diff options
| author | Marta Rybczynska <rybczynska@gmail.com> | 2022-06-03 14:17:10 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-06-11 10:06:09 +0100 |
| commit | f2d12bc50bc744afee0a9f9f393335ae6b44dbcc (patch) | |
| tree | cfe67aa7ded067f50e281c6aaf301c507fecd045 /meta/classes | |
| parent | 6cf824520a23f7d0f78b37a6cffb033f31c87a36 (diff) | |
| download | poky-f2d12bc50bc744afee0a9f9f393335ae6b44dbcc.tar.gz | |
cve-check: write empty fragment files in the text mode
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.
However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.
Fix it by always writing a fragment file, even if empty.
(From OE-Core rev: 4c10ee956f21ea2f805403704ac3c54b7f1be78c)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 2ab1720dc3..48f75456f2 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -471,23 +471,22 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data): | |||
| 471 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": | 471 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": |
| 472 | bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) | 472 | bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) |
| 473 | 473 | ||
| 474 | if write_string: | 474 | with open(cve_file, "w") as f: |
| 475 | with open(cve_file, "w") as f: | 475 | bb.note("Writing file %s with CVE information" % cve_file) |
| 476 | bb.note("Writing file %s with CVE information" % cve_file) | 476 | f.write(write_string) |
| 477 | f.write(write_string) | ||
| 478 | 477 | ||
| 479 | if d.getVar("CVE_CHECK_COPY_FILES") == "1": | 478 | if d.getVar("CVE_CHECK_COPY_FILES") == "1": |
| 480 | deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") | 479 | deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") |
| 481 | bb.utils.mkdirhier(os.path.dirname(deploy_file)) | 480 | bb.utils.mkdirhier(os.path.dirname(deploy_file)) |
| 482 | with open(deploy_file, "w") as f: | 481 | with open(deploy_file, "w") as f: |
| 483 | f.write(write_string) | 482 | f.write(write_string) |
| 484 | 483 | ||
| 485 | if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": | 484 | if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": |
| 486 | cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") | 485 | cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") |
| 487 | bb.utils.mkdirhier(cvelogpath) | 486 | bb.utils.mkdirhier(cvelogpath) |
| 488 | 487 | ||
| 489 | with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: | 488 | with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: |
| 490 | f.write("%s" % write_string) | 489 | f.write("%s" % write_string) |
| 491 | 490 | ||
| 492 | def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file): | 491 | def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file): |
| 493 | """ | 492 | """ |