On 8/28/12 7:47 PM, "Jeffrey Blank" blank@eclipse.ncsc.mil wrote:
I think you also want openscap-utils as a BuildRequires (or for anywhere we expect the oscap command line to be available).
Makes sense to me I'll submit an updated patch this morning.
Technically, we could install the files (and use them with a 3rd party SCAP scanning tool) without requiring openscap or openscap-utils, though they are definitely required for the build. I do not know if it is proper to put them as Requires if they are not a hard requirement, though we are definitely assuming that many users would want them in order to run the content!
Also makes sense to strip it out of the Requires. But now I'm down to zero deps for installation and I've had bad experiences in the past (e.g. Vmware's RPMs that, when installed from a kickstart, ended up on the system before coreutils and things broke spectacularly. I'll add "filesystem" as a dependency so we can expect /usr/share/doc to exist.
As a heads up I'm also working on the SELinux content (ticket #99) and hope to have a patch submitted today or tomorrow.
Thanks, --Spencer
On 08/28/2012 02:50 PM, Shawn Wells wrote:
On 8/28/12 2:17 PM, Spencer Shimko wrote:
The spec file was dropping things in /usr/local. Shift it to /usr/share/doc/scap-security-guide-<version>.
Update Requires and BuildRequires based on perusal of apps leveraged during build.
Signed-off-by: Spencer Shimko sshimko@tresys.com
scap-security-guide.spec | 15 +++++++++------ 1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 55e22a5..0867fb1 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -12,8 +12,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildArch: %{arch} -BuildRequires: /bin/rm, /bin/mkdir, /bin/cp -Requires: /bin/bash, /bin/date, /usr/bin/oscap +BuildRequires: coreutils, libxslt, expat, python +Requires: coreutils, openscap %description The scap-security-guide project provides security configuration guidance in @@ -28,13 +28,12 @@ requirements and specific implementation guidance. %build cd RHEL6 && make dist
%install rm -rf $RPM_BUILD_ROOT #make install DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/usr/local/%{name}/ +mkdir -p $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/ -cp -r RHEL6/dist/* $RPM_BUILD_ROOT/usr/local/%{name}/ +cp -r RHEL6/dist/* $RPM_BUILD_ROOT/%{_usr}/share/doc/%{name}-%{version}/ %clean @@ -43,10 +42,14 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(0644,root,root,0755) -%attr(0755,root,root) /usr/local/scap-security-guide/ +%attr(0755,root,root) %{_usr}/share/doc/%{name}-%{version}/ %changelog +* Tue Aug 28 2012 Spencer Shimko sshimko@tresys.com 1.0-4 +- Move away from using /usr/local for installation dir. +- Fix BuildRequires and Requires.
- Wed Jul 3 2012 Jeffrey Blank blank@eclipse.ncsc.mil 1.0-3
- Modified install section, made description more concise.
In preparing SSG for packaging into EPEL (and eventually RHEL), one of the fedora guys reviewed our RPM build and dropped suggestions on making everything FHS compliant. They recommended things be put into /usr/share/lib, but I agree that /usr/share/doc is sane given the nature of the content. Reference https://fedorahosted.org/scap-security-guide/ticket/107
Jamie - Care to weigh in? Will we get smacked around by the EPEL packaging guys by putting this in /usr/share/doc? _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide