[meta-security-compliance][PATCH] scap-security-guide: Fix openembedded platform tests


Akshay Bhat
 

Update the installed_OS_is_openembedded check to drop the quotes
in the VERSION_ID string to match f451c68667cca of openembedded-core.
Without this fix, all tests are reported as "notapplicable".

Signed-off-by: Akshay Bhat <akshay.bhat@...>
---
...is_openembedded-Update-pattern-match.patch | 30 +++++++++++++++++++
.../scap-security-guide_git.bb | 1 +
2 files changed, 31 insertions(+)
create mode 100644 meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch

diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch
new file mode 100644
index 0000000..61d9206
--- /dev/null
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-installed_OS_is_openembedded-Update-pattern-match.patch
@@ -0,0 +1,30 @@
+From d943e41d64da6af89a6b8224110299ad88747497 Mon Sep 17 00:00:00 2001
+From: Akshay Bhat <akshay.bhat@...>
+Date: Mon, 14 Feb 2022 13:00:31 -0500
+Subject: [PATCH] installed_OS_is_openembedded: Update pattern match
+
+The VERSION_ID string is no longer quoted with f451c68667cca of
+openembedded-core. Update the pattern match check in
+installed_OS_is_openembedded to match the same.
+
+Signed-off-by: Akshay Bhat <akshay.bhat@...>
+---
+ shared/checks/oval/installed_OS_is_openembedded.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/shared/checks/oval/installed_OS_is_openembedded.xml b/shared/checks/oval/installed_OS_is_openembedded.xml
+index 01df16b43..eaf9f2b10 100644
+--- a/shared/checks/oval/installed_OS_is_openembedded.xml
++++ b/shared/checks/oval/installed_OS_is_openembedded.xml
+@@ -23,7 +23,7 @@
+ </ind:textfilecontent54_test>
+ <ind:textfilecontent54_object id="obj_openembedded" version="1" comment="Check OpenEmbedded version">
+ <ind:filepath>/etc/os-release</ind:filepath>
+- <ind:pattern operation="pattern match">^VERSION_ID=\"nodistro\.[0-9].$</ind:pattern>
++ <ind:pattern operation="pattern match">^VERSION_ID=nodistro\.[0-9]$</ind:pattern>
+ <ind:instance datatype="int">1</ind:instance>
+ </ind:textfilecontent54_object>
+
+--
+2.25.1
+
diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index ddde5cc..f493ea8 100644
--- a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -9,6 +9,7 @@ SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;;pr
file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \
file://0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch \
file://0002-Fix-missing-openembedded-from-ssg-constants.py.patch \
+ file://0001-installed_OS_is_openembedded-Update-pattern-match.patch \
"
PV = "0.1.44+git${SRCPV}"

--
2.25.1

Join yocto@lists.yoctoproject.org to automatically receive all group messages.