summaryrefslogtreecommitdiffstats
path: root/meta/classes/cve-check.bbclass
diff options
context:
space:
mode:
authorakuster <akuster808@gmail.com>2020-07-12 22:38:28 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-07-18 11:06:31 +0100
commitfca05777a49411e07c2277d6e171419b4e831717 (patch)
tree0109f6499673233a7db01263645422d797990449 /meta/classes/cve-check.bbclass
parentfe08dca6dba8721b1f1f9c6aabb8ccf6b55693d6 (diff)
downloadpoky-fca05777a49411e07c2277d6e171419b4e831717.tar.gz
cve-check.bbclass: always save cve report
The cve-check file should be saved always, it has good info. Put a copy in the log dir as cve-summary with symlinks to latest run. [Yocto #13974] (From OE-Core rev: 859849c7b594d844819ad8c3f7d8325388d94b93) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r--meta/classes/cve-check.bbclass32
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 514897e8b8..0889e7544a 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
30 30
31CVE_CHECK_LOG ?= "${T}/cve.log" 31CVE_CHECK_LOG ?= "${T}/cve.log"
32CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" 32CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
33CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
34CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
35CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
33 36
34CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" 37CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
35CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" 38CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
@@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= ""
46# 49#
47CVE_CHECK_WHITELIST ?= "" 50CVE_CHECK_WHITELIST ?= ""
48 51
52python cve_save_summary_handler () {
53 import shutil
54 import datetime
55
56 cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
57
58 cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
59 cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
60 bb.utils.mkdirhier(cvelogpath)
61
62 timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
63 cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp))
64
65 shutil.copyfile(cve_tmp_file, cve_summary_file)
66
67 if cve_summary_file and os.path.exists(cve_summary_file):
68 cvefile_link = os.path.join(cvelogpath, cve_summary_name)
69
70 if os.path.exists(os.path.realpath(cvefile_link)):
71 os.remove(cvefile_link)
72 os.symlink(os.path.basename(cve_summary_file), cvefile_link)
73}
74
75addhandler cve_save_summary_handler
76cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted"
77
49python do_cve_check () { 78python do_cve_check () {
50 """ 79 """
51 Check recipe for patched and unpatched CVEs 80 Check recipe for patched and unpatched CVEs
@@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
331 f.write(write_string) 360 f.write(write_string)
332 361
333 if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": 362 if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
363 cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
364 bb.utils.mkdirhier(cvelogpath)
365
334 with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: 366 with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
335 f.write("%s" % write_string) 367 f.write("%s" % write_string)