Add entrypoints to the build_product script

ComplianceAsCode · Feb 9, 2024 · e626604 · e626604
1 parent 6515f81
commit e626604
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 4 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -13,6 +13,7 @@ if(SSG_LOG)
     set(LOG_LEVEL "DEBUG")
 endif()
 
+
 project(scap-security-guide NONE)
 
 list(APPEND CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake")
@@ -275,6 +276,7 @@ message(STATUS "Separate SCAP files: ${SSG_SEPARATE_SCAP_FILES_ENABLED}")
 message(STATUS "Ansible Playbooks: ${SSG_ANSIBLE_PLAYBOOKS_ENABLED}")
 message(STATUS "Ansible Playbooks Per Rule: ${SSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED}")
 message(STATUS "Bash scripts: ${SSG_BASH_SCRIPTS_ENABLED}")
+message(STATUS "Thin Datastreams: ${SSG_THIN_DS}")
 if(SSG_JINJA2_CACHE_ENABLED)
     message(STATUS "jinja2 cache: enabled")
     message(STATUS "jinja2 cache dir: ${SSG_JINJA2_CACHE_DIR}")

diff --git a/build_product b/build_product
@@ -79,7 +79,8 @@ _arg_bash_scripts="on"
 _arg_datastream_only="off"
 _arg_profiling="off"
 _arg_log="off"
-
+_arg_thin_datastream="off"
+_arg_rule_id="off"
 
 print_help()
 {
@@ -93,6 +94,8 @@ print_help()
 	printf '\t%s\n' "--derivatives, --no-derivatives: Also build derivatives of products if applicable (off by default)"
 	printf '\t%s\n' "--ansible-playbooks, --no-ansible-playbooks: Build Ansible Playbooks for every profile (on by default)"
 	printf '\t%s\n' "--bash-scripts, --no-bash-scripts: Build Bash remediation scripts for every profile (on by default)"
+	printf '\t%s\n' "-t, --thin, --no-thin: Build thin data streams for each rule. Do not build any of the guides, tables, etc (off by default)"
+	printf '\t%s\n' "-r, --rule-id: Rule ID: Build a thin data stream with the specified rule. Do not build any of the guides, tables, etc (off by default)"
 	printf '\t%s\n' "-d, --datastream-only, --no-datastream-only: Build the data stream only. Do not build any of the guides, tables, etc (off by default)"
 	printf '\t%s\n' "-p, --profiling, --no-profiling: Use ninja and call the build_profiler.sh util (off by default)"
 	printf '\t%s\n' "-l, --log, --no-log: Logs all debugging messages (off by default)"
@@ -147,6 +150,17 @@ parse_commandline()
 				_arg_debug="on"
 				test "${1:0:5}" = "--no-" && _arg_debug="off"
 				;;
+			-r|--rule-id)
+				_arg_rule_id="$2"
+				test $# -lt 2 && _arg_rule_id="ALL_RULES"
+				shift
+				;;
+			--rule-id=*)
+				_arg_rule_id="${_key##--oval=}"
+				;;
+			-r*)
+				_arg_rule_id="${_key##-r}"
+				;;
 			--no-derivatives|--derivatives)
 				_arg_derivatives="on"
 				test "${1:0:5}" = "--no-" && _arg_derivatives="off"
@@ -159,6 +173,18 @@ parse_commandline()
 				_arg_bash_scripts="on"
 				test "${1:0:5}" = "--no-" && _arg_bash_scripts="off"
 				;;
+			-t|--no-thin|--thin)
+				_arg_thin_datastream="on"
+				test "${1:0:5}" = "--no-" && _arg_thin_datastream="off"
+				;;
+			-t*)
+				_arg_thin_datastream="on"
+				_next="${_key##-d}"
+				if test -n "$_next" -a "$_next" != "$_key"
+				then
+					{ begins_with_short_option "$_next" && shift && set -- "-d" "-${_next}" "$@"; } || die "The short option '$_key' can't be decomposed to ${_key:0:2} and -${_key:2}, because ${_key:0:2} doesn't accept value and '-${_key:2:1}' doesn't correspond to a short option."
+				fi
+				;;
 			-d|--no-datastream-only|--datastream-only)
 				_arg_datastream_only="on"
 				test "${1:0:5}" = "--no-" && _arg_datastream_only="off"
@@ -309,7 +335,7 @@ set_no_derivatives_options() {
 }
 
 set_explict_build_targets() {
-	if test "$_arg_datastream_only" = on ; then
+	if test "$_arg_datastream_only" = on || test "$_arg_thin_datastream" = on || test "$_arg_rule_id" != off ; then
 		for chosen_product in "${_arg_product[@]}"; do
 			EXPLICIT_BUILD_TARGETS+=("generate-ssg-$(to_lowercase "$chosen_product")-ds.xml")
 		done
@@ -414,6 +440,21 @@ else
 fi
 
 
+if [ "$_arg_rule_id" != off ] ; then
+	_arg_thin_datastream="on"
+	CMAKE_OPTIONS+=("-DSSG_THIN_DS_RULE_ID:STR=${_arg_rule_id}")
+elif [ "$_arg_thin_datastream" == on ] && [ "$_arg_rule_id" == off ] ; then
+	CMAKE_OPTIONS+=("-DSSG_THIN_DS_RULE_ID:STR=ALL_RULES")
+else
+	CMAKE_OPTIONS+=("-DSSG_THIN_DS_RULE_ID:STR=off")
+fi
+
+if [ "$_arg_thin_datastream" = on ] ; then
+	CMAKE_OPTIONS+=("-DSSG_THIN_DS:BOOL=ON")
+else
+	CMAKE_OPTIONS+=("-DSSG_THIN_DS:BOOL=OFF")
+fi
+
 set -e
 rm -rf build/*
 cd build

diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
@@ -118,7 +118,7 @@ macro(ssg_build_compiled_artifacts PRODUCT)
         add_custom_command(
             OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/ssg_build_compile_all-${PRODUCT}"
             COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/profiles"
-            COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/compile_all.py" --resolved-base "${CMAKE_CURRENT_BINARY_DIR}" --project-root "${CMAKE_SOURCE_DIR}" --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" --product-yaml "${CMAKE_CURRENT_BINARY_DIR}/product.yml" --sce-metadata "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json"
+            COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/compile_all.py" --resolved-base "${CMAKE_CURRENT_BINARY_DIR}" --project-root "${CMAKE_SOURCE_DIR}" --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" --product-yaml "${CMAKE_CURRENT_BINARY_DIR}/product.yml" --sce-metadata "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json" --rule-id "${SSG_THIN_DS_RULE_ID}"
             COMMAND ${CMAKE_COMMAND} -E touch "${CMAKE_CURRENT_BINARY_DIR}/ssg_build_compile_all-${PRODUCT}"
             DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/product.yml"
             DEPENDS generate-internal-${PRODUCT}-sce-metadata.json "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json"
@@ -128,7 +128,7 @@ macro(ssg_build_compiled_artifacts PRODUCT)
         add_custom_command(
             OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/ssg_build_compile_all-${PRODUCT}"
             COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/profiles"
-            COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/compile_all.py" --resolved-base "${CMAKE_CURRENT_BINARY_DIR}" --project-root "${CMAKE_SOURCE_DIR}" --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" --product-yaml "${CMAKE_CURRENT_BINARY_DIR}/product.yml" --sce-metadata "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json" --stig-references "${STIG_REFERENCE_FILE}"
+            COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/compile_all.py" --resolved-base "${CMAKE_CURRENT_BINARY_DIR}" --project-root "${CMAKE_SOURCE_DIR}" --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" --product-yaml "${CMAKE_CURRENT_BINARY_DIR}/product.yml" --sce-metadata "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json" --stig-references "${STIG_REFERENCE_FILE}" --rule-id "${SSG_THIN_DS_RULE_ID}"
             COMMAND ${CMAKE_COMMAND} -E touch "${CMAKE_CURRENT_BINARY_DIR}/ssg_build_compile_all-${PRODUCT}"
             DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/product.yml"
             DEPENDS generate-internal-${PRODUCT}-sce-metadata.json "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json"