Add Amazon Linux 2 derivative

This changes applies 0001-Add-Amazon-Linux-2-derivative.patch. This patch was extracted from the following package, distributed as part of Amazon Linux 2: scap-security-guide-0.1.40-12.amzn2.0.1.1.src.rpm
ComplianceAsCode · Jun 24, 2024 · 2a2658e · 2a2658e
1 parent 644de12
commit 2a2658e
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -119,6 +119,7 @@ option(SSG_PRODUCT_UOS20 "If enabled, the Uos 20 SCAP content will be built" ${S
 # Products derivatives
 option(SSG_CENTOS_DERIVATIVES_ENABLED "If enabled, CentOS derivative content will be built from the RHEL content" TRUE)
 option(SSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED "If enabled, Scientific Linux derivative content will be built from the RHEL content" TRUE)
+option(SSG_AMZN_DERIVATIVES_ENABLED "If enabled, Amazon Linux derivative content will be built from the RHEL content" TRUE)
 
 if("$ENV{PYTHONPATH}" STREQUAL "")
     set(ENV{PYTHONPATH} "${PROJECT_SOURCE_DIR}")

diff --git a/build-scripts/enable_derivatives.py b/build-scripts/enable_derivatives.py
@@ -26,9 +26,11 @@
 
 CENTOS_NOTICE_ELEMENT = ssg.xml.ElementTree.fromstring(ssg.constants.CENTOS_NOTICE)
 SL_NOTICE_ELEMENT = ssg.xml.ElementTree.fromstring(ssg.constants.SL_NOTICE)
+AMZN_NOTICE_ELEMENT = ssg.xml.ElementTree.fromstring(ssg.constants.AMZN_NOTICE)
 
 CENTOS_WARNING = 'centos_warning'
 SL_WARNING = 'sl_warning'
+AMZN_WARNING = 'amzn_warning'
 
 
 def parse_args():
@@ -38,6 +40,8 @@ def parse_args():
                       action="store_true", help="Enable CentOS")
     parser.add_option("--enable-sl", dest="sl", default=False,
                       action="store_true", help="Enable Scientific Linux")
+    parser.add_option("--enable-amzn", dest="amzn", default=False,
+                      action="store_true", help="Enable Amazon Linux")
     parser.add_option("-i", "--input", dest="input_content", default=False,
                       action="store",
                       help="INPUT can be XCCDF or Source data stream")
@@ -90,6 +94,12 @@ def main():
         warning = SL_WARNING
         derivative = "Scientific Linux"
 
+    if options.amzn:
+        mapping = ssg.constants.RHEL_AMZN_CPE_MAPPING
+        notice = AMZN_NOTICE_ELEMENT
+        warning = AMZN_WARNING
+        derivative = "Amazon Linux"
+
     tree = ssg.xml.open_xml(options.input_content)
     root = tree.getroot()
 

diff --git a/build_product b/build_product
@@ -332,6 +332,9 @@ set_no_derivatives_options() {
 	if grep -q 'rhel7' <<< "${_arg_product[*]}"; then
 		CMAKE_OPTIONS+=("-DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF")
 	fi
+	if grep -q 'rhel7' <<< "${_arg_product[*]}"; then
+		CMAKE_OPTIONS+=("-DSSG_AMZN_DERIVATIVES_ENABLED:BOOL=OFF")
+	fi
 }
 
 set_explict_build_targets() {

diff --git a/products/rhel7/CMakeLists.txt b/products/rhel7/CMakeLists.txt
@@ -33,3 +33,6 @@ endif()
 if(SSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED)
     ssg_build_derivative_product(${PRODUCT} "sl" "sl7")
 endif()
+if(SSG_AMZN_DERIVATIVES_ENABLED)
+    ssg_build_derivative_product(${PRODUCT} "amzn" "amzn2")
+endif()
diff --git a/ssg/constants.py b/ssg/constants.py
@@ -303,6 +303,11 @@
     "multi_platform_openembedded": ["openembedded"],
 }
 
+RHEL_AMZN_CPE_MAPPING = {
+    "cpe:/o:redhat:enterprise_linux:6": "cpe:/o:amazon:linux:2018.03:ga",
+    "cpe:/o:redhat:enterprise_linux:7": "cpe:/o:amazon:amazon_linux:2",
+}
+
 RHEL_CENTOS_CPE_MAPPING = {
     "cpe:/o:redhat:enterprise_linux:7": "cpe:/o:centos:centos:7",
     "cpe:/o:redhat:enterprise_linux:8": "cpe:/o:centos:centos:8",
@@ -314,6 +319,24 @@
     "cpe:/o:redhat:enterprise_linux:7": "cpe:/o:scientificlinux:scientificlinux:7",
 }
 
+AMZN_NOTICE = \
+    "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n" \
+    "<p>This benchmark is a direct port of a <i>SCAP Security Guide </i> " \
+    "benchmark developed for <i>Red Hat Enterprise Linux</i>.</p>" \
+    "\n" \
+    "<p>Users of <i>Amazon Linux 2</i> are invited to participate in " \
+    "<a href=\"http://open-scap.org\">OpenSCAP</a> and " \
+    "<a href=\"https://github.com/OpenSCAP/scap-security-guide\">" \
+    "SCAP Security Guide</a> development. Bug reports and patches " \
+    "can be sent to GitHub: " \
+    "<a href=\"https://github.com/OpenSCAP/scap-security-guide\">" \
+    "https://github.com/OpenSCAP/scap-security-guide</a>. " \
+    "The mailing list is at " \
+    "<a href=\"https://lists.fedorahosted.org/admin/lists/scap-security-guide.lists.fedorahosted.org/\">" \
+    "https://lists.fedorahosted.org/admin/lists/scap-security-guide.lists.fedorahosted.org/</a>" \
+    ".</p>" \
+    "</div>"
+
 CENTOS_NOTICE = \
     "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n" \
     "<p>This benchmark is a direct port of a <i>SCAP Security Guide </i> " \
@@ -512,6 +535,7 @@ class OvalNamespaces:
 OVAL_NAMESPACES = OvalNamespaces()
 
 DERIVATIVES_PRODUCT_MAPPING = {
+    "amzn2": "rhel7",
     "centos7": "rhel7",
     "centos8": "rhel8",
     "cs9": "rhel9",