[PATCH 1/1] Change to use a new external nodes script. Add an external nodes script which cats the yaml file created by secstate. This is a work around so that puppet doesnt need to execute the temp file that we generate. The necessary changes have also been made to the make file and spec file.
1:22 p.m.
From: Matt Keeler <mkeeler(a)tresys.com>
---
Makefile | 1 +
dist/secstate.spec | 1 +
src/bin/secstate_external_node | 2 ++
src/secstate/main.py | 9 ++++-----
4 files changed, 8 insertions(+), 5 deletions(-)
create mode 100644 src/bin/secstate_external_node
diff --git a/Makefile b/Makefile
index 4413c7f..e0244bb 100644
--- a/Makefile
+++ b/Makefile
@@ -110,6 +110,7 @@ install:
$(verbose)test -d $(PYTHON_LIB) || $(INSTALL) -d $(PYTHON_LIB)
$(verbose)test -d $(PYTHON_LIB_SECSTATE) || $(INSTALL) -d $(PYTHON_LIB_SECSTATE)
$(verbose)$(INSTALL) src/bin/$(PKG) $(BINDIR)/$(PKG)
+ $(verbose)$(INSTALL) src/bin/secstate_external_node $(BINDIR)/secstate_external_node
$(verbose)$(INSTALL) src/secstate/*.py $(PYTHON_LIB_SECSTATE)
$(verbose)$(INSTALL) src/etc/$(PKG).conf $(SYSCONFDIR)/$(PKG)/$(PKG).conf
$(verbose)$(INSTALL) src/etc/results_to_html.xsl
$(SYSCONFDIR)/$(PKG)/results_to_html.xsl
diff --git a/dist/secstate.spec b/dist/secstate.spec
index ab08d8b..e66afcc 100644
--- a/dist/secstate.spec
+++ b/dist/secstate.spec
@@ -47,6 +47,7 @@ rm -rf $RPM_BUILD_DIR/%{name}-%{version}
%dir %{_datadir}/secstate/
%dir %{_datadir}/secstate/benchmarks/
%{_bindir}/secstate
+%{_bindir}/secstate_external_node
%dir %{python_sitelib}/secstate
%{python_sitelib}/secstate/__init__.py*
diff --git a/src/bin/secstate_external_node b/src/bin/secstate_external_node
new file mode 100644
index 0000000..a331f9c
--- /dev/null
+++ b/src/bin/secstate_external_node
@@ -0,0 +1,2 @@
+#!/bin/bash
+cat $1
\ No newline at end of file
diff --git a/src/secstate/main.py b/src/secstate/main.py
index 5543203..d16b973 100644
--- a/src/secstate/main.py
+++ b/src/secstate/main.py
@@ -29,7 +29,6 @@ from logging.handlers import SysLogHandler
import tarfile
import zipfile
import tempfile
-import re
import subprocess
import time
@@ -617,7 +616,7 @@ class Secstate:
self.log.error('Error: Invalid Benchmark ID or Puppet Library')
return False
passing_ids = self.get_passed_result_ids(xccdf_results)
- template = '#!/bin/sh\ncat <<"END"\n%s\nEND\nexit 0\n'
+ template = '%s\n'
if self.database.has_key(bench_id):
(benchmark, tmp_model) = self.import_content(os.path.join(self.benchmark_dir,
bench_id, self.database[bench_id]))
if not benchmark:
@@ -629,11 +628,10 @@ class Secstate:
sys.stderr.write('Error: %s\n' % str(se))
return False
else:
- handle, fname = tempfile.mkstemp(suffix='.sh')
+ handle, fname = tempfile.mkstemp(suffix='.yaml')
os.write(handle, template % dict_to_external(puppet_content))
os.close(handle)
- os.chmod(fname, 755)
- puppet_args = ['/usr/bin/puppet', '--external_node',
fname, '--node_terminus', 'exec', puppet_lib]
+ puppet_args = ['/usr/bin/puppet', '--external_node',
'/usr/sbin/secstat_external_node %s' % fname, '--node_terminus',
'exec', puppet_lib]
if log_dest:
puppet_args.extend(['-l', log_dest])
subprocess.call(puppet_args)
@@ -641,3 +639,4 @@ class Secstate:
else:
self.log.error("Could not find %(benchmark)s in database" %
{'benchmark':bench_id})
return False
+
--
1.6.5.2
5059
days inactive
5059
days old
secstate-devel@lists.fedorahosted.org
0 comments
1 participants
participants (1)
-
mkeeler@tresys.com