Build profile bash scripts differently #11028
Conversation
jan-cerny
added
enhancement
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
jan-cerny
force-pushed
the
build_bash_scripts
branch
from
7be487e
to
0cf3a78
Compare
|
/packit retest-failed |
This commit introduces a new script to generate profile oriented Bash remediation scripts. It replaces the current way that uses the `oscap` tool under the hood. The new script doesn't use `oscap`. It processes the data stream directly and it generates the remediation for all profiles at a single pass. The new script is faster than the current script by 80 %.
jan-cerny
force-pushed
the
build_bash_scripts
branch
from
0cf3a78
to
99020b9
Compare
|
I have resolved Code Climate problems and I have rebased this PR on the top of the latest upstream master branch. |
| @@ -0,0 +1,258 @@ | |||
| #!/usr/bin/python3 | |||
There was a problem hiding this comment.
This isn't useful since the script is 644.
| commented_profile_description += commented_line | ||
| profile_id = profile.get("id") | ||
| xccdf_version_name = "1.2" | ||
| oscap_version = "1.3.8" |
There was a problem hiding this comment.
Do we really want to hard code this?
| "# Benchmark Version: %s\n" | ||
| "# XCCDF Version: %s\n" | ||
| "#\n" | ||
| "# This file was generated by OpenSCAP %s using:\n" |
There was a problem hiding this comment.
I'm not sure how I feel about this. This is not true.
Maybe we want to change "can be generated with"
There was a problem hiding this comment.
I intentionally left it there to keep it identical and I was wondering if there will be any opinion on it. I agree with you, I will improve it in the next commit.
This commit will cause that the generated Bash script will be slightly different than the Bash script generated by the `oscap xccdf generate fix command`. It changes the header. The reason is that we shouldn't say that the script has been generated by OpenSCAP, that isn't true.
|
I have add executable permission and improved the remediation header |
|
Code Climate has analyzed commit fc7698b and detected 2 issues on this pull request. Here's the issue category breakdown:
The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 53.3% (0.0% change). View more on Code Climate. |
|
/packit retest-failed |
Description:
This commit introduces a new script to generate profile oriented Bash remediation scripts. It replaces the current way that uses the
oscaptool under the hood. The new script doesn't useoscap. It processes the data stream directly and it generates the remediation for all profiles at a single pass. The new script is faster than the current script by 80 %.Rationale:
Review Hints:
Build content from the master branch and from this PR branch. Compare the files in the
build/bashdirectory in the old and new version using tools likemeldordiff.