Manually build openscap

ComplianceAsCode · Aug 6, 2024 · 14d94c8 · 14d94c8
1 parent 16520f5
commit 14d94c8
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 4 deletions.
diff --git a/.github/workflows/automatus-ubuntu2204.yaml b/.github/workflows/automatus-ubuntu2204.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Install Deps
-        run: sudo apt-get update && sudo apt-get install -y cmake ninja-build libopenscap8 python3-yaml python3-jinja2 git python3-deepdiff python3-requests jq python3-pip libxml2-utils xsltproc
+        run: sudo apt-get update && sudo apt-get install -y cmake ninja-build python3-yaml python3-jinja2 git python3-deepdiff python3-requests jq python3-pip libxml2-utils xsltproc ansible-lint wget libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python3 swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libyaml-dev libxmlsec1-dev libxmlsec1-openssl
       - name: Install deps python
         run: pip3 install gitpython xmldiff compliance-trestle==2.4.0 lxml lxml-stubs requests
       - name: Checkout
@@ -53,6 +53,15 @@ jobs:
         with:
           path: 'output.json'
           prop_path: 'product'
+      - name: Download OpenSCAP
+        run: wget https://github.com/OpenSCAP/openscap/releases/download/1.3.10/openscap-1.3.10.tar.gz
+      - name: Extract OpenSCAP
+        run: tar xf openscap-1.3.10.tar.gz
+      - name: Build OpenSCAP
+        run: |
+          cd openscap-1.3.10
+          cmake -Bbuild -DCMAKE_INSTALL_PREFIX=/usr .
+          sudo cmake --build build --target install
       - name: Build product
         if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
         run: ./build_product ubuntu2204
@@ -67,7 +76,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Install Deps
-        run: sudo apt update && sudo apt install -y cmake ninja-build libopenscap8 libxml2-utils xsltproc python3-jinja2 python3-yaml ansible-lint podman
+        run: sudo apt update && sudo apt install -y cmake ninja-build libxml2-utils xsltproc python3-jinja2 python3-yaml ansible-lint podman wget libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python3 swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libyaml-dev libxmlsec1-dev libxmlsec1-openssl
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Get cached CTF output
@@ -78,6 +87,15 @@ jobs:
         # continue even if the file is unavailable that
         # means there are no changes detected by CTF in the previous job
         continue-on-error: true
+      - name: Download OpenSCAP
+        run: wget https://github.com/OpenSCAP/openscap/releases/download/1.3.10/openscap-1.3.10.tar.gz
+      - name: Extract OpenSCAP
+        run: tar xf openscap-1.3.10.tar.gz
+      - name: Build OpenSCAP
+        run: |
+          cd openscap-1.3.10
+          cmake -Bbuild -DCMAKE_INSTALL_PREFIX=/usr .
+          sudo cmake --build build --target install
       - name: Test if there are no content changes
         if: ${{ steps.get_ctf_output.outcome == 'success' }}
         run: echo "CTF_OUTPUT_SIZE=$(stat --printf="%s" output.json)" >> $GITHUB_OUTPUT
@@ -90,7 +108,7 @@ jobs:
         run: ssh-keygen -N '' -t rsa -f ~/.ssh/id_rsa
       - name: Build test suite container
         if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
-        run: podman build --build-arg "CLIENT_PUBLIC_KEY=$(cat ~/.ssh/id_rsa.pub)" -t ssg_test_suite -f test_suite-ubuntu2204
+        run: podman build --build-arg "CLIENT_PUBLIC_KEY=$(cat ~/.ssh/id_rsa.pub)" --build-arg "ADDITIONAL_PACKAGES=cmake ninja-build python3-yaml python3-jinja2 python3-deepdiff python3-requests jq python3-pip libxml2-utils xsltproc ansible-lint wget libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python3 swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libyaml-dev libxmlsec1-dev libxmlsec1-openssl" -t ssg_test_suite -f test_suite-ubuntu2204
         working-directory: ./Dockerfiles
       - name: Get oscap-ssh
         if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}

diff --git a/Dockerfiles/test_suite-ubuntu2204 b/Dockerfiles/test_suite-ubuntu2204
@@ -5,16 +5,23 @@ ENV AUTH_KEYS=/root/.ssh/authorized_keys
 
 ARG CLIENT_PUBLIC_KEY
 ARG ADDITIONAL_PACKAGES
+ARG DEBIAN_FRONTEND=noninteractive
 
 # Install Python so Ansible remediations can work
 # Don't clean all, as the test scenario may require package install.
 RUN true \
-        && apt-get update && apt-get install -y openssh-server libopenscap8 \
+        && apt-get update && apt-get install -y openssh-server \
 		python3 \
 		$ADDITIONAL_PACKAGES \
         && true
 
 RUN true \
+        && wget https://github.com/OpenSCAP/openscap/releases/download/1.3.10/openscap-1.3.10.tar.gz \
+        && tar xf openscap-1.3.10.tar.gz && cd openscap-1.3.10 \
+        && cmake -Bbuild -DCMAKE_INSTALL_PREFIX=/usr . \
+        && cmake --build build --target install
+RUN true \
+        && ssh-keygen -A \
         && mkdir -p /root/.ssh \
         && printf "%s\n" "$CLIENT_PUBLIC_KEY" >> "$AUTH_KEYS" \
         && chmod og-rw /root/.ssh "$AUTH_KEYS" \