From e626604d153ded0d4ee63165ddf595a28e9c55fc Mon Sep 17 00:00:00 2001 From: Jan Rodak Date: Tue, 6 Feb 2024 17:22:03 +0100 Subject: [PATCH] Add entrypoints to the build_product script --- CMakeLists.txt | 2 ++ build_product | 45 +++++++++++++++++++++++++++++++++++++++++-- cmake/SSGCommon.cmake | 4 ++-- 3 files changed, 47 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 2fa3d588ed80..afccdc2760b2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -13,6 +13,7 @@ if(SSG_LOG) set(LOG_LEVEL "DEBUG") endif() + project(scap-security-guide NONE) list(APPEND CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake") @@ -275,6 +276,7 @@ message(STATUS "Separate SCAP files: ${SSG_SEPARATE_SCAP_FILES_ENABLED}") message(STATUS "Ansible Playbooks: ${SSG_ANSIBLE_PLAYBOOKS_ENABLED}") message(STATUS "Ansible Playbooks Per Rule: ${SSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED}") message(STATUS "Bash scripts: ${SSG_BASH_SCRIPTS_ENABLED}") +message(STATUS "Thin Datastreams: ${SSG_THIN_DS}") if(SSG_JINJA2_CACHE_ENABLED) message(STATUS "jinja2 cache: enabled") message(STATUS "jinja2 cache dir: ${SSG_JINJA2_CACHE_DIR}") diff --git a/build_product b/build_product index 34c74f12aeff..24a4c39dc3b8 100755 --- a/build_product +++ b/build_product @@ -79,7 +79,8 @@ _arg_bash_scripts="on" _arg_datastream_only="off" _arg_profiling="off" _arg_log="off" - +_arg_thin_datastream="off" +_arg_rule_id="off" print_help() { @@ -93,6 +94,8 @@ print_help() printf '\t%s\n' "--derivatives, --no-derivatives: Also build derivatives of products if applicable (off by default)" printf '\t%s\n' "--ansible-playbooks, --no-ansible-playbooks: Build Ansible Playbooks for every profile (on by default)" printf '\t%s\n' "--bash-scripts, --no-bash-scripts: Build Bash remediation scripts for every profile (on by default)" + printf '\t%s\n' "-t, --thin, --no-thin: Build thin data streams for each rule. Do not build any of the guides, tables, etc (off by default)" + printf '\t%s\n' "-r, --rule-id: Rule ID: Build a thin data stream with the specified rule. Do not build any of the guides, tables, etc (off by default)" printf '\t%s\n' "-d, --datastream-only, --no-datastream-only: Build the data stream only. Do not build any of the guides, tables, etc (off by default)" printf '\t%s\n' "-p, --profiling, --no-profiling: Use ninja and call the build_profiler.sh util (off by default)" printf '\t%s\n' "-l, --log, --no-log: Logs all debugging messages (off by default)" @@ -147,6 +150,17 @@ parse_commandline() _arg_debug="on" test "${1:0:5}" = "--no-" && _arg_debug="off" ;; + -r|--rule-id) + _arg_rule_id="$2" + test $# -lt 2 && _arg_rule_id="ALL_RULES" + shift + ;; + --rule-id=*) + _arg_rule_id="${_key##--oval=}" + ;; + -r*) + _arg_rule_id="${_key##-r}" + ;; --no-derivatives|--derivatives) _arg_derivatives="on" test "${1:0:5}" = "--no-" && _arg_derivatives="off" @@ -159,6 +173,18 @@ parse_commandline() _arg_bash_scripts="on" test "${1:0:5}" = "--no-" && _arg_bash_scripts="off" ;; + -t|--no-thin|--thin) + _arg_thin_datastream="on" + test "${1:0:5}" = "--no-" && _arg_thin_datastream="off" + ;; + -t*) + _arg_thin_datastream="on" + _next="${_key##-d}" + if test -n "$_next" -a "$_next" != "$_key" + then + { begins_with_short_option "$_next" && shift && set -- "-d" "-${_next}" "$@"; } || die "The short option '$_key' can't be decomposed to ${_key:0:2} and -${_key:2}, because ${_key:0:2} doesn't accept value and '-${_key:2:1}' doesn't correspond to a short option." + fi + ;; -d|--no-datastream-only|--datastream-only) _arg_datastream_only="on" test "${1:0:5}" = "--no-" && _arg_datastream_only="off" @@ -309,7 +335,7 @@ set_no_derivatives_options() { } set_explict_build_targets() { - if test "$_arg_datastream_only" = on ; then + if test "$_arg_datastream_only" = on || test "$_arg_thin_datastream" = on || test "$_arg_rule_id" != off ; then for chosen_product in "${_arg_product[@]}"; do EXPLICIT_BUILD_TARGETS+=("generate-ssg-$(to_lowercase "$chosen_product")-ds.xml") done @@ -414,6 +440,21 @@ else fi +if [ "$_arg_rule_id" != off ] ; then + _arg_thin_datastream="on" + CMAKE_OPTIONS+=("-DSSG_THIN_DS_RULE_ID:STR=${_arg_rule_id}") +elif [ "$_arg_thin_datastream" == on ] && [ "$_arg_rule_id" == off ] ; then + CMAKE_OPTIONS+=("-DSSG_THIN_DS_RULE_ID:STR=ALL_RULES") +else + CMAKE_OPTIONS+=("-DSSG_THIN_DS_RULE_ID:STR=off") +fi + +if [ "$_arg_thin_datastream" = on ] ; then + CMAKE_OPTIONS+=("-DSSG_THIN_DS:BOOL=ON") +else + CMAKE_OPTIONS+=("-DSSG_THIN_DS:BOOL=OFF") +fi + set -e rm -rf build/* cd build diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake index ea0f67644795..2e0927348491 100644 --- a/cmake/SSGCommon.cmake +++ b/cmake/SSGCommon.cmake @@ -118,7 +118,7 @@ macro(ssg_build_compiled_artifacts PRODUCT) add_custom_command( OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/ssg_build_compile_all-${PRODUCT}" COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/profiles" - COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/compile_all.py" --resolved-base "${CMAKE_CURRENT_BINARY_DIR}" --project-root "${CMAKE_SOURCE_DIR}" --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" --product-yaml "${CMAKE_CURRENT_BINARY_DIR}/product.yml" --sce-metadata "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json" + COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/compile_all.py" --resolved-base "${CMAKE_CURRENT_BINARY_DIR}" --project-root "${CMAKE_SOURCE_DIR}" --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" --product-yaml "${CMAKE_CURRENT_BINARY_DIR}/product.yml" --sce-metadata "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json" --rule-id "${SSG_THIN_DS_RULE_ID}" COMMAND ${CMAKE_COMMAND} -E touch "${CMAKE_CURRENT_BINARY_DIR}/ssg_build_compile_all-${PRODUCT}" DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/product.yml" DEPENDS generate-internal-${PRODUCT}-sce-metadata.json "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json" @@ -128,7 +128,7 @@ macro(ssg_build_compiled_artifacts PRODUCT) add_custom_command( OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/ssg_build_compile_all-${PRODUCT}" COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/profiles" - COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/compile_all.py" --resolved-base "${CMAKE_CURRENT_BINARY_DIR}" --project-root "${CMAKE_SOURCE_DIR}" --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" --product-yaml "${CMAKE_CURRENT_BINARY_DIR}/product.yml" --sce-metadata "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json" --stig-references "${STIG_REFERENCE_FILE}" + COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/compile_all.py" --resolved-base "${CMAKE_CURRENT_BINARY_DIR}" --project-root "${CMAKE_SOURCE_DIR}" --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" --product-yaml "${CMAKE_CURRENT_BINARY_DIR}/product.yml" --sce-metadata "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json" --stig-references "${STIG_REFERENCE_FILE}" --rule-id "${SSG_THIN_DS_RULE_ID}" COMMAND ${CMAKE_COMMAND} -E touch "${CMAKE_CURRENT_BINARY_DIR}/ssg_build_compile_all-${PRODUCT}" DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/product.yml" DEPENDS generate-internal-${PRODUCT}-sce-metadata.json "${CMAKE_CURRENT_BINARY_DIR}/checks/sce/metadata.json"