From 9a1ba71e16d7b4ed5be7fca51974d6c30a8c6428 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 25 Feb 2025 13:01:17 +0100
Subject: [PATCH] modify the %prep and %build section to be aligned with cs9

The previous implementation created nested build directory.
This caused some problems.
I believe it is better to have minimal differences between spec files in centos versions.

add quick patch for the script which generates scap delta tailoring so that paths are not hardcoded there
---
 fix_scap_delta_tailoring.patch | 63 ++++++++++++++++++++++++++++++++++
 scap-security-guide.spec       | 36 ++++++++-----------
 2 files changed, 78 insertions(+), 21 deletions(-)
 create mode 100644 fix_scap_delta_tailoring.patch

diff --git a/fix_scap_delta_tailoring.patch b/fix_scap_delta_tailoring.patch
new file mode 100644
index 0000000..a146bbc
--- /dev/null
+++ b/fix_scap_delta_tailoring.patch
@@ -0,0 +1,63 @@
+From 452ee249e43dc3ce5d1f052ed528a084f5a3657f Mon Sep 17 00:00:00 2001
+From: Vojtech Polasek <vpolasek@redhat.com>
+Date: Tue, 25 Feb 2025 16:55:19 +0100
+Subject: create_delta_scap_tailoring: pass path to build_config.yml explicitly
+ when calling the script from cmake
+
+---
+ cmake/SSGCommon.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
+index 337067c215..170ae3d39f 100644
+--- a/cmake/SSGCommon.cmake
++++ b/cmake/SSGCommon.cmake
+@@ -658,7 +658,7 @@ macro(ssg_build_disa_delta PRODUCT PROFILE)
+     add_custom_command(
+         OUTPUT "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml"
+         COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring"
+-        COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir
++        COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_scap_delta_tailoring.py" --root "${CMAKE_SOURCE_DIR}" --product "${PRODUCT}" --manual "${DISA_SCAP_REF}" --profile "${PROFILE}" --reference "stigid" --output "${CMAKE_BINARY_DIR}/${PRODUCT}/tailoring/${PRODUCT}_${PROFILE}_delta_tailoring.xml" --quiet --build-root ${CMAKE_BINARY_DIR} --resolved-rules-dir -c ${CMAKE_BINARY_DIR}/build_config.yml
+         DEPENDS "${PRODUCT}-content"
+         COMMENT "[${PRODUCT}-generate-ssg-delta] generating disa tailoring file"
+     )
+-- 
+2.48.1
+
+
+From 6def0e0e54497f32b8be6b1511fe98e324bc057d Mon Sep 17 00:00:00 2001
+From: Vojtech Polasek <vpolasek@redhat.com>
+Date: Tue, 25 Feb 2025 17:08:54 +0100
+Subject: create_scap_delta_tailoring: remove hardcoded build directory
+
+---
+ utils/create_scap_delta_tailoring.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/utils/create_scap_delta_tailoring.py b/utils/create_scap_delta_tailoring.py
+index ee85a57bc0..04ca197c5f 100755
+--- a/utils/create_scap_delta_tailoring.py
++++ b/utils/create_scap_delta_tailoring.py
+@@ -24,8 +24,8 @@ NS = {'scap': ssg.constants.datastream_namespace,
+ PROFILE = 'stig'
+ 
+ 
+-def get_profile(product, profile_name):
+-    ds_root = ET.parse(os.path.join(SSG_ROOT, 'build', 'ssg-{product}-ds.xml'
++def get_profile(product, profile_name, build_root):
++    ds_root = ET.parse(os.path.join(build_root, 'ssg-{product}-ds.xml'
+                                     .format(product=product))).getroot()
+     profiles = ds_root.findall(
+         './/{{{scap}}}component/{{{xccdf}}}Benchmark/{{{xccdf}}}Profile'.format(
+@@ -177,7 +177,7 @@ def create_tailoring(args):
+                                         args.build_root)
+     needed_rules = filter_out_implemented_rules(known_rules, NS, benchmark_root)
+     needed_rule_names_set = set(rulename for ruleset in needed_rules.values() for rulename in ruleset)
+-    profile_root = get_profile(args.product, args.profile)
++    profile_root = get_profile(args.product, args.profile, args.build_root)
+     selections = profile_root.findall('xccdf-1.2:select', NS)
+     tailoring_profile = setup_tailoring_profile(args.profile_id, profile_root)
+     for selection in selections:
+-- 
+2.48.1
+
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index d159856..02f1be3 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -2,8 +2,6 @@
 %global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6
 # Base name of static rhel7 content tarball
 %global _static_rhel7_content %{name}-0.1.73-1.el7_9-rhel7
-# https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
-%global _vpath_builddir build
 # global _default_patch_fuzz 2  # Normally shouldn't be needed as patches should apply cleanly
 
 Name:		scap-security-guide
@@ -18,6 +16,7 @@ Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{versio
 Source1:	%{_static_rhel6_content}.tar.bz2
 # Include tarball with last released rhel7 content
 Source2:	%{_static_rhel7_content}.tar.bz2
+Patch0: fix_scap_delta_tailoring.patch
 
 BuildArch:	noarch
 
@@ -66,30 +65,25 @@ The %{name}-rule-playbooks package contains individual ansible playbooks per rul
 
 %prep
 %setup -q -b1 -b2
+%patch -P 0 -p1
+
+%define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=OFF -DSSG_BUILD_SCAP_12_DS=OFF -DSSG_PRODUCT_FIREFOX:BOOLEAN=true -DSSG_PRODUCT_JRE:BOOLEAN=TRUE
+%define cmake_defines_specific %{nil}
+%if 0%{?rhel}
+%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{rhel}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON
+%endif
+%if 0%{?centos}
+%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON
+%endif
 
 %build
-mkdir -p build
-cd build
-%cmake \
--DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE \
--DSSG_PRODUCT_RHEL7:BOOLEAN=TRUE \
--DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \
--DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \
--DSSG_PRODUCT_JRE:BOOLEAN=TRUE \
-%if %{defined centos}
--DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \
-%else
--DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \
-%endif
--DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF \
-%if ( %{defined rhel} && (! %{defined centos}) )
--DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON \
-%endif
-../
+mkdir -p %{_vpath_builddir}
+cd %{_vpath_builddir}
+%cmake -S .. %{cmake_defines_common} %{cmake_defines_specific}
 %cmake_build
 
 %install
-cd build
+cd %{_vpath_builddir}
 %cmake_install
 
 # Manually install pre-built rhel6 content