cve-check.bbclass: always save cve report

The cve-check file should be saved always, it has good info. Put a copy in the log dir as cve-summary with symlinks to latest run. [Yocto #13974] (From OE-Core rev: 4dab2610a35a998ee0bf5309a0b399ee0d54b4a8) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 859849c7b594d844819ad8c3f7d8325388d94b93) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: akuster <akuster808@gmail.com> 2020-07-12 22:38:28 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-17 12:51:24 +0100
commit: ed79212913972be7487df6f222529085b78e3d0c (patch)
tree: 54a9f3995c8bcf0ae0af3450f346e009ba86f939
parent: f2422aad3b7ea08935df880a63b3be81daf0c898 (diff)
download: poky-ed79212913972be7487df6f222529085b78e3d0c.tar.gz
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 514897e8b8..0889e7544a 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
+CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
+CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
+CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
 CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
@@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= ""
 # 
 CVE_CHECK_WHITELIST ?= ""
+python cve_save_summary_handler () {
+    import shutil
+    import datetime
+    cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
+    cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
+    cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+    bb.utils.mkdirhier(cvelogpath)
+    timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
+    cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp))
+    shutil.copyfile(cve_tmp_file, cve_summary_file)
+    if cve_summary_file and os.path.exists(cve_summary_file):
+        cvefile_link = os.path.join(cvelogpath, cve_summary_name)
+        if os.path.exists(os.path.realpath(cvefile_link)):
+            os.remove(cvefile_link)
+        os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+}
+addhandler cve_save_summary_handler
+cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted"
 python do_cve_check () {
    """
    Check recipe for patched and unpatched CVEs
@@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
            f.write(write_string)
    if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
+        cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+        bb.utils.mkdirhier(cvelogpath)
        with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
            f.write("%s" % write_string)
author	akuster <akuster808@gmail.com>	2020-07-12 22:38:28 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-09-17 12:51:24 +0100
commit	ed79212913972be7487df6f222529085b78e3d0c (patch)
tree	54a9f3995c8bcf0ae0af3450f346e009ba86f939
parent	f2422aad3b7ea08935df880a63b3be81daf0c898 (diff)
download	poky-ed79212913972be7487df6f222529085b78e3d0c.tar.gz

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 514897e8b8..0889e7544a 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
30		30
31	CVE_CHECK_LOG ?= "${T}/cve.log"	31	CVE_CHECK_LOG ?= "${T}/cve.log"
32	CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"	32	CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
		33	CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
		34	CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
		35	CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
33		36
34	CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"	37	CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
35	CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"	38	CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
@@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= ""
46	#	49	#
47	CVE_CHECK_WHITELIST ?= ""	50	CVE_CHECK_WHITELIST ?= ""
48		51
		52	python cve_save_summary_handler () {
		53	import shutil
		54	import datetime
		55
		56	cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
		57
		58	cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
		59	cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
		60	bb.utils.mkdirhier(cvelogpath)
		61
		62	timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
		63	cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp))
		64
		65	shutil.copyfile(cve_tmp_file, cve_summary_file)
		66
		67	if cve_summary_file and os.path.exists(cve_summary_file):
		68	cvefile_link = os.path.join(cvelogpath, cve_summary_name)
		69
		70	if os.path.exists(os.path.realpath(cvefile_link)):
		71	os.remove(cvefile_link)
		72	os.symlink(os.path.basename(cve_summary_file), cvefile_link)
		73	}
		74
		75	addhandler cve_save_summary_handler
		76	cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted"
		77
49	python do_cve_check () {	78	python do_cve_check () {
50	"""	79	"""
51	Check recipe for patched and unpatched CVEs	80	Check recipe for patched and unpatched CVEs
@@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
331	f.write(write_string)	360	f.write(write_string)
332		361
333	if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":	362	if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
		363	cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
		364	bb.utils.mkdirhier(cvelogpath)
		365
334	with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:	366	with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
335	f.write("%s" % write_string)	367	f.write("%s" % write_string)