Exemplo n.º 1
0
    def postinst_content_path(self):
        """Path to the post-installation content file"""

        if self.content_type == "datastream":
            return utils.join_paths(common.TARGET_CONTENT_DIR,
                                    self.content_name)
        elif self.content_type in ("rpm", "scap-security-guide"):
            # no path magic in case of RPM (SSG is installed as an RPM)
            return self.xccdf_path
        else:
            return utils.join_paths(common.TARGET_CONTENT_DIR,
                                    self.xccdf_path)
Exemplo n.º 2
0
    def preinst_content_path(self):
        """Path to the pre-installation content file"""

        if self.content_type == "datastream":
            return utils.join_paths(common.INSTALLATION_CONTENT_DIR,
                                    self.content_name)
        elif self.content_type == "scap-security-guide":
            # SSG is not copied to the standard place
            return self.xccdf_path
        else:
            return utils.join_paths(common.INSTALLATION_CONTENT_DIR,
                                    self.xccdf_path)
Exemplo n.º 3
0
    def preinst_tailoring_path(self):
        """Path to the pre-installation tailoring file (if any)"""

        if not self.tailoring_path:
            return None

        return utils.join_paths(common.INSTALLATION_CONTENT_DIR,
                                self.tailoring_path)
Exemplo n.º 4
0
    def execute(self, storage, ksdata, users, payload):
        """
        The execute method that should make changes to the installed system. It
        is called only once in the post-install setup phase.

        :see: setup
        :param users: information about created users
        :type users: pyanaconda.users.Users instance

        """

        if self.dry_run or not self.profile_id:
            # nothing more to be done in the dry-run mode or if no profile is
            # selected
            return

        target_content_dir = utils.join_paths(getSysroot(),
                                              common.TARGET_CONTENT_DIR)
        utils.ensure_dir_exists(target_content_dir)

        if self.content_type == "datastream":
            shutil.copy2(self.preinst_content_path, target_content_dir)
        elif self.content_type == "rpm":
            # copy the RPM to the target system
            shutil.copy2(self.raw_preinst_content_path, target_content_dir)

            # and install it with yum
            ret = util.execInSysroot("yum", ["-y", "--nogpg", "install",
                                             self.raw_postinst_content_path])
            if ret != 0:
                raise common.ExtractionError("Failed to install content "
                                             "RPM to the target system")
        elif self.content_type == "scap-security-guide":
            # nothing needed
            pass
        else:
            utils.universal_copy(utils.join_paths(common.INSTALLATION_CONTENT_DIR,
                                                  "*"),
                                 target_content_dir)
        if os.path.exists(self.preinst_tailoring_path):
            shutil.copy2(self.preinst_tailoring_path, target_content_dir)

        common.run_oscap_remediate(self.profile_id, self.postinst_content_path,
                                   self.datastream_id, self.xccdf_id,
                                   self.postinst_tailoring_path,
                                   chroot=getSysroot())
Exemplo n.º 5
0
def ssg_available(root="/"):
    """
    Tries to find the SCAP Security Guide under the given root.

    :return: True if SSG was found under the given root, False otherwise

    """

    return os.path.exists(utils.join_paths(root, SSG_DIR + SSG_XCCDF))
Exemplo n.º 6
0
def extract_data(archive, out_dir, ensure_has_files=None):
    """
    Fuction that extracts the given archive to the given output directory. It
    tries to find out the archive type by the file name.

    :param archive: path to the archive file that should be extracted
    :type archive: str
    :param out_dir: output directory the archive should be extracted to
    :type out_dir: str
    :param ensure_has_files: relative paths to the files that must exist in the
                             archive
    :type ensure_has_files: iterable of strings or None
    :return: a list of files and directories extracted from the archive
    :rtype: [str]

    """

    # get rid of empty file paths
    ensure_has_files = [fpath for fpath in ensure_has_files if fpath]

    if archive.endswith(".zip"):
        # ZIP file
        try:
            zfile = zipfile.ZipFile(archive, "r")
        except zipfile.BadZipfile as err:
            raise ExtractionError(str(err))

        # generator for the paths of the files found in the archive (dirs end
        # with "/")
        files = set(info.filename for info in zfile.filelist
                    if not info.filename.endswith("/"))
        for fpath in ensure_has_files or ():
            if fpath not in files:
                msg = "File '%s' not found in the archive '%s'" % (fpath,
                                                                   archive)
                raise ExtractionError(msg)

        utils.ensure_dir_exists(out_dir)
        zfile.extractall(path=out_dir)
        result = [utils.join_paths(out_dir, info.filename) for info in zfile.filelist]
        zfile.close()
        return result
    elif archive.endswith(".tar"):
        # plain tarball
        return _extract_tarball(archive, out_dir, ensure_has_files, None)
    elif archive.endswith(".tar.gz"):
        # gzipped tarball
        return _extract_tarball(archive, out_dir, ensure_has_files, "gz")
    elif archive.endswith(".tar.bz2"):
        # bzipped tarball
        return _extract_tarball(archive, out_dir, ensure_has_files, "bz2")
    elif archive.endswith(".rpm"):
        # RPM
        return _extract_rpm(archive, out_dir, ensure_has_files)
    # elif other types of archives
    else:
        raise ExtractionError("Unsuported archive type")
Exemplo n.º 7
0
    def postinst_tailoring_path(self):
        """Path to the post-installation tailoring file (if any)"""

        if not self.tailoring_path:
            return None

        if self.content_type == "rpm":
            # no path magic in case of RPM
            return self.tailoring_path

        return utils.join_paths(common.TARGET_CONTENT_DIR,
                                self.tailoring_path)
Exemplo n.º 8
0
def _extract_tarball(archive, out_dir, ensure_has_files, alg):
    """
    Extract the given TAR archive to the given output directory and make sure
    the given file exists in the archive.

    :see: extract_data
    :param alg: compression algorithm used for the tarball
    :type alg: str (one of "gz", "bz2") or None
    :return: a list of files and directories extracted from the archive
    :rtype: [str]

    """

    if alg and alg not in ("gz", "bz2",):
        raise ExtractionError("Unsupported compression algorithm")

    mode = "r"
    if alg:
        mode += ":%s" % alg

    try:
        tfile = tarfile.TarFile.open(archive, mode)
    except tarfile.TarError as err:
        raise ExtractionError(str(err))

    # generator for the paths of the files found in the archive
    files = set(member.path for member in tfile.getmembers()
                if member.isfile())

    for fpath in ensure_has_files or ():
        if fpath not in files:
            msg = "File '%s' not found in the archive '%s'" % (fpath, archive)
            raise ExtractionError(msg)

    utils.ensure_dir_exists(out_dir)
    tfile.extractall(path=out_dir)
    result = [utils.join_paths(out_dir, member.path) for member in tfile.getmembers()]
    tfile.close()

    return result
Exemplo n.º 9
0
def test_absolute_relative():
    assert utils.join_paths("/foo", "blah") == "/foo/blah"
Exemplo n.º 10
0
def test_absolute_absolute():
    assert utils.join_paths("/foo", "/blah") == "/foo/blah"
Exemplo n.º 11
0
def test_relative_relative():
    assert utils.join_paths("foo", "blah") == "foo/blah"
Exemplo n.º 12
0
def test_relative_absolute():
    assert utils.join_paths("foo", "/blah") == "foo/blah"
Exemplo n.º 13
0
    def raw_postinst_content_path(self):
        """Path to the raw (unextracted, ...) post-installation content file"""

        return utils.join_paths(common.TARGET_CONTENT_DIR,
                                self.content_name)
Exemplo n.º 14
0
from pyanaconda.threads import threadMgr, AnacondaThread

from org_fedora_oscap import utils
from org_fedora_oscap.data_fetch import fetch_data

# everything else should be private
__all__ = ["run_oscap_remediate", "get_fix_rules_pre", "wait_and_fetch_net_data",
           "extract_data", "strip_content_dir", "OSCAPaddonError"]

INSTALLATION_CONTENT_DIR = "/tmp/openscap_data/"
TARGET_CONTENT_DIR = "/root/openscap_data/"

SSG_DIR = "/usr/share/xml/scap/ssg/fedora/"
SSG_XCCDF = "ssg-fedora-xccdf.xml"

RESULTS_PATH = utils.join_paths(TARGET_CONTENT_DIR, "eval_remediate_results.xml")

PRE_INSTALL_FIX_SYSTEM_ATTR = "urn:redhat:anaconda:pre"

THREAD_FETCH_DATA = "AnaOSCAPdataFetchThread"

SUPPORTED_ARCHIVES = (".zip", ".tar", ".tar.gz", ".tar.bz2", )

# buffer size for reading and writing out data (in bytes)
IO_BUF_SIZE = 2 * 1024 * 1024

class OSCAPaddonError(Exception):
    """Exception class for OSCAP addon related errors."""

    pass
Exemplo n.º 15
0
 def absolute_absolute_test(self):
     self.assertEqual(utils.join_paths("/foo", "/blah"), "/foo/blah")
Exemplo n.º 16
0
 def relative_relative_test(self):
     self.assertEqual(utils.join_paths("foo", "blah"), "foo/blah")
Exemplo n.º 17
0
    def raw_preinst_content_path(self):
        """Path to the raw (unextracted, ...) pre-installation content file"""

        return utils.join_paths(common.INSTALLATION_CONTENT_DIR,
                                self.content_name)