Hello everyone!

This is part two of my end of internship mailing list posts. For part
one and an introduction, see the earlier post, subject “Guide Mergers
and Simplifications in SCAP Security Guide": 

Another recent, major change was a complete reorganization of the content.
We switched to a new rule directory format that should help simplify the
contribution process. In the past, a rule was a completely separate entity
from the check and fix content it described. This was apparent in the
directory structure. For example, under the old system:


By making a rule a directory instead of just a YAML file (after merging all
of the rules to the shared `linux_os/guide` directory), we can group all
of the fix and check content in the same location. The same rule now looks


When looking for compliance content, there is now only one directory which
contains all this information. This will help everyone find the correct
directory for a rule, improve maintainability, and extensibility. As an
overview, a rule directory contains a rule.yml file (previously called
rule_id.rule and with the same information) and five subdirectories:

    - oval/ (.xml extension)
    - ansible/ (.yml extension)
    - anaconda/ (.anaconda extension)
    - bash/ (.sh extension)
    - puppet/ (.pp extension)

Inside each of these subdirectories, files named “shared.ext” will be included
in all products, whereas files named with “product.ext” will be included in
only that product. This lets us see at a glance what content can be included
in the build, and eventually enhance our build tests to see if content which
could have been in a product is not. 

For more information, see the rule directory section of the developer

Note that old rule files and the old locations for content is still
supported by the build system, so if your patches apply against master
(and/or a are in a separate product), this will not affect them. These changes
were introduced in the following PRs:

  - Build system support: 
  - Move all existing rules: 
  - Several other PRs adding tests, documentation which are referenced from the 
above two.

However, if you have any patches that include new products into our build
system and wish to convert your changes to this new system, feel free to
modify and use the `utils/move_rules.py` utility. If you have questions,
feel free to reach out to us.

We also introduced a new set of utilities for analyzing the source
content. These are be located under `utils/rule_dir*.py`. For more
information on these utilities and other utilities in the build system,
check out the relevant PRs and the developer documentation (linked above):

  - Utilities: https://github.com/OpenSCAP/scap-security-guide/pull/3193

Thanks for reading! As always, if you have any questions, feel free to
reply to the mailing list, open issues, or find us on the #openscap
channel on Freenode.

Until next time,

Alex Scheel

Freenode: cipherboy in #openscap
GitHub: https://github.com/cipherboy

Open-scap-list mailing list

Reply via email to