From 2adb75fc0d755ec38a21176fa38e268ee5cf1fe0 Mon Sep 17 00:00:00 2001
From: Warezpeddler <warezpeddler@pm.me>
Date: Sat, 25 Apr 2026 23:11:47 +0100
Subject: [PATCH] Remove embedded git repos; ignore vendored data dirs

applepy/data/lynis and applepy/data/macos_security were committed as
gitlink stubs (mode 160000) because rsync -a copies .git/ along with
everything else. Cloners would silently receive empty directories.

Fix: remove the submodule stubs, add both dirs to .gitignore (they are
populated by scripts/vendor_compliance_assets.sh), and add --exclude .git
to both rsync invocations so future vendor runs don't recreate the problem.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitignore                          | 4 ++++
 applepy/data/lynis                  | 1 -
 applepy/data/macos_security         | 1 -
 scripts/vendor_compliance_assets.sh | 4 ++--
 4 files changed, 6 insertions(+), 4 deletions(-)
 delete mode 160000 applepy/data/lynis
 delete mode 160000 applepy/data/macos_security

diff --git a/.gitignore b/.gitignore
index 86e6ff6..120ac9d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,6 +25,10 @@ out-priv/
 # Reference material (large PDFs + nested repos, not needed to run the tool)
 pdfs/
 
+# Vendored third-party assets (populate with scripts/vendor_compliance_assets.sh)
+applepy/data/lynis/
+applepy/data/macos_security/
+
 # Personal / session notes
 progress.txt
 resume.txt
diff --git a/applepy/data/lynis b/applepy/data/lynis
deleted file mode 160000
index 52ed89c..0000000
--- a/applepy/data/lynis
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 52ed89ce353fb6f87ab969e6d707e5e19335d295
diff --git a/applepy/data/macos_security b/applepy/data/macos_security
deleted file mode 160000
index aaf6970..0000000
--- a/applepy/data/macos_security
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit aaf69702487089b64a6fc20a4da162bc1395a5c6
diff --git a/scripts/vendor_compliance_assets.sh b/scripts/vendor_compliance_assets.sh
index 621acb8..cc0d7b8 100755
--- a/scripts/vendor_compliance_assets.sh
+++ b/scripts/vendor_compliance_assets.sh
@@ -20,7 +20,7 @@ clone_mscp() {
   mkdir -p "${MACP}"
   git clone --depth 1 "https://github.com/usnistgov/macos_security.git" "${TMP}/macos_security"
   rsync -a --delete \
-    --exclude README.md --exclude .gitignore \
+    --exclude README.md --exclude .gitignore --exclude .git \
     "${TMP}/macos_security/" "${MACP}/"
   echo "Vendored macos_security -> ${MACP}"
 }
@@ -33,7 +33,7 @@ clone_lynis() {
   mkdir -p "${LYNP}"
   git clone --depth 1 "https://github.com/cisofy/lynis.git" "${TMP}/lynis"
   rsync -a --delete \
-    --exclude README.md --exclude .gitignore \
+    --exclude README.md --exclude .gitignore --exclude .git \
     "${TMP}/lynis/" "${LYNP}/"
   echo "Vendored Lynis -> ${LYNP}"
 }