diff options
author | akuster <akuster808@gmail.com> | 2020-07-12 22:38:28 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-07-18 11:06:31 +0100 |
commit | fca05777a49411e07c2277d6e171419b4e831717 (patch) | |
tree | 0109f6499673233a7db01263645422d797990449 /meta/classes/cve-check.bbclass | |
parent | fe08dca6dba8721b1f1f9c6aabb8ccf6b55693d6 (diff) | |
download | poky-fca05777a49411e07c2277d6e171419b4e831717.tar.gz |
cve-check.bbclass: always save cve report
The cve-check file should be saved always, it has good info.
Put a copy in the log dir as cve-summary with symlinks to latest run.
[Yocto #13974]
(From OE-Core rev: 859849c7b594d844819ad8c3f7d8325388d94b93)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r-- | meta/classes/cve-check.bbclass | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 514897e8b8..0889e7544a 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" | |||
30 | 30 | ||
31 | CVE_CHECK_LOG ?= "${T}/cve.log" | 31 | CVE_CHECK_LOG ?= "${T}/cve.log" |
32 | CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" | 32 | CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" |
33 | CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve" | ||
34 | CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary" | ||
35 | CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}" | ||
33 | 36 | ||
34 | CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" | 37 | CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" |
35 | CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" | 38 | CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" |
@@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= "" | |||
46 | # | 49 | # |
47 | CVE_CHECK_WHITELIST ?= "" | 50 | CVE_CHECK_WHITELIST ?= "" |
48 | 51 | ||
52 | python cve_save_summary_handler () { | ||
53 | import shutil | ||
54 | import datetime | ||
55 | |||
56 | cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") | ||
57 | |||
58 | cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME") | ||
59 | cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") | ||
60 | bb.utils.mkdirhier(cvelogpath) | ||
61 | |||
62 | timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S') | ||
63 | cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp)) | ||
64 | |||
65 | shutil.copyfile(cve_tmp_file, cve_summary_file) | ||
66 | |||
67 | if cve_summary_file and os.path.exists(cve_summary_file): | ||
68 | cvefile_link = os.path.join(cvelogpath, cve_summary_name) | ||
69 | |||
70 | if os.path.exists(os.path.realpath(cvefile_link)): | ||
71 | os.remove(cvefile_link) | ||
72 | os.symlink(os.path.basename(cve_summary_file), cvefile_link) | ||
73 | } | ||
74 | |||
75 | addhandler cve_save_summary_handler | ||
76 | cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted" | ||
77 | |||
49 | python do_cve_check () { | 78 | python do_cve_check () { |
50 | """ | 79 | """ |
51 | Check recipe for patched and unpatched CVEs | 80 | Check recipe for patched and unpatched CVEs |
@@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): | |||
331 | f.write(write_string) | 360 | f.write(write_string) |
332 | 361 | ||
333 | if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": | 362 | if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": |
363 | cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") | ||
364 | bb.utils.mkdirhier(cvelogpath) | ||
365 | |||
334 | with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: | 366 | with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: |
335 | f.write("%s" % write_string) | 367 | f.write("%s" % write_string) |