mirror of
https://git.yoctoproject.org/poky
synced 2026-05-31 12:49:46 +00:00
cve-check.bbclass: always save cve report
The cve-check file should be saved always, it has good info. Put a copy in the log dir as cve-summary with symlinks to latest run. [Yocto #13974] (From OE-Core rev: 859849c7b594d844819ad8c3f7d8325388d94b93) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
akuster
Richard Purdie
@@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
|
|||||||
|
|
||||||
CVE_CHECK_LOG ?= "${T}/cve.log"
|
CVE_CHECK_LOG ?= "${T}/cve.log"
|
||||||
CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
|
CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
|
||||||
|
CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
|
||||||
|
CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
|
||||||
|
CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
|
||||||
|
|
||||||
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
|
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
|
||||||
CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
|
CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
|
||||||
@@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= ""
|
|||||||
#
|
#
|
||||||
CVE_CHECK_WHITELIST ?= ""
|
CVE_CHECK_WHITELIST ?= ""
|
||||||
|
|
||||||
|
python cve_save_summary_handler () {
|
||||||
|
import shutil
|
||||||
|
import datetime
|
||||||
|
|
||||||
|
cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
|
||||||
|
|
||||||
|
cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
|
||||||
|
cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
|
||||||
|
bb.utils.mkdirhier(cvelogpath)
|
||||||
|
|
||||||
|
timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
|
||||||
|
cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp))
|
||||||
|
|
||||||
|
shutil.copyfile(cve_tmp_file, cve_summary_file)
|
||||||
|
|
||||||
|
if cve_summary_file and os.path.exists(cve_summary_file):
|
||||||
|
cvefile_link = os.path.join(cvelogpath, cve_summary_name)
|
||||||
|
|
||||||
|
if os.path.exists(os.path.realpath(cvefile_link)):
|
||||||
|
os.remove(cvefile_link)
|
||||||
|
os.symlink(os.path.basename(cve_summary_file), cvefile_link)
|
||||||
|
}
|
||||||
|
|
||||||
|
addhandler cve_save_summary_handler
|
||||||
|
cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted"
|
||||||
|
|
||||||
python do_cve_check () {
|
python do_cve_check () {
|
||||||
"""
|
"""
|
||||||
Check recipe for patched and unpatched CVEs
|
Check recipe for patched and unpatched CVEs
|
||||||
@@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
|
|||||||
f.write(write_string)
|
f.write(write_string)
|
||||||
|
|
||||||
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
|
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
|
||||||
|
cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
|
||||||
|
bb.utils.mkdirhier(cvelogpath)
|
||||||
|
|
||||||
with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
|
with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
|
||||||
f.write("%s" % write_string)
|
f.write("%s" % write_string)
|
||||||
|
|||||||
Reference in New Issue
Block a user