git-adm/applepy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a67459e7e015dc1c794d830035ec7f2580d4161f
applepy/scripts/vendor_compliance_assets.sh
Warezpeddler 2adb75fc0d Remove embedded git repos; ignore vendored data dirs 
applepy/data/lynis and applepy/data/macos_security were committed as
gitlink stubs (mode 160000) because rsync -a copies .git/ along with
everything else. Cloners would silently receive empty directories.

Fix: remove the submodule stubs, add both dirs to .gitignore (they are
populated by scripts/vendor_compliance_assets.sh), and add --exclude .git
to both rsync invocations so future vendor runs don't recreate the problem.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 23:11:47 +01:00

53 lines
1.6 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Shallow-clone NIST macos_security and Lynis into applepy/data/ for bundled / PyInstaller builds.
# Preserves applepy/data/{macos_security,lynis}/README.md and .gitignore (excluded from rsync).
set -euo pipefail
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
MACP="${ROOT}/applepy/data/macos_security"
LYNP="${ROOT}/applepy/data/lynis"
TMP="${TMPDIR:-/tmp}/applepy-vendor-$$"
cleanup() { rm -rf "${TMP}"; }
trap cleanup EXIT
mkdir -p "${TMP}"
refresh="${REFRESH:-0}"
clone_mscp() {
if [[ -f "${MACP}/scripts/generate_guidance.py" ]] && [[ "${refresh}" != "1" ]]; then
echo "macos_security already present under applepy/data/macos_security (set REFRESH=1 to re-fetch)"
return 0
fi
mkdir -p "${MACP}"
git clone --depth 1 "https://github.com/usnistgov/macos_security.git" "${TMP}/macos_security"
rsync -a --delete \
--exclude README.md --exclude .gitignore --exclude .git \
"${TMP}/macos_security/" "${MACP}/"
echo "Vendored macos_security -> ${MACP}"
}
clone_lynis() {
if [[ -f "${LYNP}/lynis" ]] && [[ "${refresh}" != "1" ]]; then
echo "Lynis already present under applepy/data/lynis (set REFRESH=1 to re-fetch)"
return 0
fi
mkdir -p "${LYNP}"
git clone --depth 1 "https://github.com/cisofy/lynis.git" "${TMP}/lynis"
rsync -a --delete \
--exclude README.md --exclude .gitignore --exclude .git \
"${TMP}/lynis/" "${LYNP}/"
echo "Vendored Lynis -> ${LYNP}"
}
case "${1:-all}" in
mscp|macos_security) clone_mscp ;;
lynis) clone_lynis ;;
all)
clone_mscp
clone_lynis
;;
*)
echo "Usage: $0 [all|mscp|lynis]" >&2
exit 2
;;
esac
Reference in New Issue View Git Blame Copy Permalink