The spec file was dropping things in /usr/local. Shift it to /usr/share/doc/scap-security-guide-<version>.
Update Requires and BuildRequires based on perusal of apps leveraged during build.
Signed-off-by: Spencer Shimko sshimko@tresys.com --- scap-security-guide.spec | 15 +++++++++------ 1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 55e22a5..0867fb1 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -12,8 +12,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildArch: %{arch}
-BuildRequires: /bin/rm, /bin/mkdir, /bin/cp -Requires: /bin/bash, /bin/date, /usr/bin/oscap +BuildRequires: coreutils, libxslt, expat, python +Requires: coreutils, openscap
%description The scap-security-guide project provides security configuration guidance in @@ -28,13 +28,12 @@ requirements and specific implementation guidance. %build cd RHEL6 && make dist
- %install rm -rf $RPM_BUILD_ROOT #make install DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/usr/local/%{name}/ +mkdir -p $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/
-cp -r RHEL6/dist/* $RPM_BUILD_ROOT/usr/local/%{name}/ +cp -r RHEL6/dist/* $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/
%clean @@ -43,10 +42,14 @@ rm -rf $RPM_BUILD_ROOT
%files %defattr(0644,root,root,0755) -%attr(0755,root,root) /usr/local/scap-security-guide/ +%attr(0755,root,root) %{_usr}/share/doc/%{name}-%{version}/
%changelog +* Tue Aug 28 2012 Spencer Shimko sshimko@tresys.com 1.0-4 +- Move away from using /usr/local for installation dir. +- Fix BuildRequires and Requires. + * Wed Jul 3 2012 Jeffrey Blank blank@eclipse.ncsc.mil 1.0-3 - Modified install section, made description more concise.
On 8/28/12 2:17 PM, Spencer Shimko wrote:
The spec file was dropping things in /usr/local. Shift it to /usr/share/doc/scap-security-guide-<version>.
Update Requires and BuildRequires based on perusal of apps leveraged during build.
Signed-off-by: Spencer Shimko sshimko@tresys.com
scap-security-guide.spec | 15 +++++++++------ 1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 55e22a5..0867fb1 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -12,8 +12,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildArch: %{arch}
-BuildRequires: /bin/rm, /bin/mkdir, /bin/cp -Requires: /bin/bash, /bin/date, /usr/bin/oscap +BuildRequires: coreutils, libxslt, expat, python +Requires: coreutils, openscap
%description The scap-security-guide project provides security configuration guidance in @@ -28,13 +28,12 @@ requirements and specific implementation guidance. %build cd RHEL6 && make dist
- %install rm -rf $RPM_BUILD_ROOT #make install DESTDIR=$RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/local/%{name}/ +mkdir -p $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/
-cp -r RHEL6/dist/* $RPM_BUILD_ROOT/usr/local/%{name}/ +cp -r RHEL6/dist/* $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/
%clean @@ -43,10 +42,14 @@ rm -rf $RPM_BUILD_ROOT
%files %defattr(0644,root,root,0755) -%attr(0755,root,root) /usr/local/scap-security-guide/ +%attr(0755,root,root) %{_usr}/share/doc/%{name}-%{version}/
%changelog +* Tue Aug 28 2012 Spencer Shimko sshimko@tresys.com 1.0-4 +- Move away from using /usr/local for installation dir. +- Fix BuildRequires and Requires.
- Wed Jul 3 2012 Jeffrey Blank blank@eclipse.ncsc.mil 1.0-3
- Modified install section, made description more concise.
In preparing SSG for packaging into EPEL (and eventually RHEL), one of the fedora guys reviewed our RPM build and dropped suggestions on making everything FHS compliant. They recommended things be put into /usr/share/lib, but I agree that /usr/share/doc is sane given the nature of the content. Reference https://fedorahosted.org/scap-security-guide/ticket/107
Jamie - Care to weigh in? Will we get smacked around by the EPEL packaging guys by putting this in /usr/share/doc?
I think you also want openscap-utils as a BuildRequires (or for anywhere we expect the oscap command line to be available).
Technically, we could install the files (and use them with a 3rd party SCAP scanning tool) without requiring openscap or openscap-utils, though they are definitely required for the build. I do not know if it is proper to put them as Requires if they are not a hard requirement, though we are definitely assuming that many users would want them in order to run the content!
On 08/28/2012 02:50 PM, Shawn Wells wrote:
On 8/28/12 2:17 PM, Spencer Shimko wrote:
The spec file was dropping things in /usr/local. Shift it to /usr/share/doc/scap-security-guide-<version>.
Update Requires and BuildRequires based on perusal of apps leveraged during build.
Signed-off-by: Spencer Shimko sshimko@tresys.com
scap-security-guide.spec | 15 +++++++++------ 1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 55e22a5..0867fb1 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -12,8 +12,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildArch: %{arch} -BuildRequires: /bin/rm, /bin/mkdir, /bin/cp -Requires: /bin/bash, /bin/date, /usr/bin/oscap +BuildRequires: coreutils, libxslt, expat, python +Requires: coreutils, openscap %description The scap-security-guide project provides security configuration guidance in @@ -28,13 +28,12 @@ requirements and specific implementation guidance. %build cd RHEL6 && make dist
%install rm -rf $RPM_BUILD_ROOT #make install DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/usr/local/%{name}/ +mkdir -p $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/ -cp -r RHEL6/dist/* $RPM_BUILD_ROOT/usr/local/%{name}/ +cp -r RHEL6/dist/* $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/ %clean @@ -43,10 +42,14 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(0644,root,root,0755) -%attr(0755,root,root) /usr/local/scap-security-guide/ +%attr(0755,root,root) %{_usr}/share/doc/%{name}-%{version}/ %changelog +* Tue Aug 28 2012 Spencer Shimko sshimko@tresys.com 1.0-4 +- Move away from using /usr/local for installation dir. +- Fix BuildRequires and Requires.
- Wed Jul 3 2012 Jeffrey Blank blank@eclipse.ncsc.mil 1.0-3
- Modified install section, made description more concise.
In preparing SSG for packaging into EPEL (and eventually RHEL), one of the fedora guys reviewed our RPM build and dropped suggestions on making everything FHS compliant. They recommended things be put into /usr/share/lib, but I agree that /usr/share/doc is sane given the nature of the content. Reference https://fedorahosted.org/scap-security-guide/ticket/107
Jamie - Care to weigh in? Will we get smacked around by the EPEL packaging guys by putting this in /usr/share/doc? _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
On 8/28/12 7:47 PM, "Jeffrey Blank" blank@eclipse.ncsc.mil wrote:
I think you also want openscap-utils as a BuildRequires (or for anywhere we expect the oscap command line to be available).
Makes sense to me I'll submit an updated patch this morning.
Technically, we could install the files (and use them with a 3rd party SCAP scanning tool) without requiring openscap or openscap-utils, though they are definitely required for the build. I do not know if it is proper to put them as Requires if they are not a hard requirement, though we are definitely assuming that many users would want them in order to run the content!
Also makes sense to strip it out of the Requires. But now I'm down to zero deps for installation and I've had bad experiences in the past (e.g. Vmware's RPMs that, when installed from a kickstart, ended up on the system before coreutils and things broke spectacularly. I'll add "filesystem" as a dependency so we can expect /usr/share/doc to exist.
As a heads up I'm also working on the SELinux content (ticket #99) and hope to have a patch submitted today or tomorrow.
Thanks, --Spencer
On 08/28/2012 02:50 PM, Shawn Wells wrote:
On 8/28/12 2:17 PM, Spencer Shimko wrote:
The spec file was dropping things in /usr/local. Shift it to /usr/share/doc/scap-security-guide-<version>.
Update Requires and BuildRequires based on perusal of apps leveraged during build.
Signed-off-by: Spencer Shimko sshimko@tresys.com
scap-security-guide.spec | 15 +++++++++------ 1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 55e22a5..0867fb1 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -12,8 +12,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildArch: %{arch} -BuildRequires: /bin/rm, /bin/mkdir, /bin/cp -Requires: /bin/bash, /bin/date, /usr/bin/oscap +BuildRequires: coreutils, libxslt, expat, python +Requires: coreutils, openscap %description The scap-security-guide project provides security configuration guidance in @@ -28,13 +28,12 @@ requirements and specific implementation guidance. %build cd RHEL6 && make dist
%install rm -rf $RPM_BUILD_ROOT #make install DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/usr/local/%{name}/ +mkdir -p $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/ -cp -r RHEL6/dist/* $RPM_BUILD_ROOT/usr/local/%{name}/ +cp -r RHEL6/dist/* $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/ %clean @@ -43,10 +42,14 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(0644,root,root,0755) -%attr(0755,root,root) /usr/local/scap-security-guide/ +%attr(0755,root,root) %{_usr}/share/doc/%{name}-%{version}/ %changelog +* Tue Aug 28 2012 Spencer Shimko sshimko@tresys.com 1.0-4 +- Move away from using /usr/local for installation dir. +- Fix BuildRequires and Requires.
- Wed Jul 3 2012 Jeffrey Blank blank@eclipse.ncsc.mil 1.0-3
- Modified install section, made description more concise.
In preparing SSG for packaging into EPEL (and eventually RHEL), one of the fedora guys reviewed our RPM build and dropped suggestions on making everything FHS compliant. They recommended things be put into /usr/share/lib, but I agree that /usr/share/doc is sane given the nature of the content. Reference https://fedorahosted.org/scap-security-guide/ticket/107
Jamie - Care to weigh in? Will we get smacked around by the EPEL packaging guys by putting this in /usr/share/doc? _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
On 8/28/12 2:50 PM, "Shawn Wells" shawn@redhat.com wrote:
On 8/28/12 2:17 PM, Spencer Shimko wrote:
The spec file was dropping things in /usr/local. Shift it to /usr/share/doc/scap-security-guide-<version>.
Update Requires and BuildRequires based on perusal of apps leveraged during build.
Signed-off-by: Spencer Shimko sshimko@tresys.com
scap-security-guide.spec | 15 +++++++++------ 1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 55e22a5..0867fb1 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -12,8 +12,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildArch: %{arch}
-BuildRequires: /bin/rm, /bin/mkdir, /bin/cp -Requires: /bin/bash, /bin/date, /usr/bin/oscap +BuildRequires: coreutils, libxslt, expat, python +Requires: coreutils, openscap
%description The scap-security-guide project provides security configuration guidance in @@ -28,13 +28,12 @@ requirements and specific implementation guidance. %build cd RHEL6 && make dist
- %install rm -rf $RPM_BUILD_ROOT #make install DESTDIR=$RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/local/%{name}/ +mkdir -p $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/
-cp -r RHEL6/dist/* $RPM_BUILD_ROOT/usr/local/%{name}/ +cp -r RHEL6/dist/* $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/
%clean @@ -43,10 +42,14 @@ rm -rf $RPM_BUILD_ROOT
%files %defattr(0644,root,root,0755) -%attr(0755,root,root) /usr/local/scap-security-guide/ +%attr(0755,root,root) %{_usr}/share/doc/%{name}-%{version}/
%changelog +* Tue Aug 28 2012 Spencer Shimko sshimko@tresys.com 1.0-4 +- Move away from using /usr/local for installation dir. +- Fix BuildRequires and Requires.
- Wed Jul 3 2012 Jeffrey Blank blank@eclipse.ncsc.mil 1.0-3
- Modified install section, made description more concise.
In preparing SSG for packaging into EPEL (and eventually RHEL), one of the fedora guys reviewed our RPM build and dropped suggestions on making everything FHS compliant. They recommended things be put into /usr/share/lib, but I agree that /usr/share/doc is sane given the nature of the content. Reference https://fedorahosted.org/scap-security-guide/ticket/107
I considered /usr/lib and /usr/libexec but those are for object files and helper apps. Since this RPM only contains XML and HTML files it doesn't seem like a good fit. I'm open to being convinced otherwise though.
Thanks, --Spencer
Jamie - Care to weigh in? Will we get smacked around by the EPEL packaging guys by putting this in /usr/share/doc? _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
On Wednesday, August 29, 2012 12:59:30 PM Spencer R. Shimko wrote:
- Wed Jul 3 2012 Jeffrey Blank blank@eclipse.ncsc.mil 1.0-3
- Modified install section, made description more concise.
In preparing SSG for packaging into EPEL (and eventually RHEL), one of the fedora guys reviewed our RPM build and dropped suggestions on making everything FHS compliant. They recommended things be put into /usr/share/lib, but I agree that /usr/share/doc is sane given the nature of the content. Reference https://fedorahosted.org/scap-security-guide/ticket/107
I considered /usr/lib and /usr/libexec but those are for object files and helper apps. Since this RPM only contains XML and HTML files it doesn't seem like a good fit. I'm open to being convinced otherwise though.
We are talking this over. Give us a little time to come to a decision. We might do something like /usr/share/xml/scap/<policy> so that apps can have a standard location to expect policy. I'll come back with an official recommendation.
-Steve
Sounds good. And there is other benefit already in Spencer's patch (with regard to RPM Requires), so I'll give Spencer an ACK unless someone indicates that they would prefer to wait...
On 08/29/2012 09:44 AM, Steve Grubb wrote:
On Wednesday, August 29, 2012 12:59:30 PM Spencer R. Shimko wrote:
- Wed Jul 3 2012 Jeffrey Blank blank@eclipse.ncsc.mil 1.0-3
- Modified install section, made description more concise.
In preparing SSG for packaging into EPEL (and eventually RHEL), one of the fedora guys reviewed our RPM build and dropped suggestions on making everything FHS compliant. They recommended things be put into /usr/share/lib, but I agree that /usr/share/doc is sane given the nature of the content. Reference https://fedorahosted.org/scap-security-guide/ticket/107
I considered /usr/lib and /usr/libexec but those are for object files and helper apps. Since this RPM only contains XML and HTML files it doesn't seem like a good fit. I'm open to being convinced otherwise though.
We are talking this over. Give us a little time to come to a decision. We might do something like /usr/share/xml/scap/<policy> so that apps can have a standard location to expect policy. I'll come back with an official recommendation.
-Steve _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
On Tuesday, September 04, 2012 01:35:53 PM Jeffrey Blank wrote:
Sounds good. And there is other benefit already in Spencer's patch (with regard to RPM Requires), so I'll give Spencer an ACK unless someone indicates that they would prefer to wait...
We are setting things up so that policy distributed in rpm form can be located in /usr/share/xml/scap/<policy-name>. The filesystem rpm will make the directory for new installations. But each rpm should make and install xml into their own the policy directory.
So, you could have:
/usr/share/xml/scap/ssg /usr/share/xml/scap/usgcb /usr/share/xml/scap/stig /usr/share/xml/scap/nispom
etc...Tools can also now be coded to scan subdirectories to populate dialog boxes for policy to use with this layout.
-Steve
On 08/29/2012 09:44 AM, Steve Grubb wrote:
On Wednesday, August 29, 2012 12:59:30 PM Spencer R. Shimko wrote:
- Wed Jul 3 2012 Jeffrey Blank blank@eclipse.ncsc.mil 1.0-3
- Modified install section, made description more concise.
In preparing SSG for packaging into EPEL (and eventually RHEL), one of the fedora guys reviewed our RPM build and dropped suggestions on making everything FHS compliant. They recommended things be put into /usr/share/lib, but I agree that /usr/share/doc is sane given the nature of the content. Reference https://fedorahosted.org/scap-security-guide/ticket/107
I considered /usr/lib and /usr/libexec but those are for object files and helper apps. Since this RPM only contains XML and HTML files it doesn't seem like a good fit. I'm open to being convinced otherwise though.
We are talking this over. Give us a little time to come to a decision. We might do something like /usr/share/xml/scap/<policy> so that apps can have a standard location to expect policy. I'll come back with an official recommendation.
scap-security-guide@lists.fedorahosted.org
-
Jeffrey Blank -
Shawn Wells -
Spencer R. Shimko -
Steve Grubb