Fix automatus podman

.github/workflows/automatus-ubuntu2204.yaml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Install Deps
-        run: sudo apt-get update && sudo apt-get install -y cmake ninja-build libopenscap8 python3-yaml python3-jinja2 git python3-deepdiff python3-requests jq python3-pip libxml2-utils xsltproc
+        run: sudo apt-get update && sudo apt-get install -y cmake ninja-build python3-yaml python3-jinja2 git python3-deepdiff python3-requests jq python3-pip libxml2-utils xsltproc ansible-lint wget libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python3 swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libyaml-dev libxmlsec1-dev libxmlsec1-openssl
       - name: Install deps python
         run: pip3 install gitpython xmldiff compliance-trestle==2.4.0 lxml lxml-stubs requests
       - name: Checkout
@@ -53,6 +53,15 @@ jobs:
         with:
           path: 'output.json'
           prop_path: 'product'
+      - name: Download OpenSCAP
+        run: wget https://github.com/OpenSCAP/openscap/releases/download/1.3.10/openscap-1.3.10.tar.gz
+      - name: Extract OpenSCAP
+        run: tar xf openscap-1.3.10.tar.gz
+      - name: Build OpenSCAP
+        run: |
+          cd openscap-1.3.10
+          cmake -Bbuild -DCMAKE_INSTALL_PREFIX=/usr .
+          sudo cmake --build build --target install
       - name: Build product
         if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
         run: ./build_product ubuntu2204
@@ -67,7 +76,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Install Deps
-        run: sudo apt update && sudo apt install -y cmake ninja-build libopenscap8 libxml2-utils xsltproc python3-jinja2 python3-yaml ansible-lint podman
+        run: sudo apt update && sudo apt install -y cmake ninja-build libxml2-utils xsltproc python3-jinja2 python3-yaml ansible-lint podman wget libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python3 swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libyaml-dev libxmlsec1-dev libxmlsec1-openssl
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Get cached CTF output
@@ -78,6 +87,15 @@ jobs:
         # continue even if the file is unavailable that
         # means there are no changes detected by CTF in the previous job
         continue-on-error: true
+      - name: Download OpenSCAP
+        run: wget https://github.com/OpenSCAP/openscap/releases/download/1.3.10/openscap-1.3.10.tar.gz
+      - name: Extract OpenSCAP
+        run: tar xf openscap-1.3.10.tar.gz
+      - name: Build OpenSCAP
+        run: |
+          cd openscap-1.3.10
+          cmake -Bbuild -DCMAKE_INSTALL_PREFIX=/usr .
+          sudo cmake --build build --target install
       - name: Test if there are no content changes
         if: ${{ steps.get_ctf_output.outcome == 'success' }}
         run: echo "CTF_OUTPUT_SIZE=$(stat --printf="%s" output.json)" >> $GITHUB_OUTPUT
@@ -90,7 +108,7 @@ jobs:
         run: ssh-keygen -N '' -t rsa -f ~/.ssh/id_rsa
       - name: Build test suite container
         if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
-        run: podman build --build-arg "CLIENT_PUBLIC_KEY=$(cat ~/.ssh/id_rsa.pub)" -t ssg_test_suite -f test_suite-ubt22
+        run: podman build --build-arg "CLIENT_PUBLIC_KEY=$(cat ~/.ssh/id_rsa.pub)" --build-arg "ADDITIONAL_PACKAGES=cmake ninja-build python3-yaml python3-jinja2 python3-deepdiff python3-requests jq python3-pip libxml2-utils xsltproc ansible-lint wget libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python3 swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libyaml-dev libxmlsec1-dev libxmlsec1-openssl" -t ssg_test_suite -f test_suite-ubuntu2204
         working-directory: ./Dockerfiles
       - name: Get oscap-ssh
         if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}

Dockerfiles/test_suite-ubuntu2204

@@ -0,0 +1,33 @@
+# This Dockerfile is a minimal example for a Ubuntu 22.04 test suite target container.
+FROM ubuntu:22.04
+
+ENV AUTH_KEYS=/root/.ssh/authorized_keys
+
+ARG CLIENT_PUBLIC_KEY
+ARG ADDITIONAL_PACKAGES
+ARG DEBIAN_FRONTEND=noninteractive
+
+# Install Python so Ansible remediations can work
+# Don't clean all, as the test scenario may require package install.
+RUN true \
+        && apt-get update && apt-get install -y openssh-server \
+		python3 \
+		$ADDITIONAL_PACKAGES \
+        && true
+
+RUN true \
+        && wget https://github.com/OpenSCAP/openscap/releases/download/1.3.10/openscap-1.3.10.tar.gz \
+        && tar xf openscap-1.3.10.tar.gz && cd openscap-1.3.10 \
+        && cmake -Bbuild -DCMAKE_INSTALL_PREFIX=/usr . \
+        && cmake --build build --target install
+RUN true \
+        && ssh-keygen -A \
+        && mkdir -p /root/.ssh \
+        && printf "%s\n" "$CLIENT_PUBLIC_KEY" >> "$AUTH_KEYS" \
+        && chmod og-rw /root/.ssh "$AUTH_KEYS" \
+        && sed -i '/session\s\+required\s\+pam_loginuid.so/d' /etc/pam.d/sshd \
+        && echo CPE_NAME="cpe:/o:canonical:ubuntu_linux:22.04" >> /etc/os-release \
+&& true
+
+RUN mkdir /run/sshd
+CMD ["/usr/sbin/sshd", "-D"]