scap-security-guide/fix_scap_delta_tailoring.patch

From 452ee249e43dc3ce5d1f052ed528a084f5a3657f Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 25 Feb 2025 16:55:19 +0100
Subject: create_delta_scap_tailoring: pass path to build_config.yml explicitly
 when calling the script from cmake

---
 cmake/SSGCommon.cmake | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
index 337067c215..170ae3d39f 100644
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
@@ -658,7 +658,7 @@ macro(ssg_build_disa_delta PRODUCT PROFILE)
     add_custom_command(
         OUTPUT "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml"
         COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring"
-        COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir
+        COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml
         DEPENDS "${PRODUCT}-content"
         COMMENT "[${PRODUCT}-generate-ssg-delta] generating disa tailoring file"
     )
-- 
2.48.1


From 6def0e0e54497f32b8be6b1511fe98e324bc057d Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 25 Feb 2025 17:08:54 +0100
Subject: create_scap_delta_tailoring: remove hardcoded build directory

---
 utils/create_scap_delta_tailoring.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/utils/create_scap_delta_tailoring.py b/utils/create_scap_delta_tailoring.py
index ee85a57bc0..04ca197c5f 100755
--- a/utils/create_scap_delta_tailoring.py
+++ b/utils/create_scap_delta_tailoring.py
@@ -24,8 +24,8 @@ NS = {'scap': ssg.constants.datastream_namespace,
 PROFILE = 'stig'
 
 
-def get_profile(product, profile_name):
-    ds_root = ET.parse(os.path.join(SSG_ROOT, 'build', 'ssg-{product}-ds.xml'
+def get_profile(product, profile_name, build_root):
+    ds_root = ET.parse(os.path.join(build_root, 'ssg-{product}-ds.xml'
                                     .format(product=product))).getroot()
     profiles = ds_root.findall(
         './/{{{scap}}}component/{{{xccdf}}}Benchmark/{{{xccdf}}}Profile'.format(
@@ -177,7 +177,7 @@ def create_tailoring(args):
                                         args.build_root)
     needed_rules = filter_out_implemented_rules(known_rules, NS, benchmark_root)
     needed_rule_names_set = set(rulename for ruleset in needed_rules.values() for rulename in ruleset)
-    profile_root = get_profile(args.product, args.profile)
+    profile_root = get_profile(args.product, args.profile, args.build_root)
     selections = profile_root.findall('xccdf-1.2:select', NS)
     tailoring_profile = setup_tailoring_profile(args.profile_id, profile_root)
     for selection in selections:
-- 
2.48.1
modify the %prep and %build section to be aligned with cs9 The previous implementation created nested build directory. This caused some problems. I believe it is better to have minimal differences between spec files in centos versions. add quick patch for the script which generates scap delta tailoring so that paths are not hardcoded there 2025-02-25 12:01:17 +00:00			`From 452ee249e43dc3ce5d1f052ed528a084f5a3657f Mon Sep 17 00:00:00 2001`
			`From: Vojtech Polasek <vpolasek@redhat.com>`
			`Date: Tue, 25 Feb 2025 16:55:19 +0100`
			`Subject: create_delta_scap_tailoring: pass path to build_config.yml explicitly`
			`when calling the script from cmake`

			`---`
			`cmake/SSGCommon.cmake \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake`
			`index 337067c215..170ae3d39f 100644`
			`--- a/cmake/SSGCommon.cmake`
			`+++ b/cmake/SSGCommon.cmake`
			`@@ -658,7 +658,7 @@ macro(ssg_build_disa_delta PRODUCT PROFILE)`
			`add_custom_command(`
			`OUTPUT "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml"`
			`COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring"`
			`- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir`
			`+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml`
			`DEPENDS "${PRODUCT}-content"`
			`COMMENT "[${PRODUCT}-generate-ssg-delta] generating disa tailoring file"`
			`)`
			`--`
			`2.48.1`


			`From 6def0e0e54497f32b8be6b1511fe98e324bc057d Mon Sep 17 00:00:00 2001`
			`From: Vojtech Polasek <vpolasek@redhat.com>`
			`Date: Tue, 25 Feb 2025 17:08:54 +0100`
			`Subject: create_scap_delta_tailoring: remove hardcoded build directory`

			`---`
			`utils/create_scap_delta_tailoring.py \| 6 +++---`
			`1 file changed, 3 insertions(+), 3 deletions(-)`

			`diff --git a/utils/create_scap_delta_tailoring.py b/utils/create_scap_delta_tailoring.py`
			`index ee85a57bc0..04ca197c5f 100755`
			`--- a/utils/create_scap_delta_tailoring.py`
			`+++ b/utils/create_scap_delta_tailoring.py`
			`@@ -24,8 +24,8 @@ NS = {'scap': ssg.constants.datastream_namespace,`
			`PROFILE = 'stig'`


			`-def get_profile(product, profile_name):`
			`- ds_root = ET.parse(os.path.join(SSG_ROOT, 'build', 'ssg-{product}-ds.xml'`
			`+def get_profile(product, profile_name, build_root):`
			`+ ds_root = ET.parse(os.path.join(build_root, 'ssg-{product}-ds.xml'`
			`.format(product=product))).getroot()`
			`profiles = ds_root.findall(`
			`'.//{{{scap}}}component/{{{xccdf}}}Benchmark/{{{xccdf}}}Profile'.format(`
			`@@ -177,7 +177,7 @@ def create_tailoring(args):`
			`args.build_root)`
			`needed_rules = filter_out_implemented_rules(known_rules, NS, benchmark_root)`
			`needed_rule_names_set = set(rulename for ruleset in needed_rules.values() for rulename in ruleset)`
			`- profile_root = get_profile(args.product, args.profile)`
			`+ profile_root = get_profile(args.product, args.profile, args.build_root)`
			`selections = profile_root.findall('xccdf-1.2:select', NS)`
			`tailoring_profile = setup_tailoring_profile(args.profile_id, profile_root)`
			`for selection in selections:`
			`--`
			`2.48.1`