Introduce ability to generate kickstarts

docs/manual/manual.adoc

@@ -1120,6 +1120,44 @@ For example, to generate a blueprint remediation for RHEL 8 OSPP profile, run:
 $ oscap xccdf generate fix --profile ospp --fix-type blueprint /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml > blueprint.toml
 ----
 
+=== Generating RHEL Kickstarts
+
+OpenSCAP can generate RHEL kickstarts which can be used for unattended installation of RHEL, Fedora and similar systems.
+Information about RHEL kickstarts and their syntax can be found at https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/performing_an_advanced_rhel_9_installation/kickstart_references[Kickstart references].
+
+To generate a kickstart, use `oscap xccdf generate fix` command with the `--fix-type kickstart` option.
+
+The kickstart will be generated from kickstart snippets in XCCDF rules in the input SCAP content.
+The kickstart snippets need to be stored in `<fix>` elements with `system` attribute set to `urn:xccdf:fix:script:kickstart`.
+
+When processing the kickstart snippets comming from the XCCDF Rules, each line is processed separately.
+The following rules are applied on each line:
+
+* lines starting with `#` are ignored
+* empty lines are ignored
+* lines starting with a supported command are processed
+* lines starting with something else than a supported command are dropped
+* excess whitespace are trimmed
+
+Supported commands:
+* `package install package_name` - adds `package_name` to `%packages` section in the kickstart
+* `package remove package_name` - adds `-package_name` to `%packages` section in the kickstart
+* `service enable service_name` - adds `service_name` to list in the `--enabled=` option in the `services` command in commands section in the kickstart
+* `service disable service_name` - adds `service_name` to list in the `--disabled=` option in the `services` command in commands section in the kickstart
+* `post command` - adds `command` to the `%post`` section the kickstart
+
+For example, to generate a kickstart for RHEL 9 STIG profile, run:
+
+----
+$ oscap xccdf generate fix --profile stig --fix-type kickstart /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml > rhel9-kickstart-stig.cfg
+----
+
+The generated kickstart file needs to be reviewed and customized for the intended deployment.
+
+NOTE: The `kickstart` fix type shouldn't be confused with `anaconda` fix type.
+The `anaconda` fix type is used by the OSCAP Anaconda Addon and shouldn't be used directly by users.
+Users should use the `kickstart` fix type.
+
 == Details on SCAP conformance
 
 === Check Engines
@@ -2095,3 +2133,10 @@ You can find the ID of the customized profile with `oscap info <your_tailoring_f
 Yes, it's possible, you can download the file on other computer that is connected to the internet and then copy the file to the system where you run `oscap`.
 Instead of the `--fetch-remote-resources` option you will use the `--local-files` option.
 For more information, please refer to section <<_using_external_or_remote_resources,Using external or remote resources>>.
+
+*I have generated a kickstart but the generated file isn't a valid kickstart.*
+
+You are using a wrong `--fix-type` option.
+To generate a kickstart, use the `--fix-type kickstart` option.
+Do not use `--fix-type anaconda`.
+For more information, please refer to section <<_generating_rhel_kickstarts,Generating RHEL Kickstarts>>.

src/XCCDF_POLICY/public/xccdf_policy.h

@@ -515,10 +515,11 @@ OSCAP_API bool xccdf_policy_resolve(struct xccdf_policy * policy);
  * @param result XCCDF TestResult. This may be omitted to generate the prescription
  * based solely on the XCCDF Policy (xccdf:Profile).
  * @param sys Consider only those fixes that have @system attribute equal to sys
+ * @param input_file_name file name of the input SCAP file
  * @param output_fd write prescription to this file descriptor
  * @returns zero on success, non-zero indicate partial (incomplete) output.
  */
-OSCAP_API int xccdf_policy_generate_fix(struct xccdf_policy *policy, struct xccdf_result *result, const char *sys, int output_fd);
+OSCAP_API int xccdf_policy_generate_fix(struct xccdf_policy *policy, struct xccdf_result *result, const char *sys, const char *input_file_name, int output_fd);
 
 /**
  * xccdf_policy_model_get_files and xccdf_item_get_files each return oscap_file_entries instead of raw strings