|
Packit Service |
569379 |
= OpenSCAP Developer Manual
|
|
Packit Service |
569379 |
:oscap_git: https://github.com/OpenSCAP/openscap
|
|
Packit Service |
569379 |
:toc: preamble
|
|
Packit Service |
569379 |
:numbered:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
This part of documentation is meant to serve mainly to developers who want to
|
|
Packit Service |
569379 |
contribute to OpenSCAP, help to fix bugs, or take an advantage of
|
|
Packit Service |
569379 |
the OpenSCAP library and create own projects on top of it.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
== Building OpenSCAP on Linux
|
|
Packit Service |
569379 |
If you want to build the `libopenscap` library and the `oscap` tool from
|
|
Packit Service |
569379 |
the {oscap_git}[source code] then follow these instructions:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
. *Get the source code*
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
Choose *1a* or *1b* depending on whether you want sources from a release tarball or the git repository.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
.. Use a release tarball:
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
# replace ${version} with the desired version
|
|
Packit Service |
569379 |
wget https://github.com/OpenSCAP/openscap/releases/download/${version}/openscap-${version}.tar.gz
|
|
Packit Service |
569379 |
tar -xzpf openscap-${version}.tar.gz
|
|
Packit Service |
569379 |
cd openscap-${version}
|
|
Packit Service |
569379 |
mkdir -p build
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
**OR**
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
.. Use fresh sources from git repository.
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ git clone --recurse-submodules https://github.com/OpenSCAP/openscap.git
|
|
Packit Service |
569379 |
$ cd openscap
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
NOTE: We include https://github.com/OpenSCAP/yaml-filter[yaml-filter] library
|
|
Packit Service |
569379 |
as a git submodule. To get more information about using git submodules, read
|
|
Packit Service |
569379 |
https://git-scm.com/book/en/v2/Git-Tools-Submodules[Git Tools - Submodules].
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
. *Get the build dependencies*
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
To build the library you will also need to install the build dependencies.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Build dependencies may vary depending on enabled features (by the `cmake` command).
|
|
Packit Service |
569379 |
Some of the dependencies are optional, if they are not detected, openscap will be compiled
|
|
Packit Service |
569379 |
without respective optional features.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
On RHEL 7 / Fedora 23 / CentOS 7, the command to install the build dependencies is:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
sudo yum install \
|
|
Packit Service |
569379 |
cmake dbus-devel GConf2-devel libacl-devel libblkid-devel libcap-devel libcurl-devel \
|
|
Packit Service |
569379 |
libgcrypt-devel libselinux-devel libxml2-devel libxslt-devel libattr-devel make openldap-devel \
|
|
Packit Service |
569379 |
pcre-devel perl-XML-Parser perl-XML-XPath perl-devel python-devel rpm-devel swig \
|
|
Packit Service |
569379 |
bzip2-devel gcc-c++ libyaml-devel
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
On Fedora 24+, the command to install the build dependencies is:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
sudo yum install \
|
|
Packit Service |
569379 |
cmake dbus-devel GConf2-devel libacl-devel libblkid-devel libcap-devel libcurl-devel \
|
|
Packit Service |
569379 |
libgcrypt-devel libselinux-devel libxml2-devel libxslt-devel libattr-devel make openldap-devel \
|
|
Packit Service |
569379 |
pcre-devel perl-XML-Parser perl-XML-XPath perl-devel python3-devel rpm-devel swig \
|
|
Packit Service |
569379 |
bzip2-devel gcc-c++ libyaml-devel
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
On RHEL 8 / CentOS 8, the command to install the build dependencies is:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
sudo yum install \
|
|
Packit Service |
569379 |
cmake dbus-devel libacl-devel libblkid-devel libcap-devel libcurl-devel \
|
|
Packit Service |
569379 |
libgcrypt-devel libselinux-devel libxml2-devel libxslt-devel libattr-devel make openldap-devel \
|
|
Packit Service |
569379 |
pcre-devel perl-XML-Parser perl-XML-XPath perl-devel python36-devel rpm-devel swig \
|
|
Packit Service |
569379 |
bzip2-devel gcc-c++ libyaml-devel
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
On Ubuntu 16.04, Debian 8 or Debian 9, the command to install the build dependencies is:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
sudo apt-get install -y cmake libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev \
|
|
Packit Service |
569379 |
libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev \
|
|
Packit Service |
569379 |
libcap-dev libxml2-dev libldap2-dev libpcre3-dev python-dev swig libxml-parser-perl \
|
|
Packit Service |
569379 |
libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libapt-pkg-dev libyaml-dev
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
When you have all the build dependencies installed you can build the library.
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
. *Build the library*
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
Run the following commands to build the library:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ cd build/
|
|
Packit Service |
569379 |
$ cmake ../
|
|
Packit Service |
569379 |
$ make
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
On Ubuntu 18.04 and potentially other distro, the python3 dist-packages path is wrong.
|
|
Packit Service |
569379 |
If the following command:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ python3 -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())"
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
returns "/usr/local/lib/python3/dist-packages" instead of a path like
|
|
Packit Service |
569379 |
"/usr/local/lib/python3.6/dist-packages", you must override this path,
|
|
Packit Service |
569379 |
otherwise you will not be able to import openscap_api.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ cmake ../ -DPYTHON_SITE_PACKAGES_INSTALL_DIR=/usr/local/lib/python3.6/dist-packages
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
. *Build the HTML documentation*
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
It is possible to generate a complete API documentation, User manual,
|
|
Packit Service |
569379 |
Developer manual and contribute documents in HTML format.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
If you want to build the HTML documentation you will need to install Doxygen
|
|
Packit Service |
569379 |
and AsciiDoc.
|
|
Packit Service |
569379 |
To install AsciiDoc, you can run `dnf install asciidoc`.
|
|
Packit Service |
569379 |
To install Doxygen, you can run `dnf install doxygen`.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Run the following command to build the documentation:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ cmake -DENABLE_DOCS=TRUE ../
|
|
Packit Service |
569379 |
$ make docs
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
The resulting documentation is located in `build/docs` directory in these
|
|
Packit Service |
569379 |
subdirectories:
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
* `html` - contains the API documentation generated by Doxygen
|
|
Packit Service |
569379 |
* `manual` - contains OpenSCAP User Manual
|
|
Packit Service |
569379 |
* `developer` - contains OpenSCAP Developer Manual
|
|
Packit Service |
569379 |
* `contribute` - contains contribute documents
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
. *Run the tests*
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
After building the library you might want to run library self-checks. To do
|
|
Packit Service |
569379 |
that you need to have these additional packages installed:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
ad9803 |
wget lua which procps-ng initscripts chkconfig sendmail bzip2 rpm-build strace
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
On Ubuntu 18.04, also install:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
rpm-common
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
It is also required to have `sendmail` service running on the system:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ systemctl start sendmail.service
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Now you can execute the following command to run library self-checks:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ ctest
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
It's also possible to use `ctest` to test any other oscap binary present in the system. You just have to set the path of the binary to the CUSTOM_OSCAP variable:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ export CUSTOM_OSCAP=/usr/bin/oscap; ctest
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Some tests that use the so-called offline mode of probes need to chroot during the test execution.
|
|
Packit Service |
569379 |
Some of those probes use the chroot syscall, which an unprivileged process is not allowed to do.
|
|
Packit Service |
569379 |
This is not a problem during the scanning itself, as oscap is usually scanning as root.
|
|
Packit Service |
569379 |
However, we don't want to run oscap as root during tests, as the whole test suite would have to use root privileges to clean up.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Instead, build the `oscap-chrootable` target as superuser, or build `oscap-chrootable-nocap` first and then grant the capability manually.
|
|
Packit Service |
569379 |
This target creates the binary that the test suite will use for some of those offline tests.
|
|
Packit Service |
569379 |
In offline tests, use the `set_offline_test_mode [chroot directory]` and `unset_offline_test_mode` functions from the common test module - those will set variables in such way that the unquoted `$OSCAP` invocation will use the chroot-capable binary, or it will exit with an error code, aborting the test.
|
|
Packit Service |
569379 |
Therefore, it is recommended to run
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ sudo make oscap-chrootable
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Not every check tests the oscap tool, however, when the `CUSTOM_OSCAP` variable is set, only the checks which do are executed.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
To enable the MITRE tests, use the `ENABLE_MITRE` flag:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ cmake -DENABLE_MITRE=TRUE ..
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
These test require specific features of the environment to function properly; most notably, a MTA needs to be listening on port 25. We suggest using our container `mitre_tests` to test MITRE functionality if possible:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ docker build --tag openscap_mitre_tests:latest -f Dockerfiles/mitre_tests . && docker run openscap_mitre_tests:latest
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
. *Install*
|
|
Packit Service |
569379 |
+
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
Run the installation procedure by executing the following command:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ make install
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
--
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
== Running oscap
|
|
Packit Service |
569379 |
It is important to use your compiled `libopenscap.so` library with your `oscap` tool.
|
|
Packit Service |
569379 |
The easiest way how to achieve that without need to install `libopenscap.so` to the system path, is to use a shell script called *oscap_wrapper* or *run* in the OpenSCAP build directory.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
-------------------------------------------------
|
|
Packit Service |
569379 |
$ cd build/
|
|
Packit Service |
569379 |
$ ./oscap_wrapper xccdf eval ... whatever
|
|
Packit Service |
569379 |
$ ./run valgrind utils/oscap xccdf eval ... whatever
|
|
Packit Service |
569379 |
-------------------------------------------------
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
The *run* script is generated at configure time by CMake and it sets the following environment variables:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
* *LD_LIBRARY_PATH* - path to `libopenscap.so`
|
|
Packit Service |
569379 |
* *OSCAP_SCHEMA_PATH* - path to XCCDF, OVAL, CPE, ... XSD schemas and schematrons
|
|
Packit Service |
569379 |
(required for correct SCAP content validation)
|
|
Packit Service |
569379 |
* *OSCAP_XSLT_PATH* - path to XSLT transformations. (required if you want
|
|
Packit Service |
569379 |
to generate html documents from xml)
|
|
Packit Service |
569379 |
* *OSCAP_CPE_PATH* - path to the OpenSCAP CPE dictionary.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
The *oscap_wrapper* script is a convenience shortcut for `run utils/oscap` call.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
== Debugging
|
|
Packit Service |
569379 |
Developers and users who intend to help find and fix possible bugs in OpenSCAP
|
|
Packit Service |
569379 |
or possible bugs in their security policies have these possibilities:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
=== Verbose mode
|
|
Packit Service |
569379 |
The verbose mode provides user additional information about process of system
|
|
Packit Service |
569379 |
scanning. The mode is useful for diagnostics of SCAP content evaluation
|
|
Packit Service |
569379 |
and also for debugging. It produces a detailed report log with various messages.
|
|
Packit Service |
569379 |
The mode is available for `xccdf eval`, `oval eval`, `oval collect`
|
|
Packit Service |
569379 |
and `oval analyse` modules.
|
|
Packit Service |
569379 |
There is no need to special compilation, the feature is available for all
|
|
Packit Service |
569379 |
OpenSCAP users.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
To turn the verbose mode on, run `oscap` with this option:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
* `--verbose VERBOSITY_LEVEL` - Turn on verbose mode at specified
|
|
Packit Service |
569379 |
verbosity level.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
The `VERBOSITY_LEVEL` can be one of:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
1. *DEVEL* - the most detailed information for developers and bug hunters
|
|
Packit Service |
569379 |
2. *INFO* - reports content processing and system scanning
|
|
Packit Service |
569379 |
3. *WARNING* - possible failures which OpenSCAP can recover from
|
|
Packit Service |
569379 |
4. *ERROR* - shows only serious errors
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
The verbose messages will be written on standard error output (stderr).
|
|
Packit Service |
569379 |
Optionally, you can write the log into a file using
|
|
Packit Service |
569379 |
`--verbose-log-file FILE`.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
This is an example describing how to run OpenSCAP in verbose mode:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ oscap oval eval --results results.xml --verbose INFO --verbose-log-file log.txt oval.xml
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Then see the log using eg.:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ less log.txt
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
=== Debug mode
|
|
Packit Service |
569379 |
Debug mode is useful for programmers. You need to build OpenSCAP from source code
|
|
Packit Service |
569379 |
with a custom configuration to enable the debug mode. Use this command:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
------------------------------------
|
|
Packit Service |
569379 |
$ cmake -DCMAKE_BUILD_TYPE=Debug .. && make
|
|
Packit Service |
569379 |
------------------------------------
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Debug mode provides:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
* debug symbols on and optimization off - you can use `gdb`,
|
|
Packit Service |
569379 |
every process that was run.
|
|
Packit Service |
569379 |
* http://www.gnu.org/software/gawk/manual/html_node/Assert-Function.html[assertions]
|
|
Packit Service |
569379 |
are evaluated.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
==== Example
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ bash ./run gdb --args utils/oscap xccdf eval \
|
|
Packit Service |
569379 |
--profile hard --results xccdf-results.xml \
|
|
Packit Service |
569379 |
--oval-results my-favourite-xccdf-checklist.xml
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
The `--oval-results` option force `oscap` tool to generate OVAL Result file
|
|
Packit Service |
569379 |
for each OVAL session used for evaluation. It's also very useful for
|
|
Packit Service |
569379 |
debugging!
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
=== Environment variables
|
|
Packit Service |
569379 |
There are few more environment variables that control `oscap` tool
|
|
Packit Service |
569379 |
behaviour.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
* *OSCAP_FULL_VALIDATION=1* - validate all exported documents (slower)
|
|
Packit Service |
569379 |
* *SEXP_VALIDATE_DISABLE=1* - do not validate SEXP expressions (faster)
|
|
Packit Service |
569379 |
* *OSCAP_PCRE_EXEC_RECURSION_LIMIT* - override default recursion limit
|
|
Packit Service |
569379 |
for match in pcre_exec call in textfilecontent(54) probes.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
== Generating of code coverage
|
|
Packit Service |
569379 |
Code coverage can be usefull during writing of test or performance profiling.
|
|
Packit Service |
569379 |
We could separate the process into five phases.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
1) *Get dependencies*
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
# dnf install lcov
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
2) *Run CMake & make*
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
To allow code to generate statistics, we need to compile it with specific flags.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ CFLAGS="--coverage -ftest-coverage -fprofile-arcs" LDFLAGS=-lgcov cmake -DCMAKE_BUILD_TYPE=Debug ../
|
|
Packit Service |
569379 |
$ make
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
3) *Run code*
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
In this phase we should run code. We can run it directly or via test suite.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ bash ./run utils/oscap
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
4) *Generate and browse results*
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ lcov -t "OpenSCAP coverage" -o ./coverage.info -c -d .
|
|
Packit Service |
569379 |
$ genhtml -o ./coverage ./coverage.info
|
|
Packit Service |
569379 |
$ xdg-open ./coverage/index.html # open results in browser
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
5) *Clean stats*
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Every run only modify our current statistics and not rewrite them completely.
|
|
Packit Service |
569379 |
If we want to generate new statistics, we should remove the old ones.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
$ lcov --directory ./ --zerocounters ; find ./ -name "*.gcno" | xargs rm
|
|
Packit Service |
569379 |
$ rm -rf ./coverage
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
== Building OpenSCAP on Windows using Visual Studio
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Prerequisites:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
* https://www.visualstudio.com/[Visual Studio]
|
|
Packit Service |
569379 |
* https://git-scm.com/[Git]
|
|
Packit Service |
569379 |
* https://cmake.org/[CMake]
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
1) Get dependencies
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
We will use https://github.com/Microsoft/vcpkg[Vcpkg] to download libraries
|
|
Packit Service |
569379 |
that are required to build OpenSCAP.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Click on Start -> Windows System -> Command Prompt.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
mkdir c:\devel
|
|
Packit Service |
569379 |
cd c:\devel
|
|
Packit Service |
569379 |
git clone https://github.com/Microsoft/vcpkg.git
|
|
Packit Service |
569379 |
cd vcpkg
|
|
Packit Service |
569379 |
.\bootstrap-vcpkg.bat
|
|
Packit Service |
569379 |
.\vcpkg install curl libxml2 libxslt bzip2 pcre pthreads
|
|
Packit Service |
569379 |
.\vcpkg integrate install
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
2) Get OpenSCAP
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
cd c:\devel
|
|
Packit Service |
569379 |
git clone -b master https://github.com/OpenSCAP/openscap.git
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
3) Generate Visual Studio Solution
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
cd openscap
|
|
Packit Service |
569379 |
cd build
|
|
Packit Service |
569379 |
cmake -D ENABLE_PYTHON3=FALSE -D CMAKE_TOOLCHAIN_FILE=c:/devel/vcpkg/scripts/buildsystems/vcpkg.cmake ..
|
|
Packit Service |
569379 |
----
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
4) Open in Visual Studio
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
1. Launch Visual Studio
|
|
Packit Service |
569379 |
2. Click on File -> Open -> Project/Solution...
|
|
Packit Service |
569379 |
3. Locate `c:\devel\openscap\build\openscap.sln`
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
5) Build
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
1. Select build type (Debug, Release, ...) in the drop-down menu in the top panel.
|
|
Packit Service |
569379 |
2. Click on Build -> Build Solution.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Built binaries and their dependencies are now located in `C:\devel\openscap\build\<BUILD_TYPE>\`, eg. `C:\devel\openscap\build\Debug\`
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
== Building OpenSCAP for Windows on a Linux box (cross-compilation)
|
|
Packit Service |
569379 |
Currently it is possible to cross-compile OpenSCAP for Windows only without probes.
|
|
Packit Service |
569379 |
The resulting binary is not able to perform scanning.
|
|
Packit Service |
569379 |
Instructions for cross-compiling OpenSCAP for Windows:
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
1) Install the cross-compiler & dependencies
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
NOTE: mingw32-pthreads needs to be version 5.0 or greater.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
-------------------------------------------------------------
|
|
Packit Service |
569379 |
# yum install mingw32-gcc mingw32-binutils mingw32-libxml2 \
|
|
Packit Service |
569379 |
mingw32-libgcrypt mingw32-pthreads mingw32-libxslt \
|
|
Packit Service |
569379 |
mingw32-curl mingw32-pcre \
|
|
Packit Service |
569379 |
mingw32-filesystem mingw32-bzip2
|
|
Packit Service |
569379 |
-------------------------------------------------------------
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
2) Checkout the master branch of the OpenSCAP repository
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----------------------------------------------------------------------
|
|
Packit Service |
569379 |
$ git clone -b master https://github.com/openscap/openscap.git
|
|
Packit Service |
569379 |
$ cd openscap
|
|
Packit Service |
569379 |
----------------------------------------------------------------------
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
3) Prepare the build
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
----------------------------------------------------------------------------------
|
|
Packit Service |
569379 |
$ mkdir build-win32
|
|
Packit Service |
569379 |
$ cd build-win32
|
|
Packit Service |
569379 |
$ mingw32-cmake -D ENABLE_PYTHON3=FALSE -D ENABLE_PROBES=FALSE -D ENABLE_OSCAP_UTIL_DOCKER=FALSE ../
|
|
Packit Service |
569379 |
----------------------------------------------------------------------------------
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
4) Build!
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
------------------------------
|
|
Packit Service |
569379 |
$ make
|
|
Packit Service |
569379 |
------------------------------
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
Resulting `oscap.exe` can be found in the `utils/` directory.
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
If you would like to send us a patch fixing any Windows
|
|
Packit Service |
569379 |
compiling issues, please consult the page about
|
|
Packit Service |
569379 |
http://open-scap.org/page/Contribute[contributing to the OpenSCAP
|
|
Packit Service |
569379 |
project].
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
== OpenSCAP Reference Manual
|
|
Packit Service |
569379 |
For more information about OpenSCAP library, you can refer to this online
|
|
Packit Service |
569379 |
reference manual: http://static.open-scap.org/openscap-1.2/[OpenSCAP
|
|
Packit Service |
569379 |
reference manual]. This manual is included in a release tarball and can be
|
|
Packit Service |
569379 |
regenerated from project sources by Doxygen documentation system.
|
|
Packit Service |
569379 |
|