[yocto] [PATCH 4/5] Bastille: accept and observe --os flag in multiple situations.
mulhern
mulhern at gmail.com
Sun Aug 25 18:17:11 PDT 2013
[YOCTO #3867]
Five additional patches which cause the --os flag to be accepted and observed
are added. An additional distro, Yocto, is added. The individual patches
are described below.
upgrade_options_processing.patch: Changes setOptions procedure so that it
accepts named parameters for greater flexibility and adjusts all invocations
accordingly. Uses more precise specifications in invocatiosn of
Getop::Long::GetOptions. Omits code associated with a commented out flag.
accept_os_flag_in_backend.patch: Accepts and observes an additional --os
flag in BastilleBackEnd.
allow_os_with_assess.patch: No longer print a usage message and quit if
--assess or its related flags are specified along with the --os flag.
edit_usage_message.patch: Edit usage message to include the specification of
an --os flag with the specification of an --assess flag.
organize_distro_discovery.patch: Separates inferring the distro from
specifying the distro. Adds a "Yocto" distro among the other Linux
distros. Causes the specified distro to override the inferred
distro with a warning message when they are different. Previously if
either the inferred distro or the specified distro was not among supported
distros Bastille would quit with an error.
Signed-off-by: mulhern <mulhern at yoctoproject.org>
---
recipes-security/bastille/bastille_3.2.1.bb | 5 +
.../bastille/files/accept_os_flag_in_backend.patch | 28 ++
.../bastille/files/allow_os_with_assess.patch | 37 ++
.../bastille/files/edit_usage_message.patch | 26 ++
.../bastille/files/organize_distro_discovery.patch | 470 ++++++++++++++++++++
.../files/upgrade_options_processing.patch | 85 ++++
6 files changed, 651 insertions(+)
create mode 100644 recipes-security/bastille/files/accept_os_flag_in_backend.patch
create mode 100644 recipes-security/bastille/files/allow_os_with_assess.patch
create mode 100644 recipes-security/bastille/files/edit_usage_message.patch
create mode 100644 recipes-security/bastille/files/organize_distro_discovery.patch
create mode 100644 recipes-security/bastille/files/upgrade_options_processing.patch
diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb
index c8d0103..8969f6b 100644
--- a/recipes-security/bastille/bastille_3.2.1.bb
+++ b/recipes-security/bastille/bastille_3.2.1.bb
@@ -24,6 +24,11 @@ SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3
file://remove_questions_text_file_references.patch \
file://simplify_B_place.patch \
file://find_existing_config.patch \
+ file://upgrade_options_processing.patch \
+ file://accept_os_flag_in_backend.patch \
+ file://allow_os_with_assess.patch \
+ file://edit_usage_message.patch \
+ file://organize_distro_discovery.patch \
"
SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b"
diff --git a/recipes-security/bastille/files/accept_os_flag_in_backend.patch b/recipes-security/bastille/files/accept_os_flag_in_backend.patch
new file mode 100644
index 0000000..ee6ef0f
--- /dev/null
+++ b/recipes-security/bastille/files/accept_os_flag_in_backend.patch
@@ -0,0 +1,28 @@
+Index: Bastille/BastilleBackEnd
+===================================================================
+--- Bastille.orig/BastilleBackEnd 2013-08-21 12:40:54.000000000 -0400
++++ Bastille/BastilleBackEnd 2013-08-21 12:43:21.895950001 -0400
+@@ -52,11 +52,13 @@
+ my $force = 0;
+ my $debug = 0;
+ my $alternate_config=undef;
++my $os_version=undef;
+
+ if( Getopt::Long::GetOptions( "n" => \$nodisclaim,
+ "v" => \$verbose,
+ "force" => \$force,
+ "f=s" => \$alternate_config,
++ "os=s" => \$os_version,
+ "debug" => \$debug) ) {
+ $error = 0; # no parse error
+
+@@ -66,7 +68,8 @@
+
+ &setOptions(
+ debug => $debug,
+- verbose => $verbose);
++ verbose => $verbose,
++ os => $os_version);
+ &ConfigureForDistro;
+
+ if ( $error ) { # GetOptions couldn't parse all of the args
diff --git a/recipes-security/bastille/files/allow_os_with_assess.patch b/recipes-security/bastille/files/allow_os_with_assess.patch
new file mode 100644
index 0000000..252d0a0
--- /dev/null
+++ b/recipes-security/bastille/files/allow_os_with_assess.patch
@@ -0,0 +1,37 @@
+Index: Bastille/bin/bastille
+===================================================================
+--- Bastille.orig/bin/bastille 2013-08-21 08:59:06.647950000 -0400
++++ Bastille/bin/bastille 2013-08-21 15:55:53.193631711 -0400
+@@ -195,7 +195,6 @@
+ systemFileLocations
+
+ isAssessing='no'
+-nonXArg='no'
+
+ if [ $PERL_V_MAJ -eq $MIN_V_MAJ -a $PERL_V_MIN -lt $MIN_V_MIN -o $PERL_V_MAJ -lt $MIN_V_MAJ ]; then # invalid Perl
+ printErr
+@@ -316,12 +315,10 @@
+ '--os')
+ options_left="$options_left --os"
+ optarg='yes'
+- nonXArg='yes'
+ ;;
+ '-f')
+ options_left="$options_left -f"
+ optarg='yes'
+- nonXArg='yes'
+ ;;
+ # Non-exclusive (undocumented and unsupported) options follow:
+ # There is no validity/combination checking done with these.
+@@ -345,11 +342,6 @@
+ fi
+ done
+
+-#Detect case where -f or --os attempted use with --assess
+- if [ \( x$nonXArg = xyes \) -a \( x$isAssessing = xyes \) ]; then
+- printUsage
+- exit 2
+- fi
+
+ # We have a valid version of perl! Verify that all the required
+ # modules can be found.
diff --git a/recipes-security/bastille/files/edit_usage_message.patch b/recipes-security/bastille/files/edit_usage_message.patch
new file mode 100644
index 0000000..1c2cae4
--- /dev/null
+++ b/recipes-security/bastille/files/edit_usage_message.patch
@@ -0,0 +1,26 @@
+Index: Bastille/bin/bastille
+===================================================================
+--- Bastille.orig/bin/bastille 2013-08-25 14:16:35.614779001 -0400
++++ Bastille/bin/bastille 2013-08-25 14:16:38.674779000 -0400
+@@ -60,7 +60,7 @@
+ printUsage () {
+ cat >&2 << EOF
+ $ERRSPACES Usage: bastille [ -b | -c | -x ] [ --os <version>] [ -f <alternate config> ]
+-$ERRSPACES bastille [-r | -l | -h | --assess | --assessnobrowser ]
++$ERRSPACES bastille [-r | -l | -h | --assess | --assessnobrowser ] [ --os <version> ]
+ $ERRSPACES -b : use a saved config file to apply changes
+ $ERRSPACES directly to system
+ $ERRSPACES -c : use the Curses (non-X11) GUI, not available on HP-UX
+Index: Bastille/Bastille/API.pm
+===================================================================
+--- Bastille.orig/Bastille/API.pm 2013-08-25 08:15:40.266779002 -0400
++++ Bastille/Bastille/API.pm 2013-08-25 14:18:22.750778811 -0400
+@@ -206,7 +206,7 @@
+ #options before interactive or Bastille runs, so this check is often redundant
+ $GLOBAL_ERROR{"usage"}="\n".
+ "$spc Usage: bastille [ -b | -c | -x ] [ --os <version> ] [ -f <alternate config> ]\n".
+- "$spc bastille [ -r | --assess | --assessnobowser ]\n\n".
++ "$spc bastille [ -r | --assess | --assessnobowser ] [ --os <version> ]\n\n".
+ "$spc --assess : check status of system and report in browser\n".
+ "$spc --assessnobrowser : check status of system and list report locations\n".
+ "$spc -b : use a saved config file to apply changes\n".
diff --git a/recipes-security/bastille/files/organize_distro_discovery.patch b/recipes-security/bastille/files/organize_distro_discovery.patch
new file mode 100644
index 0000000..a38bae4
--- /dev/null
+++ b/recipes-security/bastille/files/organize_distro_discovery.patch
@@ -0,0 +1,470 @@
+Index: Bastille/Bastille/API.pm
+===================================================================
+--- Bastille.orig/Bastille/API.pm 2013-08-22 04:32:38.269968002 -0400
++++ Bastille/Bastille/API.pm 2013-08-22 11:29:53.137968002 -0400
+@@ -141,7 +141,7 @@
+ checkProcsForService
+
+
+- $GLOBAL_OS $GLOBAL_ACTUAL_OS $CLI
++ $CLI
+ $GLOBAL_LOGONLY $GLOBAL_VERBOSE $GLOBAL_DEBUG $GLOBAL_AUDITONLY $GLOBAL_AUDIT_NO_BROWSER $errorFlag
+ %GLOBAL_BIN %GLOBAL_DIR %GLOBAL_FILE
+ %GLOBAL_BDIR %GLOBAL_BFILE
+@@ -198,7 +198,7 @@
+ my $err ="ERROR: ";
+ my $spc =" ";
+ my $GLOBAL_OS="None";
+-my $GLOBAL_ACTUAL_OS="None";
++my $GLOBAL_INFERRED_OS="None";
+ my %GLOBAL_SUMS=();
+ my $CLI='';
+
+@@ -306,7 +306,7 @@
+
+ ###########################################################################
+ #
+-# GetDistro checks to see if the target is a known distribution and reports
++# InferDistro checks to see if the target is a known distribution and reports
+ # said distribution.
+ #
+ # This is used throughout the script, but also by ConfigureForDistro.
+@@ -314,205 +314,194 @@
+ #
+ ###########################################################################
+
+-sub GetDistro() {
++sub InferDistro() {
+
+ my ($release,$distro);
+
+- # Only read files for the distro once.
+- # if the --os option was used then
+- if ($GLOBAL_OS eq "None") {
+- if ( -e "/etc/mandrake-release" ) {
+- open(MANDRAKE_RELEASE,"/etc/mandrake-release");
+- $release=<MANDRAKE_RELEASE>;
+-
+- if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) {
+- $distro="MN$1";
+- }
+- elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) {
+- $distro="MN$1";
+- }
+- else {
+- print STDERR "$err Couldn't determine Mandrake/Mandriva version! Setting to 10.1!\n";
+- $distro="MN10.1";
+- }
+-
+- close(MANDRAKE_RELEASE);
+- }
+- elsif ( -e "/etc/immunix-release" ) {
+- open(IMMUNIX_RELEASE,"/etc/immunix-release");
+- $release=<IMMUNIX_RELEASE>;
+- unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) {
+- print STDERR "$err Couldn't determine Immunix version! Setting to 6.2!\n";
+- $distro="RH6.2";
+- }
+- else {
+- $distro="RH$1";
+- }
+- close(*IMMUNIX_RELEASE);
+- }
+- elsif ( -e '/etc/fedora-release' ) {
+- open(FEDORA_RELEASE,'/etc/fedora-release');
+- $release=<FEDORA_RELEASE>;
+- close FEDORA_RELEASE;
+- if ($release =~ /^Fedora Core release (\d+\.?\d*)/) {
+- $distro = "RHFC$1";
+- }
+- elsif ($release =~ /^Fedora release (\d+\.?\d*)/) {
+- $distro = "RHFC$1";
+- }
+- else {
+- print STDERR "$err Could not determine Fedora version! Setting to Fedora Core 8\n";
+- $distro='RHFC8';
+- }
++ if ( -e "/etc/mandrake-release" ) {
++ open(MANDRAKE_RELEASE,"/etc/mandrake-release");
++ $release=<MANDRAKE_RELEASE>;
++
++ if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) {
++ $distro="MN$1";
++ }
++ elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) {
++ $distro="MN$1";
++ }
++ else {
++ print STDERR "$err Could not infer Mandrake/Mandriva version! Setting to 10.1!\n";
++ $distro="MN10.1";
++ }
++
++ close(MANDRAKE_RELEASE);
++ }
++ elsif ( -e "/etc/immunix-release" ) {
++ open(IMMUNIX_RELEASE,"/etc/immunix-release");
++ $release=<IMMUNIX_RELEASE>;
++ unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) {
++ print STDERR "$err Could not infer Immunix version! Setting to 6.2!\n";
++ $distro="RH6.2";
++ }
++ else {
++ $distro="RH$1";
+ }
+- elsif ( -e "/etc/redhat-release" ) {
+- open(*REDHAT_RELEASE,"/etc/redhat-release");
+- $release=<REDHAT_RELEASE>;
+- if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) {
+- $distro="RH$1";
+- }
+- elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) {
+- $distro="RHEL$1$2";
+- }
+- elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) {
+- $distro="RHEL$2$1";
++ close(*IMMUNIX_RELEASE);
++ }
++ elsif ( -e '/etc/fedora-release' ) {
++ open(FEDORA_RELEASE,'/etc/fedora-release');
++ $release=<FEDORA_RELEASE>;
++ close FEDORA_RELEASE;
++ if ($release =~ /^Fedora Core release (\d+\.?\d*)/) {
++ $distro = "RHFC$1";
++ }
++ elsif ($release =~ /^Fedora release (\d+\.?\d*)/) {
++ $distro = "RHFC$1";
++ }
++ else {
++ print STDERR "$err Could not infer Fedora version! Setting to Fedora Core 8\n";
++ $distro='RHFC8';
++ }
++ }
++ elsif ( -e "/etc/redhat-release" ) {
++ open(*REDHAT_RELEASE,"/etc/redhat-release");
++ $release=<REDHAT_RELEASE>;
++ if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) {
++ $distro="RH$1";
++ }
++ elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) {
++ $distro="RHEL$1$2";
++ }
++ elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) {
++ $distro="RHEL$2$1";
++ }
++ elsif ($release =~ /^CentOS release (\d+\.\d+)/) {
++ my $version = $1;
++ if ($version =~ /^4\./) {
++ $distro='RHEL4AS';
+ }
+- elsif ($release =~ /^CentOS release (\d+\.\d+)/) {
+- my $version = $1;
+- if ($version =~ /^4\./) {
+- $distro='RHEL4AS';
+- }
+- elsif ($version =~ /^3\./) {
+- $distro='RHEL3AS';
+- }
+- else {
+- print STDERR "$err Could not determine CentOS version! Setting to Red Hat Enterprise 4 AS.\n";
+- $distro='RHEL4AS';
+- }
+- }
+- else {
+- # JJB/HP - Should this be B_log?
+- print STDERR "$err Couldn't determine Red Hat version! Setting to 9!\n";
+- $distro="RH9";
+- }
+- close(REDHAT_RELEASE);
+-
+- }
+- elsif ( -e "/etc/debian_version" ) {
+- $stable="3.1"; #Change this when Debian stable changes
+- open(*DEBIAN_RELEASE,"/etc/debian_version");
+- $release=<DEBIAN_RELEASE>;
+- unless ($release =~ /^(\d+\.\d+\w*)/) {
+- print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n";
+- $distro="DB$stable";
++ elsif ($version =~ /^3\./) {
++ $distro='RHEL3AS';
+ }
+ else {
+- $distro="DB$1";
+- }
+- close(DEBIAN_RELEASE);
+- }
+- elsif ( -e "/etc/SuSE-release" ) {
+- open(*SUSE_RELEASE,"/etc/SuSE-release");
+- $release=<SUSE_RELEASE>;
+- if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) {
+- $distro="SE$1";
+- }
+- elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) {
+- $distro="SESLES$1";
+- }
+- elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) {
+- $distro="SESLES$1";
+- }
+- elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) {
+- $distro="SE$1";
++ print STDERR "$err Could not infer CentOS version! Setting to Red Hat Enterprise 4 AS.\n";
++ $distro='RHEL4AS';
+ }
+- else {
+- print STDERR "$err Couldn't determine SuSE version! Setting to 10.3!\n";
+- $distro="SE10.3";
+- }
+- close(SUSE_RELEASE);
+- }
+- elsif ( -e "/etc/turbolinux-release") {
+- open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release");
+- $release=<TURBOLINUX_RELEASE>;
+- unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) {
+- print STDERR "$err Couldn't determine TurboLinux version! Setting to 7.0!\n";
+- $distro="TB7.0";
+- }
+- else {
+- $distro="TB$1";
+- }
+- close(TURBOLINUX_RELEASE);
++ }
++ else {
++ # JJB/HP - Should this be B_log?
++ print STDERR "$err Could not infer Red Hat version! Setting to 9!\n";
++ $distro="RH9";
++ }
++ close(REDHAT_RELEASE);
++
++ }
++ elsif ( -e "/etc/debian_version" ) {
++ $stable="3.1"; #Change this when Debian stable changes
++ open(*DEBIAN_RELEASE,"/etc/debian_version");
++ $release=<DEBIAN_RELEASE>;
++ unless ($release =~ /^(\d+\.\d+\w*)/) {
++ print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n";
++ $distro="DB$stable";
++ }
++ else {
++ $distro="DB$1";
++ }
++ close(DEBIAN_RELEASE);
++ }
++ elsif ( -e "/etc/SuSE-release" ) {
++ open(*SUSE_RELEASE,"/etc/SuSE-release");
++ $release=<SUSE_RELEASE>;
++ if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) {
++ $distro="SE$1";
++ }
++ elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) {
++ $distro="SESLES$1";
++ }
++ elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) {
++ $distro="SESLES$1";
++ }
++ elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) {
++ $distro="SE$1";
++ }
++ else {
++ print STDERR "$err Could not infer SuSE version! Setting to 10.3!\n";
++ $distro="SE10.3";
+ }
++ close(SUSE_RELEASE);
++ }
++ elsif ( -e "/etc/turbolinux-release") {
++ open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release");
++ $release=<TURBOLINUX_RELEASE>;
++ unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) {
++ print STDERR "$err Could not infer TurboLinux version! Setting to 7.0!\n";
++ $distro="TB7.0";
++ }
+ else {
+- # We're either on Mac OS X, HP-UX or an unsupported O/S.
+- if ( -x '/usr/bin/uname') {
++ $distro="TB$1";
++ }
++ close(TURBOLINUX_RELEASE);
++ }
++ else {
++ # We're either on Mac OS X, HP-UX or an unsupported O/S.
++ if ( -x '/usr/bin/uname') {
+ # uname is in /usr/bin on Mac OS X and HP-UX
+- $release=`/usr/bin/uname -sr`;
+- }
+- else {
+- print STDERR "$err Could not determine operating system version!\n";
+- $distro="unknown"
+- }
+-
+- # Figure out what kind of system we're on.
+- if ($release ne "") {
+- if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) {
+- if ($1 == 6 ) {
+- $distro = "OSX10.2";
+- }
+- elsif ($1 == 7) {
+- $distro = "OSX10.3";
+- }
+- elsif ($1 == 8) {
+- $distro = "OSX10.3";
+- }
+- else {
+- $distro = "unknown";
+- }
++ $release=`/usr/bin/uname -sr`;
++ }
++ else {
++ print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n";
++ $distro="unknown";
++ }
++
++ # Figure out what kind of system we're on.
++ if ($release ne "") {
++ if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) {
++ if ($1 == 6 ) {
++ $distro = "OSX10.2";
+ }
+- elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) {
+- $distro="$1$2";
++ elsif ($1 == 7) {
++ $distro = "OSX10.3";
+ }
++ elsif ($1 == 8) {
++ $distro = "OSX10.3";
++ }
+ else {
+- print STDERR "$err Could not determine operating system version!\n";
+- $distro="unknown";
++ print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n";
++ $distro = "unknown";
+ }
+ }
++ elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) {
++ $distro="$1$2";
++ }
++ else {
++ print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n";
++ $distro="unknown";
++ }
+ }
+-
+- $GLOBAL_OS=$distro;
+- } elsif (not (defined $GLOBAL_OS)) {
+- print "ERROR: GLOBAL OS Scoping Issue\n";
+- } else {
+- $distro = $GLOBAL_OS;
+ }
+-
+ return $distro;
+ }
+
+ ###################################################################################
+-# &getActualDistro; #
++# &getInferredDistro; #
+ # #
+ # This subroutine returns the actual os version in which is running on. This #
+ # os version is independent of the --os switch feed to bastille. #
+ # #
+ ###################################################################################
+-sub getActualDistro {
+- # set local variable to $GLOBAL_OS
++sub getInferredDistro {
++ if ($GLOBAL_INFERRED_OS eq "None") {
++ $GLOBAL_INFERRED_OS = &InferDistro;
++ }
++ return $GLOBAL_INFERRED_OS;
++}
+
+- if ($GLOBAL_ACTUAL_OS eq "None") {
+- my $os = $GLOBAL_OS;
+- # undef GLOBAL_OS so that the GetDistro routine will return
+- # the actualDistro, it might otherwise return the distro set
+- # by the --os switch.
+- $GLOBAL_OS = "None";
+- $GLOBAL_ACTUAL_OS = &GetDistro;
+- # reset the GLOBAL_OS variable
+- $GLOBAL_OS = $os;
++sub GetDistro {
++ if ($GLOBAL_OS eq "None") {
++ return &getInferredDistro;
+ }
+- return $GLOBAL_ACTUAL_OS;
++ return $GLOBAL_OS;
+ }
++
+ # These are helper routines which used to be included inside GetDistro
+ sub is_OS_supported($) {
+ my $os=$_[0];
+@@ -556,7 +545,8 @@
+ "SE7.2","SE7.3", "SE8.0","SE8.1","SE9.0","SE9.1",
+ "SE9.2","SE9.3","SE10.0","SE10.1","SE10.2","SE10.3",
+ "SESLES8","SESLES9","SESLES10",
+- "TB7.0"
++ "TB7.0",
++ "Yocto"
+ ],
+
+ "HP-UX" => [
+@@ -882,23 +872,19 @@
+ ###########################################################################
+ sub ConfigureForDistro {
+
+- my $retval=1;
+-
+- # checking to see if the os version given is in fact supported
+ my $distro = &GetDistro;
+
+- # checking to see if the actual os version is in fact supported
+- my $actualDistro = &getActualDistro;
++ my $inferredDistro = &getInferredDistro;
++
++ if (! ($inferredDistro eq $distro) ) {
++ print STDERR "WARNING: Inferred distro $inferredDistro is not the same as specified distro $distro. Using specified distro.\n";
++ }
++
+ $ENV{'LOCALE'}=''; # So that test cases checking for english results work ok.
+- if ((! &is_OS_supported($distro)) or (! &is_OS_supported($actualDistro)) ) {
+- # if either is not supported then print out a list of supported versions
+- if (! &is_OS_supported($distro)) {
+- print STDERR "$err '$distro' is not a supported operating system.\n";
+- }
+- else {
+- print STDERR "$err Bastille is unable to operate correctly on this\n";
+- print STDERR "$spc $distro operating system.\n";
+- }
++
++ if (! &is_OS_supported($distro)) {
++ print STDERR "$err '$distro' is not a supported operating system.\n";
++
+ my %supportedOSHash = &getSupportedOSHash;
+ print STDERR "$spc Valid operating system versions are as follows:\n";
+
+@@ -930,7 +916,7 @@
+ # intend via setting the Perl umask
+ umask(077);
+
+- &getFileAndServiceInfo($distro,$actualDistro);
++ &getFileAndServiceInfo($distro,$distro);
+
+ # &dumpFileInfo; # great for debuging file location issues
+ # &dumpServiceInfo; # great for debuging service information issues
+@@ -942,7 +928,7 @@
+ "$spc You must use Bastille\'s -n flag (for example:\n" .
+ "$spc bastille -f -n) or \'touch $nodisclaim_file \'\n";
+
+- return $retval;
++ return 1;
+ }
+
+
+Index: Bastille/Bastille/LogAPI.pm
+===================================================================
+--- Bastille.orig/Bastille/LogAPI.pm 2013-08-22 04:32:38.269968002 -0400
++++ Bastille/Bastille/LogAPI.pm 2013-08-22 04:32:47.509968002 -0400
+@@ -111,7 +111,7 @@
+ # do this here to prevent bootstrapping problem, where we need to
+ # write an error that the errorlog location isn't defined.
+ my $logdir="/var/log/Bastille";
+- if(&getActualDistro =~ "^HP-UX"){
++ if(&getInferredDistro =~ "^HP-UX"){
+ $logdir = "/var/opt/sec_mgmt/bastille/log/";
+ }
+
diff --git a/recipes-security/bastille/files/upgrade_options_processing.patch b/recipes-security/bastille/files/upgrade_options_processing.patch
new file mode 100644
index 0000000..5889a57
--- /dev/null
+++ b/recipes-security/bastille/files/upgrade_options_processing.patch
@@ -0,0 +1,85 @@
+Index: Bastille/Bastille/API.pm
+===================================================================
+--- Bastille.orig/Bastille/API.pm 2013-08-21 11:41:09.235950000 -0400
++++ Bastille/Bastille/API.pm 2013-08-21 11:41:16.183950000 -0400
+@@ -271,9 +271,15 @@
+ # setOptions takes six arguments, $GLOBAL_DEBUG, $GLOBAL_LOGONLY,
+ # $GLOBAL_VERBOSE, $GLOBAL_AUDITONLY, $GLOBAL_AUDIT_NO_BROWSER, and GLOBAL_OS;
+ ###########################################################################
+-sub setOptions($$$$$$) {
+- ($GLOBAL_DEBUG,$GLOBAL_LOGONLY,$GLOBAL_VERBOSE,$GLOBAL_AUDITONLY,
+- $GLOBAL_AUDIT_NO_BROWSER,$GLOBAL_OS) = @_;
++sub setOptions {
++ my %opts = @_;
++
++ $GLOBAL_DEBUG = $opts{debug};
++ $GLOBAL_LOGONLY = $opts{logonly};
++ $GLOBAL_VERBOSE = $opts{verbose};
++ $GLOBAL_AUDITONLY = $opts{auditonly};
++ $GLOBAL_AUDIT_NO_BROWSER = $opts{audit_no_browser};
++ $GLOBAL_OS = $opts{os};
+ if ($GLOBAL_AUDIT_NO_BROWSER) {
+ $GLOBAL_AUDITONLY = 1;
+ }
+Index: Bastille/BastilleBackEnd
+===================================================================
+--- Bastille.orig/BastilleBackEnd 2013-08-21 11:41:09.235950000 -0400
++++ Bastille/BastilleBackEnd 2013-08-21 12:40:54.055950001 -0400
+@@ -50,15 +50,13 @@
+ my $nodisclaim = 0;
+ my $verbose = 0;
+ my $force = 0;
+-my $log_only = 0;
+ my $debug = 0;
+ my $alternate_config=undef;
+
+ if( Getopt::Long::GetOptions( "n" => \$nodisclaim,
+ "v" => \$verbose,
+ "force" => \$force,
+-# "log" => \$log_only, # broken
+- "f:s" => \$alternate_config,
++ "f=s" => \$alternate_config,
+ "debug" => \$debug) ) {
+ $error = 0; # no parse error
+
+@@ -66,7 +64,9 @@
+ $error = 1; # parse error
+ }
+
+-&setOptions($debug,$log_only,$verbose);
++&setOptions(
++ debug => $debug,
++ verbose => $verbose);
+ &ConfigureForDistro;
+
+ if ( $error ) { # GetOptions couldn't parse all of the args
+Index: Bastille/InteractiveBastille
+===================================================================
+--- Bastille.orig/InteractiveBastille 2013-08-21 11:41:09.235950000 -0400
++++ Bastille/InteractiveBastille 2013-08-21 12:40:30.531950001 -0400
+@@ -234,8 +234,8 @@
+ "a" => \$audit,
+ "force" => \$force,
+ "log" => \$log_only,
+- "os:s" => \$os_version,
+- "f:s" => \$alternate_config,
++ "os=s" => \$os_version,
++ "f=s" => \$alternate_config,
+ "debug" => \$debug) ) {
+ $error = 0; # no parse error
+ } else {
+@@ -293,7 +293,13 @@
+ $UseRequiresRules = 'N';
+ }
+
+-&setOptions($debug,$log_only,$verbose,$audit,$auditnobrowser,$os_version);
++&setOptions(
++ debug => $debug,
++ logonly => $log_only,
++ verbose => $verbose,
++ auditonly => $audit,
++ audit_no_browser => $auditnobrowser,
++ os => $os_version);
+ &ConfigureForDistro;
+
+ # ensuring mutually exclusive options are exclusive
--
1.7.10.4
More information about the yocto
mailing list