... | ... |
@@ -147,13 +147,7 @@ class PackageBuilder(object): |
147 | 147 |
self.installPackage(pkg,chrootID,destLogPath,listInstalledPackages) |
148 | 148 |
|
149 | 149 |
def adjustGCCSpecs(self, package, chrootID, logPath): |
150 |
- opt = "" |
|
151 |
- # TODO: reading of hardening flag from spec files |
|
152 |
- if package == "linux" or package == "glibc": |
|
153 |
- opt = " clean" |
|
154 |
- elif package.startswith("xf86-") or package.startswith("xorg-server") : |
|
155 |
- opt = " nonow" |
|
156 |
- |
|
150 |
+ opt = " " + constants.specData.getSecurityHardeningOption(package) |
|
157 | 151 |
shutil.copy2(self.adjustGCCSpecScript, chrootID+"/tmp/"+self.adjustGCCSpecScript) |
158 | 152 |
cmdUtils=CommandUtils() |
159 | 153 |
cmd = "/tmp/"+self.adjustGCCSpecScript+opt |
... | ... |
@@ -14,6 +14,7 @@ class SerializableSpecObject(object): |
14 | 14 |
self.specFile="" |
15 | 15 |
self.listSources=[] |
16 | 16 |
self.listPatches=[] |
17 |
+ self.securityHardening="" |
|
17 | 18 |
|
18 | 19 |
class SerializableSpecObjectsUtils(object): |
19 | 20 |
|
... | ... |
@@ -38,6 +39,7 @@ class SerializableSpecObjectsUtils(object): |
38 | 38 |
specObj.release=spec.getRelease() |
39 | 39 |
specObj.listSources=spec.getSourceNames() |
40 | 40 |
specObj.listPatches=spec.getPatchNames() |
41 |
+ specObj.securityHardening=spec.getSecurityHardeningOption() |
|
41 | 42 |
for specPkg in specObj.listPackages: |
42 | 43 |
specObj.installRequiresPackages[specPkg]=spec.getRequires(specPkg) |
43 | 44 |
self.mapPackageToSpec[specPkg]=specName |
... | ... |
@@ -97,6 +99,10 @@ class SerializableSpecObjectsUtils(object): |
97 | 97 |
self.logger.error("Could not able to find "+package+" package from specs") |
98 | 98 |
raise Exception("Invalid package:"+package) |
99 | 99 |
|
100 |
+ def getSecurityHardeningOption(self, package): |
|
101 |
+ specName=self.getSpecName(package) |
|
102 |
+ return self.mapSerializableSpecObjects[specName].securityHardening |
|
103 |
+ |
|
100 | 104 |
def printAllObjects(self): |
101 | 105 |
listSpecs=self.mapSerializableSpecObjects.keys() |
102 | 106 |
for spec in listSpecs: |
... | ... |
@@ -125,5 +131,6 @@ class SerializableSpecObjectsUtils(object): |
125 | 125 |
self.logger.info(specObj.installRequiresAllPackages) |
126 | 126 |
self.logger.info(" ") |
127 | 127 |
self.logger.info(specObj.installRequiresPackages) |
128 |
+ self.logger.info("security_hardening: " + specObj.securityHardening) |
|
128 | 129 |
self.logger.info("------------------------------------------------") |
129 | 130 |
|
... | ... |
@@ -12,6 +12,7 @@ class SpecParser(object): |
12 | 12 |
self.checkMacro=rpmMacro().setName("check") |
13 | 13 |
self.packages={} |
14 | 14 |
self.specAdditionalContent="" |
15 |
+ self.globalSecurityHardening="" |
|
15 | 16 |
|
16 | 17 |
|
17 | 18 |
def readPkgNameFromPackageMacro(self,data,basePkgName=None): |
... | ... |
@@ -63,6 +64,8 @@ class SpecParser(object): |
63 | 63 |
self.packages[packageName].updatePackageMacro(macro) |
64 | 64 |
elif self.isPackageHeaders(line): |
65 | 65 |
self.readPackageHeaders(line, self.packages[currentPkg]) |
66 |
+ elif self.isGlobalSecurityHardening(line): |
|
67 |
+ self.readSecurityHardening(line) |
|
66 | 68 |
else: |
67 | 69 |
self.specAdditionalContent+=line+"\n" |
68 | 70 |
i=i+1 |
... | ... |
@@ -187,6 +190,11 @@ class SpecParser(object): |
187 | 187 |
return True |
188 | 188 |
return False |
189 | 189 |
|
190 |
+ def isGlobalSecurityHardening(self,line): |
|
191 |
+ if re.search('^%global *security_hardening',line,flags=re.IGNORECASE) : |
|
192 |
+ return True |
|
193 |
+ return False |
|
194 |
+ |
|
190 | 195 |
def readHeader(self,line): |
191 | 196 |
headerSplitIndex=line.find(":") |
192 | 197 |
if(headerSplitIndex+1 == len(line) ): |
... | ... |
@@ -290,3 +298,16 @@ class SpecParser(object): |
290 | 290 |
|
291 | 291 |
return True |
292 | 292 |
return False |
293 |
+ |
|
294 |
+ def readSecurityHardening(self,line): |
|
295 |
+ data = line.lower().strip(); |
|
296 |
+ words=data.split(" ") |
|
297 |
+ nrWords = len(words) |
|
298 |
+ if (nrWords != 3): |
|
299 |
+ print "Error: Unable to parse line: "+line |
|
300 |
+ return False |
|
301 |
+ if (words[2] != "none" and words[2] != "nonow") : |
|
302 |
+ print "Error: Invalid security_hardening value: " + words[2] |
|
303 |
+ return False |
|
304 |
+ self.globalSecurityHardening = words[2] |
|
305 |
+ return True; |
... | ... |
@@ -170,6 +170,9 @@ class Specutils(object): |
170 | 170 |
pkg = self.spec.packages.get('default') |
171 | 171 |
return pkg.name |
172 | 172 |
|
173 |
+ def getSecurityHardeningOption(self): |
|
174 |
+ return self.spec.globalSecurityHardening |
|
175 |
+ |
|
173 | 176 |
def main(): |
174 | 177 |
spec = Specutils("/workspace1/myrepos/photon/SPECS/docker/docker.spec") |
175 | 178 |
print "packages",spec.getPackageNames() |