[yocto] [PATCH 4/6] Bastille: accept and observe --os flag in multiple situations.

mulhern mulhern at gmail.com
Tue Aug 27 15:14:03 PDT 2013


[YOCTO #3867]

Five additional patches which cause the --os flag to be accepted and observed
are added. An additional distro, Yocto, is added. The individual patches
are described below.

upgrade_options_processing.patch: Changes setOptions procedure so that it
accepts named parameters for greater flexibility and adjusts all invocations
accordingly. Uses more precise specifications in invocatiosn of
Getop::Long::GetOptions. Omits code associated with a commented out flag.

accept_os_flag_in_backend.patch: Accepts and observes an additional --os
flag in BastilleBackEnd.

allow_os_with_assess.patch: No longer print a usage message and quit if
--assess or its related flags are specified along with the --os flag.

edit_usage_message.patch: Edit usage message to include the specification of
an --os flag with the specification of an --assess flag.

organize_distro_discovery.patch: Separates inferring the distro from
specifying the distro. Adds a "Yocto" distro among the other Linux
distros. Causes the specified distro to override the inferred
distro with a warning message when they are different. Previously if
either the inferred distro or the specified distro was not among supported
distros Bastille would quit with an error.

Signed-off-by: mulhern <mulhern at yoctoproject.org>
---
 recipes-security/bastille/bastille_3.2.1.bb        |    5 +
 .../bastille/files/accept_os_flag_in_backend.patch |   28 ++
 .../bastille/files/allow_os_with_assess.patch      |   37 ++
 .../bastille/files/edit_usage_message.patch        |   26 ++
 .../bastille/files/organize_distro_discovery.patch |  470 ++++++++++++++++++++
 .../files/upgrade_options_processing.patch         |   85 ++++
 6 files changed, 651 insertions(+)
 create mode 100644 recipes-security/bastille/files/accept_os_flag_in_backend.patch
 create mode 100644 recipes-security/bastille/files/allow_os_with_assess.patch
 create mode 100644 recipes-security/bastille/files/edit_usage_message.patch
 create mode 100644 recipes-security/bastille/files/organize_distro_discovery.patch
 create mode 100644 recipes-security/bastille/files/upgrade_options_processing.patch

diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb
index c8d0103..8969f6b 100644
--- a/recipes-security/bastille/bastille_3.2.1.bb
+++ b/recipes-security/bastille/bastille_3.2.1.bb
@@ -24,6 +24,11 @@ SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3
            file://remove_questions_text_file_references.patch \
            file://simplify_B_place.patch \
            file://find_existing_config.patch \
+           file://upgrade_options_processing.patch \
+           file://accept_os_flag_in_backend.patch \
+           file://allow_os_with_assess.patch \
+           file://edit_usage_message.patch \
+           file://organize_distro_discovery.patch \
            "
 
 SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b"
diff --git a/recipes-security/bastille/files/accept_os_flag_in_backend.patch b/recipes-security/bastille/files/accept_os_flag_in_backend.patch
new file mode 100644
index 0000000..ee6ef0f
--- /dev/null
+++ b/recipes-security/bastille/files/accept_os_flag_in_backend.patch
@@ -0,0 +1,28 @@
+Index: Bastille/BastilleBackEnd
+===================================================================
+--- Bastille.orig/BastilleBackEnd	2013-08-21 12:40:54.000000000 -0400
++++ Bastille/BastilleBackEnd	2013-08-21 12:43:21.895950001 -0400
+@@ -52,11 +52,13 @@
+ my $force = 0;
+ my $debug = 0;
+ my $alternate_config=undef;
++my $os_version=undef;
+ 
+ if( Getopt::Long::GetOptions( "n"     => \$nodisclaim,
+                               "v"     => \$verbose,
+                               "force" => \$force,
+ 			      "f=s"   => \$alternate_config,
++                              "os=s"  => \$os_version,
+ 			      "debug" => \$debug) ) {
+     $error = 0; # no parse error
+ 
+@@ -66,7 +68,8 @@
+ 
+ &setOptions(
+   debug => $debug,
+-  verbose => $verbose);
++  verbose => $verbose,
++  os => $os_version);
+ &ConfigureForDistro;
+ 
+ if ( $error ) { # GetOptions couldn't parse all of the args
diff --git a/recipes-security/bastille/files/allow_os_with_assess.patch b/recipes-security/bastille/files/allow_os_with_assess.patch
new file mode 100644
index 0000000..252d0a0
--- /dev/null
+++ b/recipes-security/bastille/files/allow_os_with_assess.patch
@@ -0,0 +1,37 @@
+Index: Bastille/bin/bastille
+===================================================================
+--- Bastille.orig/bin/bastille	2013-08-21 08:59:06.647950000 -0400
++++ Bastille/bin/bastille	2013-08-21 15:55:53.193631711 -0400
+@@ -195,7 +195,6 @@
+ systemFileLocations
+ 
+ isAssessing='no'
+-nonXArg='no'
+ 
+ if [ $PERL_V_MAJ -eq $MIN_V_MAJ  -a  $PERL_V_MIN -lt $MIN_V_MIN -o $PERL_V_MAJ -lt  $MIN_V_MAJ ]; then # invalid Perl
+     printErr
+@@ -316,12 +315,10 @@
+ 	  '--os')
+ 	      options_left="$options_left --os"
+               optarg='yes'
+-              nonXArg='yes'
+ 	      ;;
+           '-f')
+               options_left="$options_left -f"
+               optarg='yes'
+-              nonXArg='yes'
+               ;;
+ #  Non-exclusive (undocumented and unsupported) options follow:
+ #  There is no validity/combination checking done with these.
+@@ -345,11 +342,6 @@
+       fi
+     done
+ 
+-#Detect case where -f or --os attempted use with --assess
+-    if [ \( x$nonXArg = xyes \) -a  \( x$isAssessing = xyes \) ]; then
+-      printUsage
+-      exit 2
+-    fi
+ 
+ # We have a valid version of perl! Verify that all the required
+ # modules can be found.
diff --git a/recipes-security/bastille/files/edit_usage_message.patch b/recipes-security/bastille/files/edit_usage_message.patch
new file mode 100644
index 0000000..1c2cae4
--- /dev/null
+++ b/recipes-security/bastille/files/edit_usage_message.patch
@@ -0,0 +1,26 @@
+Index: Bastille/bin/bastille
+===================================================================
+--- Bastille.orig/bin/bastille	2013-08-25 14:16:35.614779001 -0400
++++ Bastille/bin/bastille	2013-08-25 14:16:38.674779000 -0400
+@@ -60,7 +60,7 @@
+ printUsage () {
+   cat >&2 << EOF
+ $ERRSPACES Usage: bastille [ -b  | -c | -x ] [ --os <version>] [ -f <alternate config> ]
+-$ERRSPACES        bastille [-r | -l | -h | --assess | --assessnobrowser ]
++$ERRSPACES        bastille [-r | -l | -h | --assess | --assessnobrowser ] [ --os <version> ]
+ $ERRSPACES -b : use a saved config file to apply changes
+ $ERRSPACES      directly to system
+ $ERRSPACES -c : use the Curses (non-X11) GUI, not available on HP-UX
+Index: Bastille/Bastille/API.pm
+===================================================================
+--- Bastille.orig/Bastille/API.pm	2013-08-25 08:15:40.266779002 -0400
++++ Bastille/Bastille/API.pm	2013-08-25 14:18:22.750778811 -0400
+@@ -206,7 +206,7 @@
+ #options before interactive or Bastille runs, so this check is often redundant
+ $GLOBAL_ERROR{"usage"}="\n".
+     "$spc Usage: bastille [ -b | -c | -x ] [ --os <version> ] [ -f <alternate config> ]\n".
+-    "$spc        bastille [ -r | --assess | --assessnobowser ]\n\n".
++    "$spc        bastille [ -r | --assess | --assessnobowser ] [ --os <version> ]\n\n".
+     "$spc --assess : check status of system and report in browser\n".
+     "$spc --assessnobrowser : check status of system and list report locations\n".
+     "$spc -b : use a saved config file to apply changes\n".
diff --git a/recipes-security/bastille/files/organize_distro_discovery.patch b/recipes-security/bastille/files/organize_distro_discovery.patch
new file mode 100644
index 0000000..a38bae4
--- /dev/null
+++ b/recipes-security/bastille/files/organize_distro_discovery.patch
@@ -0,0 +1,470 @@
+Index: Bastille/Bastille/API.pm
+===================================================================
+--- Bastille.orig/Bastille/API.pm	2013-08-22 04:32:38.269968002 -0400
++++ Bastille/Bastille/API.pm	2013-08-22 11:29:53.137968002 -0400
+@@ -141,7 +141,7 @@
+     checkProcsForService
+     
+     
+-    $GLOBAL_OS $GLOBAL_ACTUAL_OS $CLI
++    $CLI
+     $GLOBAL_LOGONLY $GLOBAL_VERBOSE $GLOBAL_DEBUG $GLOBAL_AUDITONLY $GLOBAL_AUDIT_NO_BROWSER $errorFlag
+     %GLOBAL_BIN %GLOBAL_DIR %GLOBAL_FILE
+     %GLOBAL_BDIR %GLOBAL_BFILE
+@@ -198,7 +198,7 @@
+ my $err ="ERROR:  ";
+ my $spc ="        ";
+ my $GLOBAL_OS="None";
+-my $GLOBAL_ACTUAL_OS="None";
++my $GLOBAL_INFERRED_OS="None";
+ my %GLOBAL_SUMS=();
+ my $CLI='';
+ 
+@@ -306,7 +306,7 @@
+ 
+ ###########################################################################
+ #
+-# GetDistro checks to see if the target is a known distribution and reports
++# InferDistro checks to see if the target is a known distribution and reports
+ # said distribution.
+ #
+ # This is used throughout the script, but also by ConfigureForDistro.
+@@ -314,205 +314,194 @@
+ #
+ ###########################################################################
+ 
+-sub GetDistro() {
++sub InferDistro() {
+ 
+     my ($release,$distro);
+ 
+-    # Only read files for the distro once.
+-    # if the --os option was used then
+-    if ($GLOBAL_OS eq "None") {
+-	if ( -e "/etc/mandrake-release" ) {
+-	    open(MANDRAKE_RELEASE,"/etc/mandrake-release");
+-	    $release=<MANDRAKE_RELEASE>;
+-
+-	    if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) {
+-		$distro="MN$1";
+-	    }
+-	    elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) {
+-                $distro="MN$1";
+-            }
+-            else {
+-		print STDERR "$err Couldn't determine Mandrake/Mandriva version! Setting to 10.1!\n";
+-		$distro="MN10.1";
+-	    }
+-
+-	    close(MANDRAKE_RELEASE);
+-	}
+-	elsif ( -e "/etc/immunix-release" ) {
+-	    open(IMMUNIX_RELEASE,"/etc/immunix-release");
+-	    $release=<IMMUNIX_RELEASE>;
+-	    unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) {
+-		print STDERR "$err Couldn't determine Immunix version! Setting to 6.2!\n";
+-		$distro="RH6.2";
+-	    }
+-	    else {
+-		$distro="RH$1";
+-	    }
+-	    close(*IMMUNIX_RELEASE);
+-	}
+-	elsif ( -e '/etc/fedora-release' ) {
+-            open(FEDORA_RELEASE,'/etc/fedora-release');
+-            $release=<FEDORA_RELEASE>;
+-            close FEDORA_RELEASE;
+-            if ($release =~ /^Fedora Core release (\d+\.?\d*)/) {
+-                $distro = "RHFC$1";
+-            }
+-	    elsif ($release =~ /^Fedora release (\d+\.?\d*)/) {
+-                $distro = "RHFC$1";
+-            } 
+-            else {
+-                print STDERR "$err Could not determine Fedora version! Setting to Fedora Core 8\n";
+-                $distro='RHFC8';
+-            }
++    if ( -e "/etc/mandrake-release" ) {
++        open(MANDRAKE_RELEASE,"/etc/mandrake-release");
++        $release=<MANDRAKE_RELEASE>;
++
++        if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) {
++	    $distro="MN$1";
++	}
++	elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) {
++            $distro="MN$1";
++        }
++        else {
++            print STDERR "$err Could not infer Mandrake/Mandriva version! Setting to 10.1!\n";
++	    $distro="MN10.1";
++	}
++
++        close(MANDRAKE_RELEASE);
++    }
++    elsif ( -e "/etc/immunix-release" ) {
++        open(IMMUNIX_RELEASE,"/etc/immunix-release");
++        $release=<IMMUNIX_RELEASE>;
++        unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) {
++            print STDERR "$err Could not infer Immunix version! Setting to 6.2!\n";
++	    $distro="RH6.2";
++        }
++	else {
++	    $distro="RH$1";
+ 	}
+-	elsif ( -e "/etc/redhat-release" ) {
+-	    open(*REDHAT_RELEASE,"/etc/redhat-release");
+-	    $release=<REDHAT_RELEASE>;
+-	    if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) {
+-		$distro="RH$1";
+-	    }
+-            elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) {
+-                $distro="RHEL$1$2";
+-            }
+-	    elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) {
+-		$distro="RHEL$2$1";
++	close(*IMMUNIX_RELEASE);
++    }
++    elsif ( -e '/etc/fedora-release' ) {
++        open(FEDORA_RELEASE,'/etc/fedora-release');
++        $release=<FEDORA_RELEASE>;
++        close FEDORA_RELEASE;
++        if ($release =~ /^Fedora Core release (\d+\.?\d*)/) {
++            $distro = "RHFC$1";
++        }
++	elsif ($release =~ /^Fedora release (\d+\.?\d*)/) {
++            $distro = "RHFC$1";
++        }
++        else {
++            print STDERR "$err Could not infer Fedora version! Setting to Fedora Core 8\n";
++            $distro='RHFC8';
++        }
++    }
++    elsif ( -e "/etc/redhat-release" ) {
++        open(*REDHAT_RELEASE,"/etc/redhat-release");
++        $release=<REDHAT_RELEASE>;
++        if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) {
++	    $distro="RH$1";
++	}
++        elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) {
++            $distro="RHEL$1$2";
++        }
++	elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) {
++	    $distro="RHEL$2$1";
++	}
++	elsif ($release =~ /^CentOS release (\d+\.\d+)/) {
++	    my $version = $1;
++	    if ($version =~ /^4\./) {
++	        $distro='RHEL4AS';
+ 	    }
+-	    elsif ($release =~ /^CentOS release (\d+\.\d+)/) {
+-		my $version = $1;
+-		if ($version =~ /^4\./) {
+-		    $distro='RHEL4AS';
+-		}
+-		elsif ($version =~ /^3\./) {
+-		    $distro='RHEL3AS';
+-		}
+-		else {
+-		    print STDERR "$err Could not determine CentOS version! Setting to Red Hat Enterprise 4 AS.\n";
+-		    $distro='RHEL4AS';
+-                 }
+-	    }
+- 	    else {
+-		# JJB/HP - Should this be B_log?
+-		print STDERR "$err Couldn't determine Red Hat version! Setting to 9!\n";
+-		$distro="RH9";
+-	    }
+-	    close(REDHAT_RELEASE);
+-
+-	}
+-	elsif ( -e "/etc/debian_version" ) {
+-	    $stable="3.1"; #Change this when Debian stable changes
+-	    open(*DEBIAN_RELEASE,"/etc/debian_version");
+-	    $release=<DEBIAN_RELEASE>;
+-	    unless ($release =~ /^(\d+\.\d+\w*)/) {
+-		print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n";
+-		$distro="DB$stable";
++	    elsif ($version =~ /^3\./) {
++	        $distro='RHEL3AS';
+ 	    }
+ 	    else {
+-		$distro="DB$1";
+-	    }
+-	    close(DEBIAN_RELEASE);
+-	}
+-	elsif ( -e "/etc/SuSE-release" ) {
+-	    open(*SUSE_RELEASE,"/etc/SuSE-release");
+-	    $release=<SUSE_RELEASE>;
+-	    if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) {
+-		$distro="SE$1";
+-	    }
+-	    elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) {
+-		$distro="SESLES$1";
+-	    }
+-	    elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) {
+-		$distro="SESLES$1";
+-	    }
+-            elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) {
+-                $distro="SE$1";
++	        print STDERR "$err Could not infer CentOS version! Setting to Red Hat Enterprise 4 AS.\n";
++	        $distro='RHEL4AS';
+             }
+-	    else {
+-		print STDERR "$err Couldn't determine SuSE version! Setting to 10.3!\n";
+-		$distro="SE10.3";
+-	    }
+-	    close(SUSE_RELEASE);
+-	}
+-	elsif ( -e "/etc/turbolinux-release") {
+-	    open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release");
+-	    $release=<TURBOLINUX_RELEASE>;
+-	    unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) {
+-		print STDERR "$err Couldn't determine TurboLinux version! Setting to 7.0!\n";
+-		$distro="TB7.0";
+-	    }
+-	    else {
+-		$distro="TB$1";
+-	    }
+-	    close(TURBOLINUX_RELEASE);
++        }
++ 	else {
++	    # JJB/HP - Should this be B_log?
++	    print STDERR "$err Could not infer Red Hat version! Setting to 9!\n";
++	    $distro="RH9";
++	}
++	close(REDHAT_RELEASE);
++
++    }
++    elsif ( -e "/etc/debian_version" ) {
++        $stable="3.1"; #Change this when Debian stable changes
++        open(*DEBIAN_RELEASE,"/etc/debian_version");
++        $release=<DEBIAN_RELEASE>;
++        unless ($release =~ /^(\d+\.\d+\w*)/) {
++  	    print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n";
++	    $distro="DB$stable";
++        }
++        else {
++	    $distro="DB$1";
++	}
++	close(DEBIAN_RELEASE);
++    }
++    elsif ( -e "/etc/SuSE-release" ) {
++        open(*SUSE_RELEASE,"/etc/SuSE-release");
++        $release=<SUSE_RELEASE>;
++        if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) {
++	    $distro="SE$1";
++        }
++        elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) {
++	    $distro="SESLES$1";
++        }
++	elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) {
++	    $distro="SESLES$1";
++	}
++        elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) {
++            $distro="SE$1";
++        }
++	else {
++	    print STDERR "$err Could not infer SuSE version! Setting to 10.3!\n";
++	    $distro="SE10.3";
+ 	}
++	close(SUSE_RELEASE);
++    }
++    elsif ( -e "/etc/turbolinux-release") {
++        open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release");
++        $release=<TURBOLINUX_RELEASE>;
++        unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) {
++	    print STDERR "$err Could not infer TurboLinux version! Setting to 7.0!\n";
++	    $distro="TB7.0";
++        }
+ 	else {
+-	    # We're either on Mac OS X, HP-UX or an unsupported O/S.
+-            if ( -x '/usr/bin/uname') {
++	    $distro="TB$1";
++	}
++	close(TURBOLINUX_RELEASE);
++    }
++    else {
++        # We're either on Mac OS X, HP-UX or an unsupported O/S.
++        if ( -x '/usr/bin/uname') {
+ 		# uname is in /usr/bin on Mac OS X and HP-UX
+-		$release=`/usr/bin/uname -sr`;
+-	    }
+-	    else {
+-                print STDERR "$err Could not determine operating system version!\n";
+-		$distro="unknown"
+-            }
+-
+-	    # Figure out what kind of system we're on.
+-	    if ($release ne "") {
+-		if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) {
+-		    if ($1 == 6 ) {
+-			$distro = "OSX10.2";
+-		    }
+-		    elsif ($1 == 7) {
+-			$distro = "OSX10.3";
+-		    }
+-                    elsif ($1 == 8) {
+-                        $distro = "OSX10.3";
+-                    }
+-		    else {
+-		        $distro = "unknown";
+-		    }
++	    $release=`/usr/bin/uname -sr`;
++	}
++	else {
++            print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n";
++	    $distro="unknown";
++        }
++
++	# Figure out what kind of system we're on.
++	if ($release ne "") {
++	    if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) {
++	        if ($1 == 6 ) {
++		    $distro = "OSX10.2";
+ 		}
+-	        elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) {
+-		   $distro="$1$2";
++		elsif ($1 == 7) {
++		    $distro = "OSX10.3";
+ 		}
++                elsif ($1 == 8) {
++                    $distro = "OSX10.3";
++                }
+ 		else {
+-		   print STDERR "$err Could not determine operating system version!\n";
+-	           $distro="unknown";
++                    print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n";
++		    $distro = "unknown";
+ 		}
+ 	    }
++	    elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) {
++	        $distro="$1$2";
++	    }
++	    else {
++                print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n";
++	        $distro="unknown";
++	    }
+ 	}
+-
+-	$GLOBAL_OS=$distro;
+-    } elsif (not (defined $GLOBAL_OS)) {
+-        print "ERROR: GLOBAL OS Scoping Issue\n";
+-    } else {
+-        $distro = $GLOBAL_OS;
+     }
+-
+     return $distro;
+ }
+ 
+ ###################################################################################
+-#   &getActualDistro;                                                             #
++#   &getInferredDistro;                                                             #
+ #                                                                                 #
+ #    This subroutine returns the actual os version in which is running on.  This  #
+ #    os version is independent of the --os switch feed to bastille.               #
+ #                                                                                 #
+ ###################################################################################
+-sub getActualDistro {
+-    # set local variable to $GLOBAL_OS
++sub getInferredDistro {
++    if ($GLOBAL_INFERRED_OS eq "None") {
++        $GLOBAL_INFERRED_OS = &InferDistro;
++    }
++    return $GLOBAL_INFERRED_OS;
++}
+ 
+-    if ($GLOBAL_ACTUAL_OS eq "None") {
+-        my $os = $GLOBAL_OS;
+-        # undef GLOBAL_OS so that the GetDistro routine will return
+-        # the actualDistro, it might otherwise return the distro set
+-        # by the --os switch.
+-        $GLOBAL_OS = "None";
+-        $GLOBAL_ACTUAL_OS = &GetDistro;
+-        # reset the GLOBAL_OS variable
+-        $GLOBAL_OS = $os;
++sub GetDistro {
++    if ($GLOBAL_OS eq "None") {
++        return &getInferredDistro;
+     }
+-    return $GLOBAL_ACTUAL_OS;
++    return $GLOBAL_OS;
+ }
++
+ # These are helper routines which used to be included inside GetDistro
+ sub is_OS_supported($) {
+    my $os=$_[0];
+@@ -556,7 +545,8 @@
+ 			      "SE7.2","SE7.3", "SE8.0","SE8.1","SE9.0","SE9.1",
+ 			      "SE9.2","SE9.3","SE10.0","SE10.1","SE10.2","SE10.3",
+ 			      "SESLES8","SESLES9","SESLES10",
+-			      "TB7.0"
++			      "TB7.0",
++                              "Yocto"
+ 			      ],
+ 
+ 		  "HP-UX" => [
+@@ -882,23 +872,19 @@
+ ###########################################################################
+ sub ConfigureForDistro {
+ 
+-    my $retval=1;
+-
+-    # checking to see if the os version given is in fact supported
+     my $distro = &GetDistro;
+ 
+-    # checking to see if the actual os version is in fact supported
+-    my $actualDistro = &getActualDistro;
++    my $inferredDistro = &getInferredDistro;
++
++    if (! ($inferredDistro eq $distro) ) {
++        print STDERR "WARNING: Inferred distro $inferredDistro is not the same as specified distro $distro. Using specified distro.\n";
++    }
++
+     $ENV{'LOCALE'}=''; # So that test cases checking for english results work ok.
+-    if ((! &is_OS_supported($distro)) or (! &is_OS_supported($actualDistro))  ) {
+-	# if either is not supported then print out a list of supported versions
+-	if (! &is_OS_supported($distro)) {
+-	    print STDERR "$err '$distro' is not a supported operating system.\n";
+-	}
+-	else {
+-	    print STDERR "$err Bastille is unable to operate correctly on this\n";
+-	    print STDERR "$spc $distro operating system.\n";
+-	}
++
++    if (! &is_OS_supported($distro)) {
++	print STDERR "$err '$distro' is not a supported operating system.\n";
++
+ 	my %supportedOSHash = &getSupportedOSHash;
+ 	print STDERR "$spc Valid operating system versions are as follows:\n";
+ 
+@@ -930,7 +916,7 @@
+     # intend via setting the Perl umask
+     umask(077);
+ 
+-    &getFileAndServiceInfo($distro,$actualDistro);
++    &getFileAndServiceInfo($distro,$distro);
+ 
+ #    &dumpFileInfo;  # great for debuging file location issues
+ #    &dumpServiceInfo; # great for debuging service information issues
+@@ -942,7 +928,7 @@
+ 	    "$spc You must use Bastille\'s -n flag (for example:\n" .
+ 	    "$spc bastille -f -n) or \'touch $nodisclaim_file \'\n";
+ 
+-    return $retval;
++    return 1;
+ }
+ 
+ 
+Index: Bastille/Bastille/LogAPI.pm
+===================================================================
+--- Bastille.orig/Bastille/LogAPI.pm	2013-08-22 04:32:38.269968002 -0400
++++ Bastille/Bastille/LogAPI.pm	2013-08-22 04:32:47.509968002 -0400
+@@ -111,7 +111,7 @@
+    # do this here to prevent bootstrapping problem, where we need to
+    # write an error that the errorlog location isn't defined.
+    my $logdir="/var/log/Bastille";
+-   if(&getActualDistro =~ "^HP-UX"){
++   if(&getInferredDistro =~ "^HP-UX"){
+        $logdir = "/var/opt/sec_mgmt/bastille/log/";
+    }
+ 
diff --git a/recipes-security/bastille/files/upgrade_options_processing.patch b/recipes-security/bastille/files/upgrade_options_processing.patch
new file mode 100644
index 0000000..5889a57
--- /dev/null
+++ b/recipes-security/bastille/files/upgrade_options_processing.patch
@@ -0,0 +1,85 @@
+Index: Bastille/Bastille/API.pm
+===================================================================
+--- Bastille.orig/Bastille/API.pm	2013-08-21 11:41:09.235950000 -0400
++++ Bastille/Bastille/API.pm	2013-08-21 11:41:16.183950000 -0400
+@@ -271,9 +271,15 @@
+ # setOptions takes six arguments, $GLOBAL_DEBUG, $GLOBAL_LOGONLY,
+ # $GLOBAL_VERBOSE, $GLOBAL_AUDITONLY, $GLOBAL_AUDIT_NO_BROWSER, and GLOBAL_OS;
+ ###########################################################################
+-sub setOptions($$$$$$) {
+-    ($GLOBAL_DEBUG,$GLOBAL_LOGONLY,$GLOBAL_VERBOSE,$GLOBAL_AUDITONLY,
+-     $GLOBAL_AUDIT_NO_BROWSER,$GLOBAL_OS) = @_;
++sub setOptions {
++    my %opts = @_;
++
++    $GLOBAL_DEBUG = $opts{debug};
++    $GLOBAL_LOGONLY = $opts{logonly};
++    $GLOBAL_VERBOSE = $opts{verbose};
++    $GLOBAL_AUDITONLY = $opts{auditonly};
++    $GLOBAL_AUDIT_NO_BROWSER = $opts{audit_no_browser};
++    $GLOBAL_OS = $opts{os};
+     if ($GLOBAL_AUDIT_NO_BROWSER) {
+ 	$GLOBAL_AUDITONLY = 1;
+     }
+Index: Bastille/BastilleBackEnd
+===================================================================
+--- Bastille.orig/BastilleBackEnd	2013-08-21 11:41:09.235950000 -0400
++++ Bastille/BastilleBackEnd	2013-08-21 12:40:54.055950001 -0400
+@@ -50,15 +50,13 @@
+ my $nodisclaim = 0;
+ my $verbose = 0;
+ my $force = 0;
+-my $log_only = 0;
+ my $debug = 0;
+ my $alternate_config=undef;
+ 
+ if( Getopt::Long::GetOptions( "n"     => \$nodisclaim,
+                               "v"     => \$verbose,
+                               "force" => \$force,
+-#			      "log"   => \$log_only, # broken
+-			      "f:s"   => \$alternate_config,
++			      "f=s"   => \$alternate_config,
+ 			      "debug" => \$debug) ) {
+     $error = 0; # no parse error
+ 
+@@ -66,7 +64,9 @@
+     $error = 1; # parse error
+ }
+ 
+-&setOptions($debug,$log_only,$verbose);
++&setOptions(
++  debug => $debug,
++  verbose => $verbose);
+ &ConfigureForDistro;
+ 
+ if ( $error ) { # GetOptions couldn't parse all of the args
+Index: Bastille/InteractiveBastille
+===================================================================
+--- Bastille.orig/InteractiveBastille	2013-08-21 11:41:09.235950000 -0400
++++ Bastille/InteractiveBastille	2013-08-21 12:40:30.531950001 -0400
+@@ -234,8 +234,8 @@
+ 			      "a"     => \$audit,
+                               "force" => \$force,
+ 			      "log"   => \$log_only,
+-			      "os:s"  => \$os_version,
+-                              "f:s"   => \$alternate_config,
++			      "os=s"  => \$os_version,
++                              "f=s"   => \$alternate_config,
+ 			      "debug" => \$debug) ) {
+     $error = 0; # no parse error
+ } else {
+@@ -293,7 +293,13 @@
+     $UseRequiresRules = 'N';
+ }
+ 
+-&setOptions($debug,$log_only,$verbose,$audit,$auditnobrowser,$os_version);
++&setOptions(
++  debug => $debug,
++  logonly => $log_only,
++  verbose => $verbose,
++  auditonly => $audit,
++  audit_no_browser => $auditnobrowser,
++  os => $os_version);
+ &ConfigureForDistro;
+ 
+ # ensuring mutually exclusive options are exclusive
-- 
1.7.10.4




More information about the yocto mailing list