rpms
/
scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity
scap-security-guide/scap-security-guide-0.1.57-...

478 lines
27 KiB
Diff
Raw Blame History

From aae5be64cdeb4a41caa3f3273342373cc4f4e9b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Wed, 19 May 2021 18:01:14 +0200
Subject: [PATCH 1/4] Add options for building Ansible and Bash content
This patch adds 2 new options SSG_ANSIBLE_PLAYBOOKS_ENABLED and
SSG_BASH_SCRIPTS_ENABLED which will allow user to turn on or off
building and installing profile Bash remediation scripts and profile
Ansible Playbooks. They are enabled by default, therefore the default
behavior doesn't change, but people can turn them off to speed up the
build. These options can be useful when calling cmake in downstream spec
files.
---
CMakeLists.txt | 4 +++
cmake/SSGCommon.cmake | 60 +++++++++++++++++++++++--------------------
2 files changed, 36 insertions(+), 28 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 32a0ddd240a..c309efde9bd 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -46,6 +46,8 @@ option(SSG_SHELLCHECK_BASH_FIXES_VALIDATION_ENABLED "If enabled, shellcheck vali
option(SSG_LINKCHECKER_VALIDATION_ENABLED "If enabled, linkchecker will be used to validate URLs in all the HTML guides and tables." TRUE)
option(SSG_SVG_IN_XCCDF_ENABLED "If enabled, the built XCCDFs will include the SVG SCAP Security Guide logo." TRUE)
option(SSG_SEPARATE_SCAP_FILES_ENABLED "If enabled, separate SCAP files (OVAL, XCCDF, CPE dict, ...) will be installed alongside the source data-streams" TRUE)
+option(SSG_ANSIBLE_PLAYBOOKS_ENABLED "If enabled, Ansible Playbooks for each profile will be built and installed." TRUE)
+option(SSG_BASH_SCRIPTS_ENABLED "If enabled, Bash remediation scripts for each profile will be built and installed." TRUE)
option(SSG_JINJA2_CACHE_ENABLED "If enabled, the jinja2 templating files will be cached into bytecode. Also see SSG_JINJA2_CACHE_DIR." TRUE)
option(SSG_BATS_TESTS_ENABLED "If enabled, bats will be used to run unit-tests of bash remediations." TRUE)
set(SSG_JINJA2_CACHE_DIR "${CMAKE_BINARY_DIR}/jinja2_cache" CACHE PATH "Where the jinja2 cached bytecode should be stored. This speeds up builds at the expense of disk space. You can use one location for multiple SSG builds for performance improvements.")
@@ -240,6 +242,8 @@ message(STATUS "OVAL schematron validation: ${SSG_OVAL_SCHEMATRON_VALIDATION_ENA
message(STATUS "shellcheck bash fixes validation: ${SSG_SHELLCHECK_BASH_FIXES_VALIDATION_ENABLED}")
message(STATUS "SVG logo in XCCDFs: ${SSG_SVG_IN_XCCDF_ENABLED}")
message(STATUS "Separate SCAP files: ${SSG_SEPARATE_SCAP_FILES_ENABLED}")
+message(STATUS "Ansible Playbooks: ${SSG_ANSIBLE_PLAYBOOKS_ENABLED}")
+message(STATUS "Bash scripts: ${SSG_BASH_SCRIPTS_ENABLED}")
if (SSG_JINJA2_CACHE_ENABLED)
message(STATUS "jinja2 cache: enabled")
message(STATUS "jinja2 cache dir: ${SSG_JINJA2_CACHE_DIR}")
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
index 889c0cf1d3c..9b109f86b9f 100644
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
@@ -789,7 +789,7 @@ macro(ssg_build_product PRODUCT)
add_dependencies(zipfile "generate-ssg-${PRODUCT}-ds.xml")
- if ("${PRODUCT_ANSIBLE_REMEDIATION_ENABLED}")
+ if ("${PRODUCT_ANSIBLE_REMEDIATION_ENABLED}" AND SSG_ANSIBLE_PLAYBOOKS_ENABLED)
add_dependencies(
${PRODUCT}-content
generate-${PRODUCT}-ansible-playbooks
@@ -803,7 +803,7 @@ macro(ssg_build_product PRODUCT)
add_dependencies(zipfile ${PRODUCT}-profile-playbooks)
endif()
- if ("${PRODUCT_BASH_REMEDIATION_ENABLED}")
+ if ("${PRODUCT_BASH_REMEDIATION_ENABLED}" AND SSG_BASH_SCRIPTS_ENABLED)
ssg_build_profile_bash_scripts(${PRODUCT})
add_custom_target(
${PRODUCT}-profile-bash-scripts
@@ -873,30 +873,34 @@ macro(ssg_build_product PRODUCT)
endif()
"
)
- install(
- CODE "
- file(GLOB ROLE_FILES \"${CMAKE_BINARY_DIR}/ansible/${PRODUCT}-playbook-*.yml\") \n
- if(NOT IS_ABSOLUTE ${SSG_ANSIBLE_ROLE_INSTALL_DIR})
- file(INSTALL DESTINATION \"\${CMAKE_INSTALL_PREFIX}/${SSG_ANSIBLE_ROLE_INSTALL_DIR}\"
- TYPE FILE FILES \${ROLE_FILES})
- else()
- file(INSTALL DESTINATION \"${SSG_ANSIBLE_ROLE_INSTALL_DIR}\"
- TYPE FILE FILES \${ROLE_FILES})
- endif()
- "
- )
- install(
- CODE "
- file(GLOB ROLE_FILES \"${CMAKE_BINARY_DIR}/bash/${PRODUCT}-script-*.sh\") \n
- if(NOT IS_ABSOLUTE ${SSG_BASH_ROLE_INSTALL_DIR})
- file(INSTALL DESTINATION \"\${CMAKE_INSTALL_PREFIX}/${SSG_BASH_ROLE_INSTALL_DIR}\"
- TYPE FILE FILES \${ROLE_FILES})
- else()
- file(INSTALL DESTINATION \"${SSG_BASH_ROLE_INSTALL_DIR}\"
- TYPE FILE FILES \${ROLE_FILES})
- endif()
- "
- )
+ if(SSG_ANSIBLE_PLAYBOOKS_ENABLED)
+ install(
+ CODE "
+ file(GLOB ROLE_FILES \"${CMAKE_BINARY_DIR}/ansible/${PRODUCT}-playbook-*.yml\") \n
+ if(NOT IS_ABSOLUTE ${SSG_ANSIBLE_ROLE_INSTALL_DIR})
+ file(INSTALL DESTINATION \"\${CMAKE_INSTALL_PREFIX}/${SSG_ANSIBLE_ROLE_INSTALL_DIR}\"
+ TYPE FILE FILES \${ROLE_FILES})
+ else()
+ file(INSTALL DESTINATION \"${SSG_ANSIBLE_ROLE_INSTALL_DIR}\"
+ TYPE FILE FILES \${ROLE_FILES})
+ endif()
+ "
+ )
+ endif()
+ if(SSG_BASH_SCRIPTS_ENABLED)
+ install(
+ CODE "
+ file(GLOB ROLE_FILES \"${CMAKE_BINARY_DIR}/bash/${PRODUCT}-script-*.sh\") \n
+ if(NOT IS_ABSOLUTE ${SSG_BASH_ROLE_INSTALL_DIR})
+ file(INSTALL DESTINATION \"\${CMAKE_INSTALL_PREFIX}/${SSG_BASH_ROLE_INSTALL_DIR}\"
+ TYPE FILE FILES \${ROLE_FILES})
+ else()
+ file(INSTALL DESTINATION \"${SSG_BASH_ROLE_INSTALL_DIR}\"
+ TYPE FILE FILES \${ROLE_FILES})
+ endif()
+ "
+ )
+ endif()
# grab all the kickstarts (if any) and install them
file(GLOB KICKSTART_FILES "${CMAKE_CURRENT_SOURCE_DIR}/kickstart/ssg-${PRODUCT}-*-ks.cfg")
@@ -968,7 +972,7 @@ macro(ssg_build_derivative_product ORIGINAL SHORTNAME DERIVATIVE)
ssg_build_html_guides(${DERIVATIVE})
- if ("${PRODUCT_BASH_REMEDIATION_ENABLED}")
+ if ("${PRODUCT_BASH_REMEDIATION_ENABLED}" AND SSG_BASH_SCRIPTS_ENABLED)
ssg_build_profile_bash_scripts(${DERIVATIVE})
add_custom_target(
${DERIVATIVE}-profile-bash-scripts
@@ -977,7 +981,7 @@ macro(ssg_build_derivative_product ORIGINAL SHORTNAME DERIVATIVE)
add_dependencies(${DERIVATIVE} ${DERIVATIVE}-profile-bash-scripts)
endif()
- if ("${PRODUCT_ANSIBLE_REMEDIATION_ENABLED}")
+ if ("${PRODUCT_ANSIBLE_REMEDIATION_ENABLED}" AND SSG_ANSIBLE_PLAYBOOKS_ENABLED)
ssg_build_profile_playbooks(${DERIVATIVE})
add_custom_target(
${DERIVATIVE}-profile-playbooks
From c7c7baa84ce722304224373c556a2d03edb0f76c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 20 May 2021 09:14:21 +0200
Subject: [PATCH 2/4] Do not build HTML guide for the virtual default profile
The virtual '(default)' profile is a profile that doesn't contain
any rules, so the built HTML guide also doesn't contain any rules
which means it contains only group descriptions. This HTML guide
has no use for the users and it only increases the built size.
---
ssg/build_guides.py | 4 ----
1 file changed, 4 deletions(-)
diff --git a/ssg/build_guides.py b/ssg/build_guides.py
index 3b2a9469240..2e37d80eef3 100644
--- a/ssg/build_guides.py
+++ b/ssg/build_guides.py
@@ -105,10 +105,6 @@ def get_benchmark_profile_pairs(input_tree, benchmarks):
for benchmark_id in benchmarks.keys():
profiles = get_profile_choices_for_input(input_tree, benchmark_id,
None)
-
- # add the default profile
- profiles[""] = "(default)"
-
for profile_id in profiles:
pair = (benchmark_id, profile_id, profiles[profile_id])
benchmark_profile_pairs.append(pair)
From f2c265013dd5fe75fd47c8ce7afe9e2ecc7cf16f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 20 May 2021 09:49:51 +0200
Subject: [PATCH 3/4] Add option to disable SCAP 1.2 data streams
This commit adds a new option that enables to turn on building
the SCAP 1.2 source data streams (ssg-*-ds-1.2.xml). This option
will help people who don't want to build and ship this file.
The default setting is TRUE which means the default behavior
shouldn't change.
---
CMakeLists.txt | 2 +
cmake/SSGCommon.cmake | 100 +++++++++++++++++++++++++++---------------
2 files changed, 67 insertions(+), 35 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index c309efde9bd..55b991cedfa 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -41,6 +41,7 @@ set(SSG_TARGET_OVAL_MINOR_VERSION "11" CACHE STRING "Which minor version of OVAL
set(SSG_TARGET_OVAL_VERSION "${SSG_TARGET_OVAL_MAJOR_VERSION}.${SSG_TARGET_OVAL_MINOR_VERSION}")
+option(SSG_BUILD_SCAP_12_DS "If enabled, ssg-*-ds-1.2.xml will be built along with ssg-*-ds.xml" TRUE)
option(SSG_OVAL_SCHEMATRON_VALIDATION_ENABLED "If enabled, schematron validation will be performed as part of the ctest tests. Schematron takes a lot of time to complete but can find more issues than just plain XSD validation." TRUE)
option(SSG_SHELLCHECK_BASH_FIXES_VALIDATION_ENABLED "If enabled, shellcheck validation of bash fixes will be performed as part of the ctest tests. Shellcheck tests don't pass right now, this option is discouraged until that's fixed." FALSE)
option(SSG_LINKCHECKER_VALIDATION_ENABLED "If enabled, linkchecker will be used to validate URLs in all the HTML guides and tables." TRUE)
@@ -238,6 +239,7 @@ message(STATUS " ")
message(STATUS "Build options:")
message(STATUS "SSG vendor string: ${SSG_VENDOR}")
message(STATUS "Target OVAL version: ${SSG_TARGET_OVAL_VERSION}")
+message(STATUS "Build SCAP 1.2 source data streams: ${SSG_BUILD_SCAP_12_DS}")
message(STATUS "OVAL schematron validation: ${SSG_OVAL_SCHEMATRON_VALIDATION_ENABLED}")
message(STATUS "shellcheck bash fixes validation: ${SSG_SHELLCHECK_BASH_FIXES_VALIDATION_ENABLED}")
message(STATUS "SVG logo in XCCDFs: ${SSG_SVG_IN_XCCDF_ENABLED}")
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
index 9b109f86b9f..412db46c687 100644
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
@@ -555,7 +555,6 @@ macro(ssg_build_sds PRODUCT)
if("${PRODUCT}" MATCHES "rhel(6|7)")
add_custom_command(
OUTPUT "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
- OUTPUT "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
WORKING_DIRECTORY "${CMAKE_BINARY_DIR}"
# use --skip-valid here to avoid repeatedly validating everything
COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-compose --skip-valid "ssg-${PRODUCT}-xccdf-1.2.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
@@ -563,10 +562,8 @@ macro(ssg_build_sds PRODUCT)
COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-add --skip-valid "ssg-${PRODUCT}-cpe-dictionary.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-add --skip-valid "ssg-${PRODUCT}-pcidss-xccdf-1.2.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/sds_move_ocil_to_checks.py" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/update_sds_version.py" --version "1.2" --input "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/update_sds_version.py" --version "1.3" --input "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
COMMAND "${XMLLINT_EXECUTABLE}" --nsclean --format --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
- COMMAND "${XMLLINT_EXECUTABLE}" --nsclean --format --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
DEPENDS generate-ssg-${PRODUCT}-xccdf-1.2.xml
DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-xccdf-1.2.xml"
DEPENDS generate-ssg-${PRODUCT}-oval.xml
@@ -578,22 +575,19 @@ macro(ssg_build_sds PRODUCT)
DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-cpe-oval.xml"
DEPENDS generate-ssg-${PRODUCT}-pcidss-xccdf-1.2.xml
DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-pcidss-xccdf-1.2.xml"
- COMMENT "[${PRODUCT}-content] generating ssg-${PRODUCT}-ds.xml and ssg-${PRODUCT}-ds-1.2.xml"
+ COMMENT "[${PRODUCT}-content] generating ssg-${PRODUCT}-ds.xml"
)
else()
add_custom_command(
OUTPUT "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
- OUTPUT "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
WORKING_DIRECTORY "${CMAKE_BINARY_DIR}"
# use --skip-valid here to avoid repeatedly validating everything
COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-compose --skip-valid "ssg-${PRODUCT}-xccdf-1.2.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
COMMAND "${SED_EXECUTABLE}" -i 's/schematron-version="[0-9].[0-9]"/schematron-version="1.2"/' "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-add --skip-valid "ssg-${PRODUCT}-cpe-dictionary.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/sds_move_ocil_to_checks.py" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/update_sds_version.py" --version "1.2" --input "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/update_sds_version.py" --version "1.3" --input "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
COMMAND "${XMLLINT_EXECUTABLE}" --nsclean --format --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
- COMMAND "${XMLLINT_EXECUTABLE}" --nsclean --format --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
DEPENDS generate-ssg-${PRODUCT}-xccdf-1.2.xml
DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-xccdf-1.2.xml"
DEPENDS generate-ssg-${PRODUCT}-oval.xml
@@ -603,14 +597,30 @@ macro(ssg_build_sds PRODUCT)
DEPENDS generate-ssg-${PRODUCT}-cpe-dictionary.xml
DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-cpe-dictionary.xml"
DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-cpe-oval.xml"
- COMMENT "[${PRODUCT}-content] generating ssg-${PRODUCT}-ds.xml and ssg-${PRODUCT}-ds-1.2.xml"
+ COMMENT "[${PRODUCT}-content] generating ssg-${PRODUCT}-ds.xml"
+ )
+ endif()
+
+ if(SSG_BUILD_SCAP_12_DS)
+ add_custom_command(
+ OUTPUT "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
+ WORKING_DIRECTORY "${CMAKE_BINARY_DIR}"
+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/update_sds_version.py" --version "1.2" --input "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
+ COMMAND "${XMLLINT_EXECUTABLE}" --nsclean --format --output "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml" "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
+ DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
+ COMMENT "[${PRODUCT}-content] generating ssg-${PRODUCT}-ds-1.2.xml"
+ )
+ add_custom_target(
+ generate-ssg-${PRODUCT}-ds.xml
+ DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
+ DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
+ )
+ else()
+ add_custom_target(
+ generate-ssg-${PRODUCT}-ds.xml
+ DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
)
endif()
- add_custom_target(
- generate-ssg-${PRODUCT}-ds.xml
- DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
- DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
- )
if("${PRODUCT}" MATCHES "rhel(6|7|8|9)")
add_test(
@@ -626,10 +636,12 @@ macro(ssg_build_sds PRODUCT)
NAME "validate-ssg-${PRODUCT}-ds.xml"
COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-validate "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
)
- add_test(
- NAME "validate-ssg-${PRODUCT}-ds-1.2.xml"
- COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-validate "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
- )
+ if(SSG_BUILD_SCAP_12_DS)
+ add_test(
+ NAME "validate-ssg-${PRODUCT}-ds-1.2.xml"
+ COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-validate "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
+ )
+ endif()
endif()
endmacro()
@@ -640,7 +652,6 @@ macro(ssg_build_html_guides PRODUCT)
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/build_all_guides.py" --input "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" --output "${CMAKE_BINARY_DIR}/guides" build
DEPENDS generate-ssg-${PRODUCT}-ds.xml
DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
- DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
COMMENT "[${PRODUCT}-guides] generating HTML guides for all profiles in ssg-${PRODUCT}-ds.xml"
)
add_custom_target(
@@ -854,8 +865,10 @@ macro(ssg_build_product PRODUCT)
install(FILES "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml"
DESTINATION "${SSG_CONTENT_INSTALL_DIR}")
- install(FILES "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
- DESTINATION "${SSG_CONTENT_INSTALL_DIR}")
+ if(SSG_BUILD_SCAP_12_DS)
+ install(FILES "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds-1.2.xml"
+ DESTINATION "${SSG_CONTENT_INSTALL_DIR}")
+ endif()
# This is a common cmake trick, we need the globbing to happen at build time
# and not configure time.
@@ -927,21 +940,34 @@ macro(ssg_build_derivative_product ORIGINAL SHORTNAME DERIVATIVE)
add_custom_command(
OUTPUT "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds.xml"
OUTPUT "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
- COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/enable_derivatives.py" --enable-${SHORTNAME} -i "${CMAKE_BINARY_DIR}/ssg-${ORIGINAL}-ds-1.2.xml" -o "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml" "${CMAKE_CURRENT_SOURCE_DIR}/product.yml" ${DERIVATIVE} --id-name ssg
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/enable_derivatives.py" --enable-${SHORTNAME} -i "${CMAKE_BINARY_DIR}/ssg-${ORIGINAL}-ds.xml" -o "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds.xml" "${CMAKE_CURRENT_SOURCE_DIR}/product.yml" ${DERIVATIVE} --id-name ssg
COMMAND "${XMLLINT_EXECUTABLE}" --nsclean --format --output "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds.xml" "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds.xml"
- COMMAND "${XMLLINT_EXECUTABLE}" --nsclean --format --output "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml" "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
DEPENDS generate-ssg-${ORIGINAL}-ds.xml
DEPENDS "${CMAKE_BINARY_DIR}/ssg-${ORIGINAL}-ds.xml"
- DEPENDS "${CMAKE_BINARY_DIR}/ssg-${ORIGINAL}-ds-1.2.xml"
DEPENDS "${SSG_BUILD_SCRIPTS}/enable_derivatives.py"
- COMMENT "[${DERIVATIVE}-content] generating ssg-${DERIVATIVE}-ds.xml and ssg-${DERIVATIVE}-ds-1.2.xml"
- )
- add_custom_target(
- generate-ssg-${DERIVATIVE}-ds.xml
- DEPENDS "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds.xml"
- DEPENDS "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
+ COMMENT "[${DERIVATIVE}-content] generating ssg-${DERIVATIVE}-ds.xml"
)
+ if (SSG_BUILD_SCAP_12_DS)
+ add_custom_command(
+ OUTPUT "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/enable_derivatives.py" --enable-${SHORTNAME} -i "${CMAKE_BINARY_DIR}/ssg-${ORIGINAL}-ds-1.2.xml" -o "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml" "${CMAKE_CURRENT_SOURCE_DIR}/product.yml" ${DERIVATIVE} --id-name ssg
+ COMMAND "${XMLLINT_EXECUTABLE}" --nsclean --format --output "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml" "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
+ DEPENDS "${CMAKE_BINARY_DIR}/ssg-${ORIGINAL}-ds-1.2.xml"
+ DEPENDS "${SSG_BUILD_SCRIPTS}/enable_derivatives.py"
+ COMMENT "[${DERIVATIVE}-content] generating ssg-${DERIVATIVE}-ds-1.2.xml"
+ )
+ add_custom_target(
+ generate-ssg-${DERIVATIVE}-ds.xml
+ DEPENDS "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds.xml"
+ DEPENDS "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
+ )
+ else()
+ add_custom_target(
+ generate-ssg-${DERIVATIVE}-ds.xml
+ DEPENDS "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds.xml"
+ )
+ endif()
+
define_validate_product("${PRODUCT}")
if ("${VALIDATE_PRODUCT}" OR "${FORCE_VALIDATE_EVERYTHING}")
add_test(
@@ -952,10 +978,12 @@ macro(ssg_build_derivative_product ORIGINAL SHORTNAME DERIVATIVE)
NAME "validate-ssg-${DERIVATIVE}-ds.xml"
COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-validate "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds.xml"
)
- add_test(
- NAME "validate-ssg-${DERIVATIVE}-ds-1.2.xml"
- COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-validate "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
- )
+ if (SSG_BUILD_SCAP_12_DS)
+ add_test(
+ NAME "validate-ssg-${DERIVATIVE}-ds-1.2.xml"
+ COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" ds sds-validate "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
+ )
+ endif()
endif()
add_custom_target(${DERIVATIVE} ALL)
@@ -1004,8 +1032,10 @@ macro(ssg_build_derivative_product ORIGINAL SHORTNAME DERIVATIVE)
install(FILES "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds.xml"
DESTINATION "${SSG_CONTENT_INSTALL_DIR}")
- install(FILES "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
- DESTINATION "${SSG_CONTENT_INSTALL_DIR}")
+ if(SSG_BUILD_SCAP_12_DS)
+ install(FILES "${CMAKE_BINARY_DIR}/ssg-${DERIVATIVE}-ds-1.2.xml"
+ DESTINATION "${SSG_CONTENT_INSTALL_DIR}")
+ endif()
# This is a common cmake trick, we need the globbing to happen at build time
# and not configure time.
From 466d3cb4dac4688e234a0fd0eff7fb6e6ae4c578 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 21 May 2021 09:50:25 +0200
Subject: [PATCH 4/4] Add options for Bash and Ansible to build_product
This will allow people to build easily without Bash scripts
or without Ansible Playbooks.
---
build_product | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/build_product b/build_product
index cf84199e22e..8a186fbae0e 100755
--- a/build_product
+++ b/build_product
@@ -7,6 +7,8 @@
# ARG_OPTIONAL_SINGLE([jobs],[j],[Count of simultaneous jobs],[auto])
# ARG_OPTIONAL_BOOLEAN([debug],[],[Make a debug build with draft profiles],[off])
# ARG_OPTIONAL_BOOLEAN([derivatives],[],[Also build derivatives of products if applicable],[off])
+# ARG_OPTIONAL_BOOLEAN([ansible-playbooks],[],[Build Ansible Playbooks for every profile],[on])
+# ARG_OPTIONAL_BOOLEAN([bash-scripts],[],[Build Bash remediation scripts for every profile],[on])
# ARG_OPTIONAL_BOOLEAN([datastream-only],[],[Build the datastream only. Do not build any of the guides, tables, etc],[off])
# ARG_USE_ENV([ADDITIONAL_CMAKE_OPTIONS],[],[Whitespace-separated string of arguments to pass to CMake])
# ARG_POSITIONAL_INF([product],[Products to build, ALL means all products],[0],[ALL])
@@ -71,19 +73,23 @@ _arg_builder="auto"
_arg_jobs="auto"
_arg_debug="off"
_arg_derivatives="off"
+_arg_ansible_playbooks="on"
+_arg_bash_scripts="on"
_arg_datastream_only="off"
print_help()
{
printf '%s\n' "Wipes out contents of the 'build' directory and builds only and only the given products."
- printf 'Usage: %s [-o|--oval <VERSION>] [-b|--builder <BUILDER>] [-j|--jobs <arg>] [--(no-)debug] [--(no-)derivatives] [--(no-)datastream-only] [-h|--help] [<product-1>] ... [<product-n>] ...\n' "$0"
+ printf 'Usage: %s [-o|--oval <VERSION>] [-b|--builder <BUILDER>] [-j|--jobs <arg>] [--(no-)debug] [--(no-)derivatives] [--(no-)ansible-playbooks] [--(no-)bash-scripts] [--(no-)datastream-only] [-h|--help] [<product-1>] ... [<product-n>] ...\n' "$0"
printf '\t%s\n' "<product>: Products to build, ALL means all products (defaults for <product>: 'ALL')"
printf '\t%s\n' "-o, --oval: OVAL version. Can be one of: '5.10', '5.11' and 'auto' (default: 'auto')"
printf '\t%s\n' "-b, --builder: Builder engine. Can be one of: 'make', 'ninja' and 'auto' (default: 'auto')"
printf '\t%s\n' "-j, --jobs: Count of simultaneous jobs (default: 'auto')"
printf '\t%s\n' "--debug, --no-debug: Make a debug build with draft profiles (off by default)"
printf '\t%s\n' "--derivatives, --no-derivatives: Also build derivatives of products if applicable (off by default)"
+ printf '\t%s\n' "--ansible-playbooks, --no-ansible-playbooks: Build Ansible Playbooks for every profile (on by default)"
+ printf '\t%s\n' "--bash-scripts, --no-bash-scripts: Build Bash remediation scripts for every profile (on by default)"
printf '\t%s\n' "--datastream-only, --no-datastream-only: Build the datastream only. Do not build any of the guides, tables, etc (off by default)"
printf '\t%s\n' "-h, --help: Prints help"
printf '\nEnvironment variables that are supported:\n'
@@ -140,6 +146,14 @@ parse_commandline()
_arg_derivatives="on"
test "${1:0:5}" = "--no-" && _arg_derivatives="off"
;;
+ --no-ansible-playbooks|--ansible-playbooks)
+ _arg_ansible_playbooks="on"
+ test "${1:0:5}" = "--no-" && _arg_ansible_playbooks="off"
+ ;;
+ --no-bash-scripts|--bash-scripts)
+ _arg_bash_scripts="on"
+ test "${1:0:5}" = "--no-" && _arg_bash_scripts="off"
+ ;;
--no-datastream-only|--datastream-only)
_arg_datastream_only="on"
test "${1:0:5}" = "--no-" && _arg_datastream_only="off"
@@ -339,6 +353,12 @@ done
CMAKE_OPTIONS=(${ADDITIONAL_CMAKE_OPTIONS} "${build_type_option}" "${oval_major_version_option}" "${oval_minor_version_option}" '-DSSG_PRODUCT_DEFAULT=OFF' "${cmake_enable_args[@]}" -G "$cmake_generator")
set_no_derivatives_options
+if [ "$_arg_ansible_playbooks" = off ] ; then
+ CMAKE_OPTIONS+=("-DSSG_ANSIBLE_PLAYBOOKS_ENABLED:BOOL=OFF")
+fi
+if [ "$_arg_bash_scripts" = off ] ; then
+ CMAKE_OPTIONS+=("-DSSG_BASH_SCRIPTS_ENABLED:BOOL=OFF")
+fi
EXPLICIT_BUILD_TARGETS=()
set_explict_build_targets
Reference in New Issue View Git Blame Copy Permalink