OpenSCAP · jan-cerny · Nov 26, 2021 · Jun 1, 2020 · Oct 6, 2020 · Nov 4, 2020
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -13,7 +13,7 @@ jobs:
       image: fedora:35
     steps:
       - name: Install Deps
-        run: dnf install -y make anaconda openscap-python3 python3-cpio python3-mock python3-pytest python3-pycurl
+        run: dnf install -y make anaconda python3-pytest python3-pycurl openscap-scanner
       - name: Checkout
         uses: actions/checkout@v2
       - name: Test

diff --git a/AUTHORS b/AUTHORS
@@ -0,0 +1,3 @@
+Vratislav Podzimek <v.podzimek@mykolab.com> - original author of the addon
+Ignacio Vazquez-Abrams <ivazquez@ivazquez.net> - original author of the cpio module which has been merged into the addon
+See https://github.com/OpenSCAP/oscap-anaconda-addon/graphs/contributors for an exhaustive list of other contributors.
diff --git a/Makefile b/Makefile
@@ -1,15 +1,20 @@
 NAME = oscap-anaconda-addon
 
-VERSION = 3.0.0
+VERSION = 0.35.0
 
 ADDON = org_fedora_oscap
 TESTS = tests \
 	testing_files
 
 DEFAULT_INSTALL_OF_PO_FILES ?= yes
 
+PYVERSION = -3
+
+TRANSLATIONS_DIR ?= po
+
 FILES = $(ADDON) \
 	$(TESTS) \
+	data \
 	po \
 	COPYING \
 	Makefile \
@@ -86,7 +91,8 @@ potfile:
 po-pull:
 	TEMP_DIR=$$(mktemp --tmpdir -d oscap-anaconda-addon-l10n-XXXXXXXXXX) && \
 	git clone --depth 1 -b $(GIT_L10N_BRANCH) -- $(L10N_REPOSITORY) $$TEMP_DIR && \
-	cp $$TEMP_DIR/$(OAA_PARENT_BRANCH)/*.po po/ && \
+	mkdir -p $(TRANSLATIONS_DIR) && \
+	cp $$TEMP_DIR/$(OAA_PARENT_BRANCH)/*.po $(TRANSLATIONS_DIR)/ && \
 	rm -rf $$TEMP_DIR
 
 # This algorithm will make these steps:
@@ -104,6 +110,7 @@ update-pot:
 	$(MAKE) -C po potfile
 	TEMP_DIR=$$(mktemp --tmpdir -d oscap-anaconda-addon-l10n-XXXXXXXXXX) || exit 1 ; \
 	git clone --depth 1 -b $(GIT_L10N_BRANCH) -- $(L10N_REPOSITORY_RW) $$TEMP_DIR || exit 2 ; \
+	mkdir -p $$TEMP_DIR/$(OAA_PARENT_BRANCH) ; \
 	cp po/$(POTFILE_BASENAME) $$TEMP_DIR/$(OAA_PARENT_BRANCH)/ || exit 3 ; \
 	pushd $$TEMP_DIR/$(OAA_PARENT_BRANCH) ; \
 	git difftool --trust-exit-code -y -x "diff -u -I '^\"POT-Creation-Date: .*$$'" HEAD ./$(POTFILE_BASENAME) &>/dev/null ; \
@@ -128,7 +135,7 @@ container-test:
 	podman build --tag $(CONTAINER_NAME) --file tests/Dockerfile
 	podman run --volume .:/oscap-anaconda-addon:Z $(CONTAINER_NAME) make test
 
-test: runpylint unittest
+test: unittest runpylint
 
 runpylint:
 	@echo "***Running pylint checks***"

diff --git a/create_update_image.sh b/create_update_image.sh
@@ -179,6 +179,8 @@ packages="
 	python3-cpio
 	python3-pycurl
 	oscap-anaconda-addon
+	xmlsec1
+	xmlsec1-openssl
 "
 
 
@@ -204,8 +206,8 @@ install_addon_from_repo() {
 	else
 		install_po_files="DEFAULT_INSTALL_OF_PO_FILES=yes"
 	fi
-	# "copy files" to new root, sudo needed because we may overwrite files installed by rpm
-	sudo make install "$install_po_files" DESTDIR="${tmp_root}" >&2 || die "Failed to install the addon to $tmp_root."
+	# "copy files" to new root, sudo may be needed because we may overwrite files installed by rpm
+	$SUDO make install "$install_po_files" DESTDIR="${tmp_root}" >&2 || die "Failed to install the addon to $tmp_root."
 }
 
 
@@ -216,12 +218,16 @@ create_image() {
 
 
 cleanup() {
-	# cleanup, sudo needed because former RPM installs
-	sudo rm -rf "$tmp_root"
+	# cleanup, sudo may be needed because former RPM installs
+	$SUDO rm -rf "$tmp_root"
 }
 
-
-sudo true || die "Unable to get sudo working, bailing out."
+if test $_arg_start_with_index -gt 1; then
+	SUDO=
+else
+	SUDO=sudo
+	$SUDO true || die "Unable to get sudo working, bailing out."
+fi
 
 for (( action_index=_arg_start_with_index;  action_index < ${#actions[*]}; action_index++ )) do
 	"${actions[$action_index]}"

diff --git a/docs/manual/developer_guide.adoc b/docs/manual/developer_guide.adoc
@@ -15,8 +15,7 @@ What do you need to test your changes?
 
 1. Clone addon repository & use required branch & change code.
 2. Build addon update image.
-3. Serve image using local HTTP server.
-4. Load system with update image.
+3. Run a VM using reanaconda.
 
 
 === Clone repository & use required branch
@@ -51,8 +50,66 @@ or use the `lsinitrd` command, which is part of the `dracut` package on RHEL and
 lsinitrd update.img
 ----
 
+=== Use reanaconda
 
-=== Serve image using HTTP server
+The `reanaconda` script prepares and starts a VM with the update image.
+You can get it from the repository at 
+https://github.com/rhinstaller/devel-tools/tree/master/reanaconda
+
+Prepare the VM:
+
+----
+./reanaconda.py prime --sensible --tree http://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/34/Everything/x86_64/os
+----
+
+After the script terminates, provide the update image:
+
+----
+./reanaconda.py updates path/to/updates.img
+----
+
+The VM should be shown in a QEMU window, which you can play with and you can
+close it any time.
+
+If you run a Fedora VM, there won't be `scap-security-guide` content available,
+so you will have to serve the content from your host machine using a HTTP
+server. For example, you can provide your local SSG build. In a new terminal,
+run:
+
+----
+cd ~/work/git/scap-security-guide/build
+python3 -m http.server
+----
+
+And then, in the OSCAP Anaconda Addon user interface, enter the URL. Your host
+is visible from your guest at `10.0.2.2`. For example:
+
+----
+http://10.0.2.2:8000/ssg-fedora-ds.xml
+----
+
+Watch the console, as the VM is supposed to download the update image, and the Python server should output the corresponding HTTP request:
+
+`<IP> - - [<date>] "GET /update.img HTTP/1.1" 200 -`
+
+200 is the OK request status.
+
+There is a cleanup step, but you don't have to run it if you only want to
+restart the VM with a new image:
+
+----
+./reanaconda.py cleanup
+----
+
+=== Further introspection of Anaconda
+
+After reaching the Anaconda GUI, you can switch into another VT and check out that the update went OK by examining the files on the disc.
+You can also debug Anaconda in a sophisticated way - as of 04/2018, switching to tty1 brought you to a TMUX session with windows attached to various processes.
+There is also an official https://fedoraproject.org/wiki/How_to_debug_installation_problems[how-to-debug documentation] though.
+
+=== Older method without reanaconda
+
+==== Serve image using HTTP server
 
 You don't need public HTTP server or setup Apache.
 You can use simple python HTTP server - it serves all files in you current directory.
@@ -64,7 +121,7 @@ python3 -m http.server
 **Setup your firewall rules correctly to make webserver port accessible from virtual machine.**
 
 
-=== Load system with update image
+==== Load system with update image
 
 If you want to load your changes to anaconda, you have to setup boot options correctly.
 You have two ways how to setup it:
@@ -99,11 +156,7 @@ Watch the console, as the VM is supposed to download the update image, and the P
 200 is the OK request status.
 
 
-=== Further introspection of Anaconda
 
-After reaching the Anaconda GUI, you can switch into another VT and check out that the update went OK by examining the files on the disc.
-You can also debug Anaconda in a sophisticated way - as of 04/2018, switching to tty1 brought you to a TMUX session with windows attached to various processes.
-There is also an official https://fedoraproject.org/wiki/How_to_debug_installation_problems[how-to-debug documentation] though.
 
 
 == Available make commands