1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=5
PYTHON_COMPAT=( python2_7 )
inherit bash-completion-r1 eutils multilib python-single-r1
DESCRIPTION="Framework which enables integration with Security Content Automation Protocol"
HOMEPAGE="http://www.open-scap.org/"
if [[ "${PV}" != "9999" ]];
then
SRC_URI="https://fedorahosted.org/releases/o/p/${PN}/${P}.tar.gz"
KEYWORDS="~amd64 ~x86"
else
inherit git-r3 autotools
EGIT_REPO_URI="https://github.com/OpenSCAP/openscap.git"
fi
LICENSE="LGPL-2.1+"
SLOT="0"
IUSE="acl caps debug doc gconf ldap nss pcre perl python rpm selinux sce sql test xattr"
RESTRICT="!test? ( test )"
#RESTRICT="test"
RDEPEND="!nss? ( dev-libs/libgcrypt:0 )
nss? ( dev-libs/nss )
acl? ( virtual/acl )
caps? ( sys-libs/libcap )
gconf? ( gnome-base/gconf )
ldap? ( net-nds/openldap )
pcre? ( dev-libs/libpcre )
rpm? ( >=app-arch/rpm-4.9 )
sql? ( dev-db/opendbx )
xattr? ( sys-apps/attr )
dev-libs/libpcre
dev-libs/libxml2
dev-libs/libxslt
net-misc/curl
${PYTHON_DEPS}"
DEPEND="${RDEPEND}
doc? ( app-doc/doxygen )
perl? ( dev-lang/swig )
python? ( dev-lang/swig )
test? (
app-arch/unzip
dev-perl/XML-XPath
net-misc/ipcalc
sys-apps/grep )"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
src_prepare() {
# uncoment for debugging test
# sed -i 's,set -e,&;set -x,' tests/API/XCCDF/unittests/test_remediate_simple.sh || die
sed -i 's/uname -p/uname -m/' tests/probes/uname/test_probes_uname.xml.sh || die
#probe runlevel for non-centos/redhat/fedora is not implemented
sed -i 's,.*runlevel_test.*,echo "runlevel test bypassed",' tests/mitre/test_mitre.sh || die
sed -i 's,probecheck "runlevel,probecheck "runlevellllll,' tests/probes/runlevel/test_probes_runlevel.sh || die
#According to comment of theses tests, we must modify it. For the moment disable it
sed -i 's,.*linux-def_inetlisteningservers_test,#&,' tests/mitre/test_mitre.sh || die
sed -i 's,.*ind-def_environmentvariable_test,#&,' tests/mitre/test_mitre.sh || die
# theses tests are hardcoded for checking hald process...,
# but no good solution for the moment, disabling them with a fake echo
# because encased in a if then
# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process_test.xml || die
# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process58_test.xml || die
sed -i 's,.*process_test.*,echo "process test bypassed",' tests/mitre/test_mitre.sh || die
sed -i 's,.*process58_test.*,echo "process58 test bypassed",' tests/mitre/test_mitre.sh || die
#This test fail
sed -i 's,.*generate report: xccdf,#&,' tests/API/XCCDF/unittests/all.sh || die
if [[ "${PV}" == "9999" ]];
then
# fix automake failure about missing 'config/config.rpath'
touch config/config.rpath
eautoreconf
fi
if ! use rpm ; then
sed -i 's,probe_rpminfo_req_deps_ok=yes,probe_rpminfo_req_deps_ok=no,' configure || die
sed -i 's,probe_rpminfo_opt_deps_ok=yes,probe_rpminfo_opt_deps_ok=no,' configure || die
sed -i 's,probe_rpmverify_req_deps_ok=yes,probe_rpmverify_req_deps_ok=no,' configure || die
sed -i 's,probe_rpmverify_opt_deps_ok=yes,probe_rpmverify_opt_deps_ok=no,' configure || die
sed -i 's,^probe_rpm.*_deps_missing=,&disabled_by_USE_flag,' configure || die
sed -i 's,.*rpm.*,#&,' tests/mitre/test_mitre.sh || die
fi
if ! use selinux ; then
einfo "Disabling SELinux probes"
sed -i 's,.*selinux.*, echo "SELinux test bypassed",' tests/mitre/test_mitre.sh || die
#process58 need selinux
sed -i 's,.*process58,#&,' tests/mitre/test_mitre.sh || die
fi
if ! use ldap; then
einfo "Disabling LDAP probes"
sed -i 's,ldap.h,ldapp.h,g' configure || die
fi
epatch_user
}
src_configure() {
python_setup
local myconf
if use debug ; then
myconf+=" --enable-debug"
fi
if use python ; then
myconf+=" --enable-python"
else
myconf+=" --enable-python=no"
fi
if use perl ; then
myconf+=" --enable-perl"
fi
if use nss ; then
myconf+=" --with-crypto=nss3"
else
myconf+=" --with-crypto=gcrypt"
fi
if use sce ; then
myconf+=" --enable-sce"
else
myconf+=" --enable-sce=no"
fi
econf ${myconf}
}
src_compile() {
emake
if use doc ; then
einfo "Building HTML documentation using Doxygen (which will take a while)"
cd docs && doxygen Doxyfile || die
fi
}
src_install() {
emake install DESTDIR="${D}"
prune_libtool_files --all
if use doc ; then
dohtml -r docs/html/.
dodoc docs/examples/.
fi
dobashcomp "${D}"/etc/bash_completion.d/oscap
rm -rf "${D}"/etc/bash_completion.d || die
}
|