Skip to content

Commit a7e75e1

Browse files
tobiasb-mstobiasb-ms
authored
add azl-compliance package (#9213)
Adds the azl-compliance package to our distro. This will be used to harden images for FIPS and FedRAMP.
1 parent 4c410bb commit a7e75e1

5 files changed

Lines changed: 75 additions & 1 deletion

File tree

SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

SPECS/LICENSES-AND-NOTICES/data/licenses.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2150,6 +2150,7 @@
21502150
"application-gateway-kubernetes-ingress",
21512151
"asc",
21522152
"azcopy",
2153+
"azl-compliance",
21532154
"azure-iot-sdk-c",
21542155
"azure-storage-cpp",
21552156
"azurelinux-sysinfo",

SPECS/azl-compliance/azl-compliance.signatures.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
{
2+
"Signatures": {
3+
"azl-compliance-1.0.1.tar.gz": "1d96b99ec755500383e5ff6bad01f1ac85848f067488f3ce29a99e6eb57a86b7"
4+
}
5+
}

SPECS/azl-compliance/azl-compliance.spec

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
Summary: Azure Linux compliance package to meet all sorts of compliance rules
2+
Name: azl-compliance
3+
Version: 1.0.1
4+
Release: 1%{?dist}
5+
License: BSD-3-Clause
6+
Vendor: Microsoft Corporation
7+
Distribution: Mariner
8+
Group: System Environment/Base
9+
URL: https://aka.ms/mariner
10+
Source0: %{_mariner_sources_url}/%{name}-%{version}.tar.gz
11+
Requires: dnf
12+
Requires: gnutls
13+
Requires: grub2
14+
Requires: grubby
15+
Requires: rpm
16+
Requires: rsyslog
17+
Requires: sudo
18+
BuildRequires: rust
19+
20+
%description
21+
Azure Linux compliance package to configure systems to meet FIPS and FedRAMP compliance.
22+
23+
%prep
24+
%autosetup
25+
26+
%build
27+
cd azl-compliance
28+
cargo build --release --offline
29+
30+
%install
31+
mkdir -p %{buildroot}%{_sysconfdir}/azl-compliance/
32+
mkdir -p %{buildroot}%{_bindir}
33+
install -m 0755 ./azl-compliance/target/release/azl-compliance %{buildroot}%{_bindir}/azl-compliance
34+
mkdir -p %{buildroot}%{_sysconfdir}/azl-compliance/fips
35+
mkdir -p %{buildroot}%{_sysconfdir}/azl-compliance/fedramp/remediation_scripts
36+
install -m 0755 fips/*.sh %{buildroot}%{_sysconfdir}/azl-compliance/fips/
37+
install -m 0755 fedramp/*.sh %{buildroot}%{_sysconfdir}/azl-compliance/fedramp/
38+
install -m 0644 fedramp/*.txt %{buildroot}%{_sysconfdir}/azl-compliance/fedramp/
39+
install -m 0755 fedramp/remediation_scripts/* %{buildroot}%{_sysconfdir}/azl-compliance/fedramp/remediation_scripts/
40+
install -m 0644 azl-compliance-fips.json %{buildroot}%{_sysconfdir}/azl-compliance/
41+
install -m 0644 azl-compliance-fedramp.json %{buildroot}%{_sysconfdir}/azl-compliance/
42+
43+
%files
44+
%license LICENSE
45+
%{_bindir}/azl-compliance
46+
%{_sysconfdir}/azl-compliance/fips
47+
%{_sysconfdir}/azl-compliance/azl-compliance-fips.json
48+
%{_sysconfdir}/azl-compliance/fedramp
49+
%{_sysconfdir}/azl-compliance/azl-compliance-fedramp.json
50+
51+
%check
52+
cd azl-compliance
53+
cargo test --release --offline
54+
55+
%changelog
56+
* Tue Mar 19 2024 Tobias Brick <tobiasb@microsoft.com> 1.0.1-1
57+
- Original version for CBL-Mariner.
58+
- License verified

cgmanifest.json

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -860,6 +860,16 @@
860860
}
861861
}
862862
},
863+
{
864+
"component": {
865+
"type": "other",
866+
"other": {
867+
"name": "azl-compliance",
868+
"version": "1.0.1",
869+
"downloadUrl": "https://azurelinuxsrcstorage.blob.core.windows.net/sources/core/azl-compliance-1.0.1.tar.gz"
870+
}
871+
}
872+
},
863873
{
864874
"component": {
865875
"type": "other",

0 commit comments

Comments
 (0)