From a961756728efa0ab3e67a031c07ca308da3a73fa Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <jlieskov@redhat.com>
Date: Thu, 12 Sep 2013 17:16:18 +0200
Subject: [PATCH 1/8] Add Makefile, main README, and scap-security-guide.spec
file, that will be used for building Fedora
scap-security-guide (source) RPM package.
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
---
FEDORA/Makefile | 58 +++++++++++++++++++++++++++++++++++++++++
FEDORA/README | 30 +++++++++++++++++++++
FEDORA/scap-security-guide.spec | 53 +++++++++++++++++++++++++++++++++++++
3 files changed, 141 insertions(+)
create mode 100644 FEDORA/Makefile
create mode 100644 FEDORA/README
create mode 100644 FEDORA/scap-security-guide.spec
diff --git a/FEDORA/Makefile b/FEDORA/Makefile
new file mode 100644
index 0000000..4c1cb5f
--- /dev/null
+++ b/FEDORA/Makefile
@@ -0,0 +1,58 @@
+IN = input
+OUT = output
+TRANS = transforms
+UTILS = utils
+DIST = dist
+
+ID = fedora-19
+
+all: shorthand2xccdf guide content dist
+
+shorthand-guide:
+ xsltproc -o $(OUT)/$(ID)-shorthand.xml $(IN)/guide.xslt $(IN)/guide.xml
+ xmllint --format --output $(OUT)/$(ID)-shorthand.xml $(OUT)/$(ID)-shorthand.xml
+
+shorthand2xccdf: shorthand-guide
+ xsltproc -o $(OUT)/unlinked-unresolved-fedora-xccdf.xml $(TRANS)/shorthand2xccdf.xslt $(OUT)/$(ID)-shorthand.xml
+ oscap xccdf resolve -o $(OUT)/unlinked-fedora-xccdf.xml $(OUT)/unlinked-unresolved-fedora-xccdf.xml
+
+checks:
+ xmlwf $(IN)/checks/*.xml
+ $(TRANS)/combinechecks.py $(IN)/checks > $(OUT)/unlinked-fedora-oval.xml
+ xmllint --format --output $(OUT)/unlinked-fedora-oval.xml $(OUT)/unlinked-fedora-oval.xml
+
+guide: shorthand2xccdf
+# remove auxiliary Groups which are only for use in tables, and not guide output.
+# specifying a nonexistent profile, "allrules," to make oscap print all Rules
+ xsltproc -o $(OUT)/unlinked-fedora-xccdf-guide.xml $(TRANS)/xccdf-removeaux.xslt $(OUT)/unlinked-fedora-xccdf.xml
+ xsltproc -o $(OUT)/unlinked-notest-fedora-xccdf-guide.xml $(TRANS)/xccdf-removetested.xslt $(OUT)/unlinked-fedora-xccdf.xml
+ oscap xccdf generate guide --profile allrules $(OUT)/unlinked-notest-fedora-xccdf-guide.xml > $(OUT)/$(ID)-guide.html
+
+content: shorthand2xccdf guide checks
+ $(TRANS)/cpe_generate.py $(OUT)/unlinked-fedora-oval.xml $(IN)/checks/platform/fedora-cpe-dictionary.xml $(ID)
+ $(TRANS)/relabelids.py unlinked-fedora-xccdf.xml $(ID)
+
+validate-xml:
+ oscap xccdf validate-xml $(OUT)/$(ID)-xccdf.xml
+ oscap oval validate-xml $(OUT)/$(ID)-oval.xml
+ oscap oval validate-xml $(OUT)/$(ID)-cpe-oval.xml
+
+validate: validate-xml
+ cd $(OUT); ../$(UTILS)/verify-references.py --rules-with-invalid-checks --ovaldefs-unused $(ID)-xccdf.xml
+ oscap oval validate-xml --schematron $(OUT)/$(ID)-oval.xml
+
+# items in dist are expected for distribution in an rpm
+dist: guide content
+ mkdir -p $(DIST)/guide $(DIST)/content
+ cp $(OUT)/*-guide.html $(DIST)/guide
+ cp $(OUT)/$(ID)-xccdf.xml $(DIST)/content
+ cp $(OUT)/$(ID)-oval.xml $(DIST)/content
+ cp $(OUT)/$(ID)-cpe-dictionary.xml $(DIST)/content
+ cp $(OUT)/$(ID)-cpe-oval.xml $(DIST)/content
+
+eval-test:
+ oscap xccdf eval --profile test $(OUT)/$(ID)-xccdf.xml
+
+clean:
+ rm -f $(OUT)/*.xml $(OUT)/*.html $(OUT)/*.xhtml $(OUT)/*.pdf $(OUT)/*.spec $(OUT)/*.tar $(OUT)/*.gz $(OUT)/*.ini $(OUT)/*.csv
+ rm -rf $(DIST)/content $(DIST)/guide
diff --git a/FEDORA/README b/FEDORA/README
new file mode 100644
index 0000000..c3c94db
--- /dev/null
+++ b/FEDORA/README
@@ -0,0 +1,30 @@
+Directory Structure of scap-security-guide
+------------------------------------------
+
+The input directory contains source files that generate SCAP content, such as
+XCCDF and OVAL. Since a single large XML file is an impractical format for
+multiple authors to collaborate on editing SCAP content, efforts are made to
+keep logically related guidance and checking content in individual files.
+
+The transforms directory contains resources that enable the files inside the
+input directory (or output directory) to be combined and reformatted into
+valid SCAP formats or human-readable formats.
+
+The output directory is used as a storage area for items generated by the files
+in the inputs directory. It should be empty in the repository, and built on
+users' individual systems (and rely on its .gitignore file to keep such files
+out). The output directory contains transitional output (which may only exist
+in order to be further transformed) as well as final output.
+
+The references directory should contain documents which are specified as
+references from within the SCAP content, or documents that are "seeds," viz.
+documents whose prose will be translated into SCAP formats, as well as other
+examples of SCAP content.
+
+The utils directory contains helper scripts and other items that are useful to
+developers but are not essential to producing the project's output.
+
+The dist directory contains final outputs, which could be shipped in an RPM for
+consumption by end-users. Updating the Makefile to copy an item from the
+outputs directory to the dist directory indicates that an item is considered a
+final output.
diff --git a/FEDORA/scap-security-guide.spec b/FEDORA/scap-security-guide.spec
new file mode 100644
index 0000000..b4d47f8
--- /dev/null
+++ b/FEDORA/scap-security-guide.spec
@@ -0,0 +1,53 @@
+
+# IMPORTANT NOTE: This spec file is solely dedicated to make changes to the
+# Fedora's scap-security-guide package. If you want to apply changes against
+# the main RHEL-6 scap-security-guide RPM content, use scap-security-guide.spec
+# file one level up - in the main scap-security-guide directory (instead of
+# this one).
+
+Name: scap-security-guide
+Version: 0.1
+Release: 1.fc19
+Summary: Security guidance and baselines in SCAP formats
+Group: Applications/System
+License: Public Domain and GPLv2