Add an SSG module for interacting with SSG

[akofink]

Policies and Rules come from the SCAP Security Guide, generated from
https://github.com/ComplianceAsCode/content. This adds rake tasks to
download and unarchive released versions of SSG for a given application,
and a shortcut rake task for all the RHEL SSG content.

rake ssg:sync_rhel
Archive:  scap-security-guide-0.1.46.zip
  inflating: scap-security-guide-0.1.46/ssg-rhel6-ds.xml  
  inflating: scap-security-guide-0.1.46/ssg-rhel7-ds.xml  
  inflating: scap-security-guide-0.1.46/ssg-rhel8-ds.xml

Todo:

• docs
• tests

It seems weird to namespace parts of this under OpenscapParser, such as the Downloader and Unarchiver, since they do no parsing of SCAP content.

@dLobatog I'd like a sanity check here before I go further with tests and docs. I plan on submitting another PR for any additional parsing code we need.

Signed-off-by: Andrew Kofink akofink@redhat.com

[akofink]

In general, I've tried to design these two classes so that the methods are short and well-named so it's easy to understand what is happening without a bunch of comments.

[akofink]

This method is coupled to GitHub's releases api, unfortunately. If they change the structure of the response, we'll have to update this method. It's essentially:

http https://api.github.com/repos/ComplianceAsCode/content/releases/latest | jq '.assets[] | .browser_download_url'

[ares]

How official source is this?

[akofink]

It doesn't look good :( (from #openscap on irc.devel.rh):

13:00   akofink ╡ o/ Hi - how reliably do the releases at https://github.com/ComplianceAsCode/content/releases match what is packaged and shipped as RPMs to RHEL?
13:01         ⤷ ╡ like, RHEL7 has scap-security-guide-0.1.43-13.el7.noarch - are the datastreams provided guaranteed to match tag v0.1.43 on github?
13:11   ascheel ╡ akofink: (I don't work on this team any more, and everyone who still does is UTC+2) -- I think dist-git is your friend here.
13:13   ascheel ╡ akofink: `rhpkg clone scap-security-guide` -- 7.7 has what you see there, 7.8 has a rebase to v0.1.46. There's a number of patches (~28) which have been picked on top of 0.1.43 tarball.
13:14   akofink ╡ hrmm, okay :/ it seems more complicated than I expected
13:14   ascheel ╡ akofink: What are you looking for in particular while I have it up?
13:15   akofink ╡ I'm writing a thing to download and extract certain datastreams of specific versions of the SSG, and we'd like to sync the SSG provided to RHEL6, 7, and 8. It seems like the only way to really do that is to look at the RHEL package repos
13:16         ⤷ ╡ https://github.com/dLobatog/openscap_parser/pull/12 if you're interested
13:16         ⤷ ╡ (the openscap ffi gem has memory leaks last we checked)
13:17   ascheel ╡ Yeah, sorry. The RHEL packaging process kinda hinders SSG here.
13:17   akofink ╡ thanks for the pointers though :)
13:18   ascheel ╡ akofink: Yeah looks like they've picked ~66 commits on top of that tag.
13:18   akofink ╡ geez

[akofink]

I've also sent an email to scap-internal-list with the subject "Hosted SSG - A Use Case for cloud.redhat.com" if you're interested in following the discussion there.

[dLobatog]

@akofink Thanks! It looks good to me, I was able to download and test it successfully.

I would not really do any testing since you're just calling libraries to download/unarchive. I wonder as you said though, if this is part of openscap_parser or should it rather be a openscap_ssg_downloader - I don't mind keeping it here as it's definitely handy and would help all users of openscap_parser, but IMO this should be another library. Your call.

[akofink]

Added a Readme. @dLobatog no tests, really?

[akofink]

Added a couple simple tests. This should be ready for final review

[dLobatog]

That's awesome @akofink , thank you! Let's get this in so we can run it already 😄