Skip to content

macos/freebsd portability#2326

Draft
edlitmus wants to merge 20 commits intoOpenSCAP:mainfrom
edlitmus:codex/macos-portability-ctest
Draft

macos/freebsd portability#2326
edlitmus wants to merge 20 commits intoOpenSCAP:mainfrom
edlitmus:codex/macos-portability-ctest

Conversation

@edlitmus
Copy link

@edlitmus edlitmus commented Mar 20, 2026

Summary

This PR improves OpenSCAP portability for macOS and FreeBSD, expands targeted regression coverage, and tightens the CTest/test-documentation workflow while preserving Linux behavior.

What Changed

Build and configure

  • Reset stale cached PERL_INCLUDE_PATH and PERL_LIBRARY entries during CMake configure when cached paths no longer exist. This makes reused build trees more resilient after Perl upgrades or dependency path changes.
  • Detect fgetpwent(3) at configure time and use that signal for portable password-probe behavior.
  • Gate Linux-specific compiler/linker behavior so non-Linux builds do not inherit unsupported settings.
  • Accept asciidoctor as a docs backend in addition to asciidoc.

Portability and probe behavior

  • Add macOS implementations for memory usage reporting in memusage.
  • Extend XCCDF system info collection on macOS to populate target MAC data from local interfaces.
  • Add a portable password-probe fallback parser for platforms that do not provide fgetpwent(3).
  • Mark the runlevel probe as unsupported on macOS and FreeBSD instead of attempting Linux/SysV-specific behavior there.
  • Mark shadow offline mode as unsupported on platforms where the Linux-style shadow path does not apply.
  • Rework the BSD/macOS sysctl probe path to parse sysctl -ae output safely, including multiline values, by treating only valid name=value headers as new items.
  • Fix FreeBSD build issues by declaring environ where needed and guarding IFF_NOGROUP usage when that flag is not defined.

Test infrastructure and regression coverage

  • Add add_oscap_ctest() and complete a broader CTest label rollout so shell and direct CTest/pytest tests can be filtered consistently by suite and platform.
  • Register more probe suites and Python-based tests with meaningful labels such as api, probes, unix, linux_only, macos, and freebsd.
  • Add targeted regression coverage for the portability work, including:
    • macOS/XCCDF system info platform facts
    • macOS memory reporting
    • password offline fallback behavior
    • unsupported runlevel behavior on macOS/FreeBSD
    • unsupported shadow offline behavior on non-Linux platforms
    • BSD/macOS sysctl collection behavior
  • Update the sysctl parity test so BSD/macOS comparisons are based on value-bearing sysctl -ae entries and stable sorted output.

Documentation

  • Document cross-platform build expectations and label-based test execution in the developer manual.
  • Document the stale-Perl-cache reconfigure behavior.
  • Document practical Linux container test prerequisites for full-suite runs (postfix and dbus-run-session).
  • Expand the macOS/FreeBSD portability notes to describe the newer sysctl, shadow, runlevel, and targeted-regression behavior.

Validation

FreeBSD 14

  • Built and tested in a FreeBSD 14 VM (Lima + QEMU on macOS host).
  • Full build completed successfully.
  • ctest --output-on-failure -L freebsd passed 5/5.

Linux

  • Rebuilt and tested in a Fedora-based Linux container with MITRE enabled.
  • Full build completed successfully.
  • Full suite rerun from a repo-root container layout passed 298/299 tests with 18 skips.
  • The only remaining failure was tests/curl/test_curl_encoding.sh, which depends on live remote behavior from github.com and is not in the code paths changed by this branch.
  • All touched-path Linux coverage passed, including:
    • probes/sysctl/test_sysctl_probe.sh
    • probes/sysctl/test_sysctl_probe_all.sh
    • probes/password/test_probes_password.sh
    • probes/shadow/test_probes_shadow.sh
    • probes/runlevel/test_probes_runlevel.sh
    • XCCDF/API regression coverage
    • all MITRE tests

Result

This branch makes the portability work substantially more robust on macOS and FreeBSD, improves the reproducibility and discoverability of regression testing, and does so without introducing a Linux regression in the affected subsystems.

@ed-silva-eb
Improve macOS and FreeBSD portability in build and probes
77ec335 
Guard Linux-specific compiler/linker assumptions in CMake and add platform-compatible fallbacks in Unix probes and common utilities.

Add Darwin handling for sysctl collection, memory usage, and MAC address resolution. Add unsupported-path behavior for runlevel on platforms where runlevels are not applicable.

Handle missing fgetpwent environments in password/shadow probe paths so builds complete and offline evaluation remains functional.
@ed-silva-eb
Add CTest label support and direct-test registration helper
e4ebf21 
Extend test registration helpers to accept LABELS and auto-derive suite labels for easier selective execution across platforms.

Introduce a helper for direct CTest command registration so non-shell tests follow the same labeling conventions as shell-driven tests.
@ed-silva-eb
Add targeted regressions for portability behavior
8e7735d 
Add memusage platform tests and password offline fallback coverage to protect recent cross-platform fixes.

Update sysctl probe tests for Darwin-specific behavior and portable stderr handling so test outcomes are consistent on macOS.
@ed-silva-eb
Document cross-platform build and label-based test execution
f6ec0c2 
Update developer documentation with label-driven CTest usage, helper semantics, and practical guidance for building and testing on macOS and FreeBSD.

Summarize recent portability updates and point to targeted regression tests.
@ed-silva-eb
Complete CTest label rollout for RPM probe suites
995fe17 
Apply the same label-based registration pattern to nested RPM probe test CMake files so selection behavior is consistent with the rest of the probe tree.
@ed-silva-eb
update for macos install and mem tests
9c2acea
@ed-silva-eb
Add macOS regression coverage for portability fixes
0a46f43
@ed-silva-eb
Add shadow offline unsupported regression on macOS
c58332d
@ed-silva-eb
Reset stale cached Perl paths during configure
9253a39
@ed-silva-eb
changes to enable freebsd builds
066287b
@ed-silva-eb
updated documentation with macos/freebsd build info
313542a
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 20, 2026
View reviewed changes
tests/API/probes/test_memusage_platform.c Outdated
#include <errno.h>

#include "memusage.h"
#include "memusage.c"

Check notice

Code scanning / CodeQL

Include header files only Note test

The #include pre-processor directive should only be used to include header files.
@edlitmus edlitmus marked this pull request as draft March 20, 2026 20:34
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 20, 2026

Quality Gate Passed Quality Gate passed

Issues
22 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jan-cerny jan-cerny Awaiting requested review from jan-cerny jan-cerny is a code owner

@Mab879 Mab879 Awaiting requested review from Mab879 Mab879 is a code owner

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@edlitmus @ed-silva-eb