From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] lynis: Update to version 3.0.6
Date: Tue, 04 Jan 2022 18:25:29 +0100 [thread overview]
Message-ID: <cce01927-e25f-c93f-7ca4-0cd4215657ef@ipfire.org> (raw)
In-Reply-To: <20220101165920.3480735-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 6303 bytes --]
Hello Adolf,
thank you for working on this and getting in touch with the Lynis developers.
I have verified their GPG signature now matches the .tar.gz available on their website,
and replaced the file on source.ipfire.org with the correct one.
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Thanks, and best regards,
Peter Müller
> - Update from 3.0.3 to 3.0.6
> - Communication had with cisofy about the website and github versions of lynis and the
> lack of a signature file on github. Following response received from Michael Boelen
> of cisofy.
> "GitHub releases are different as they (the tarballs) are created by GitHub itself. So
> yes, the hashes will differ. In fact, the contents of the files will be different as
> well. These files are not signed by GitHub or us. We consider GitHub the work version.
> When we release a new version, we tag them on GitHub with a version as well. For the
> stable releases, use the version on the website."
> - Based on the above the version used in this build is from the website. The signature
> file for version 3.0.6 on the website is now available.
> - The lynis-3.0.6.tar.gz in the IPFire Source location will probably need to be removed
> as it is from the Github location and running ./make.sh uploadsrc will probably not
> upload the correct version because the filenames are the same. The tarball used in this
> patch was from https://cisofy.com/downloads/lynis/
> - The lfs file modified to take account of the tarball expanding to just lynis without
> any version number. Also the rm -rf line has been modified due to the file differences
> with the previous Github versions.
> - Update rootfile to take account of the plugin_pam_phase1 and plugin_systemd_phase1
> plugins not being included in the cisofy website version of the tarball. If these two
> plugins that are available for community users are needed then they have to be
> downloaded separately from cisofy via an email subscription to the notification test.
> All other plugins are only available for paying customers.
> - Changelog
> Version 3.0.6 (2021-07-22)
> ### Added
> - OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
> - Check for outdated translation files
> ### Changed
> - DBS-1826 - Check if PostgreSQL is being used
> - DBS-1828 - Test multiple PostgreSQL configuration file(s)
> - KRNL-5830 - Sort kernels by version instead of modification date
> - PKGS-7410 - Don't show exception for systems using LXC
> - GetHostID function: fallback options added for Linux systems
> - Fix: macOS Big Sur detection
> - Fix: show correct text when egrep is missing
> - Fix: variable name for PostgreSQL
> - German and Spanish translations extended
> Version 3.0.5 (2021-07-02)
> ### Added
> - OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
> - CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
> ### Changed
> - ACCT-9622 - Corrected typo
> - HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
> - PKGS-7320 - extended to Arch Linux 32
> - Generation of host identifiers (hostid/hostid2) extended
> - Linux host identifiers are now using ip as preferred input source
> - Improved logging in several areas
> Version 3.0.4 (2021-05-11)
> ### Added
> - ACCT-9670 - Detection of cmd tooling
> - ACCT-9672 - Test cmd configuration file
> - BOOT-5140 - Check for ELILO boot loader presence
> - OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
> ### Changed
> - BOOT-5104 - Add service manager detection support for runit
> - FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
> - FIRE-4540 - Corrected nftables empy ruleset test
> - LOGG-2138 - Do not check for klogd when metalog is being used
> - TIME-3185 - Improved support for Debian stretch
> - Corrected issue when Lynis is not executed directly from lynis directory
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/rootfiles/packages/lynis | 2 --
> lfs/lynis | 14 +++++++-------
> 2 files changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis
> index 357f9cb3a..922efe5f1 100644
> --- a/config/rootfiles/packages/lynis
> +++ b/config/rootfiles/packages/lynis
> @@ -117,5 +117,3 @@ var/ipfire/lynis/lynis
> #var/ipfire/lynis/plugins
> #var/ipfire/lynis/plugins/README
> var/ipfire/lynis/plugins/custom_plugin.template
> -var/ipfire/lynis/plugins/plugin_pam_phase1
> -var/ipfire/lynis/plugins/plugin_systemd_phase1
> diff --git a/lfs/lynis b/lfs/lynis
> index 1ae501603..e6f2007b0 100644
> --- a/lfs/lynis
> +++ b/lfs/lynis
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 3.0.3
> +VER = 3.0.6
>
> THISAPP = lynis-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
>
> PROG = lynis
> -PAK_VER = 9
> +PAK_VER = 10
> DEPS =
>
> ###############################################################################
> @@ -44,7 +44,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = d5c7cdbab15029449fe5ef4b59ee941d
> +$(DL_FILE)_MD5 = 23cc369984d564e4a8232473b1ace137
>
> install : $(TARGET)
>
> @@ -76,8 +76,8 @@ dist:
>
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> - cd $(DIR_APP) && rm -rf .git* .travis.yml *.md FAQ INSTALL LICENCE lynis.8 README
> - cp -vrf $(DIR_APP) /var/ipfire/lynis
> - @rm -rf $(DIR_APP)
> + @rm -rf $(DIR_SRC)/$(PROG) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> + cd $(DIR_SRC)/$(PROG) && rm -rf *.md FAQ INSTALL LICENCE lynis.8 README
> + cp -vrf $(DIR_SRC)/$(PROG) /var/ipfire/lynis
> + @rm -rf $(DIR_SRC)/$(PROG)
> @$(POSTBUILD)
prev parent reply other threads:[~2022-01-04 17:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-01 16:59 Adolf Belka
2022-01-01 17:45 ` Michael Tremer
2022-01-04 17:25 ` Peter Müller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cce01927-e25f-c93f-7ca4-0cd4215657ef@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox