadir}/openscap/schemas
%dir %{_datadir}/openscap/xsl
%{_datadir}/openscap/cpe/*
%{_datadir}/openscap/schemas/*
%{_datadir}/openscap/xsl/*

%files -n libopenscap%{sover}
%defattr(-, root, root)
%{_libdir}/libopenscap.so.%{sover}*

%files devel
%defattr(-, root, root)
%doc docs/{html,examples}/
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc

%files docker
%defattr(-, root, root)
%{python_sitelib}/oscap_docker_python
%{_bindir}/oscap-docker

%if 0%{?with_bindings}
%files -n python-openscap
%defattr(-, root, root)
%{python_sitearch}/*

%files -n perl-openscap
%defattr(-, root, root)
%{perl_vendorlib}/openscap.pm
%{perl_vendorarch}/_openscap_pm.so
%endif

%files utils
%defattr(-,root,root,-)
%{_fillupdir}/sysconfig.oscap-scan
%doc docs/oscap-scan.cron
%{_mandir}/man8/*
%{_unitdir}/oscap-scan.service
%{_bindir}/oscap
%{_bindir}/oscap-vm
%{_bindir}/oscap-scan
%{_bindir}/oscap-ssh
%{_bindir}/oscap-chroot
# currently not shipped as it is still python2
#{_bindir}/scap-as-rpm
%config %{_sysconfdir}/bash_completion.d/*

%files content
%defattr(-,root,root,-)
%{_datadir}/openscap/scap*.xml

%files engine-sce
%defattr(-,root,root,-)
%dir %{_datadir}/openscap
%dir %{_datadir}/openscap/sectool-sce/
%{_datadir}/openscap/sectool-sce/*

%files -n libopenscap_sce%{sover}
%defattr(-,root,root,-)
%{_libdir}/libopenscap_sce.so.*

%files extra-probes
%defattr(-,root,root,-)
%{_libexecdir}/openscap/probe_ldap57
%{_libexecdir}/openscap/probe_gconf

%changelog
openSUSE Build Service is sponsored by