53 lines
1.6 KiB
Bash
Executable File
53 lines
1.6 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Shallow-clone NIST macos_security and Lynis into applepy/data/ for bundled / PyInstaller builds.
|
|
# Preserves applepy/data/{macos_security,lynis}/README.md and .gitignore (excluded from rsync).
|
|
set -euo pipefail
|
|
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
|
MACP="${ROOT}/applepy/data/macos_security"
|
|
LYNP="${ROOT}/applepy/data/lynis"
|
|
TMP="${TMPDIR:-/tmp}/applepy-vendor-$$"
|
|
cleanup() { rm -rf "${TMP}"; }
|
|
trap cleanup EXIT
|
|
mkdir -p "${TMP}"
|
|
|
|
refresh="${REFRESH:-0}"
|
|
|
|
clone_mscp() {
|
|
if [[ -f "${MACP}/scripts/generate_guidance.py" ]] && [[ "${refresh}" != "1" ]]; then
|
|
echo "macos_security already present under applepy/data/macos_security (set REFRESH=1 to re-fetch)"
|
|
return 0
|
|
fi
|
|
mkdir -p "${MACP}"
|
|
git clone --depth 1 "https://github.com/usnistgov/macos_security.git" "${TMP}/macos_security"
|
|
rsync -a --delete \
|
|
--exclude README.md --exclude .gitignore \
|
|
"${TMP}/macos_security/" "${MACP}/"
|
|
echo "Vendored macos_security -> ${MACP}"
|
|
}
|
|
|
|
clone_lynis() {
|
|
if [[ -f "${LYNP}/lynis" ]] && [[ "${refresh}" != "1" ]]; then
|
|
echo "Lynis already present under applepy/data/lynis (set REFRESH=1 to re-fetch)"
|
|
return 0
|
|
fi
|
|
mkdir -p "${LYNP}"
|
|
git clone --depth 1 "https://github.com/cisofy/lynis.git" "${TMP}/lynis"
|
|
rsync -a --delete \
|
|
--exclude README.md --exclude .gitignore \
|
|
"${TMP}/lynis/" "${LYNP}/"
|
|
echo "Vendored Lynis -> ${LYNP}"
|
|
}
|
|
|
|
case "${1:-all}" in
|
|
mscp|macos_security) clone_mscp ;;
|
|
lynis) clone_lynis ;;
|
|
all)
|
|
clone_mscp
|
|
clone_lynis
|
|
;;
|
|
*)
|
|
echo "Usage: $0 [all|mscp|lynis]" >&2
|
|
exit 2
|
|
;;
|
|
esac
|