mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-03 01:40:07 +00:00
Code Issues Projects Releases Wiki Activity

cve-check: write empty fragment files in the text mode

Browse Source 
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.

However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.

Fix it by always writing a fragment file, even if empty.

(From OE-Core rev: 4c10ee956f21ea2f805403704ac3c54b7f1be78c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Marta Rybczynska
2022-06-03 14:17:10 +02:00
committed by Richard Purdie
parent 6cf824520a
commit f2d12bc50b
1 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/classes/cve-check.bbclass
+13 -14
View File
@@ -471,23 +471,22 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
if write_string: with open(cve_file, "w") as f:
with open(cve_file, "w") as f: bb.note("Writing file %s with CVE information" % cve_file)
bb.note("Writing file %s with CVE information" % cve_file) f.write(write_string)
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
bb.utils.mkdirhier(os.path.dirname(deploy_file))
with open(deploy_file, "w") as f:
f.write(write_string) f.write(write_string)
if d.getVar("CVE_CHECK_COPY_FILES") == "1": if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
bb.utils.mkdirhier(os.path.dirname(deploy_file)) bb.utils.mkdirhier(cvelogpath)
with open(deploy_file, "w") as f:
f.write(write_string)
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") f.write("%s" % write_string)
bb.utils.mkdirhier(cvelogpath)
with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
f.write("%s" % write_string)
def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file): def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file):
""" """