diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2022-06-03 14:17:10 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-06-11 10:06:09 +0100 |
commit | f2d12bc50bc744afee0a9f9f393335ae6b44dbcc (patch) | |
tree | cfe67aa7ded067f50e281c6aaf301c507fecd045 /meta/classes/cve-check.bbclass | |
parent | 6cf824520a23f7d0f78b37a6cffb033f31c87a36 (diff) | |
download | poky-f2d12bc50bc744afee0a9f9f393335ae6b44dbcc.tar.gz |
cve-check: write empty fragment files in the text mode
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.
However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.
Fix it by always writing a fragment file, even if empty.
(From OE-Core rev: 4c10ee956f21ea2f805403704ac3c54b7f1be78c)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r-- | meta/classes/cve-check.bbclass | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 2ab1720dc3..48f75456f2 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -471,23 +471,22 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data): | |||
471 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": | 471 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": |
472 | bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) | 472 | bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) |
473 | 473 | ||
474 | if write_string: | 474 | with open(cve_file, "w") as f: |
475 | with open(cve_file, "w") as f: | 475 | bb.note("Writing file %s with CVE information" % cve_file) |
476 | bb.note("Writing file %s with CVE information" % cve_file) | 476 | f.write(write_string) |
477 | f.write(write_string) | ||
478 | 477 | ||
479 | if d.getVar("CVE_CHECK_COPY_FILES") == "1": | 478 | if d.getVar("CVE_CHECK_COPY_FILES") == "1": |
480 | deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") | 479 | deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") |
481 | bb.utils.mkdirhier(os.path.dirname(deploy_file)) | 480 | bb.utils.mkdirhier(os.path.dirname(deploy_file)) |
482 | with open(deploy_file, "w") as f: | 481 | with open(deploy_file, "w") as f: |
483 | f.write(write_string) | 482 | f.write(write_string) |
484 | 483 | ||
485 | if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": | 484 | if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": |
486 | cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") | 485 | cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") |
487 | bb.utils.mkdirhier(cvelogpath) | 486 | bb.utils.mkdirhier(cvelogpath) |
488 | 487 | ||
489 | with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: | 488 | with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: |
490 | f.write("%s" % write_string) | 489 | f.write("%s" % write_string) |
491 | 490 | ||
492 | def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file): | 491 | def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file): |
493 | """ | 492 | """ |