1 files changed, 54 insertions, 15 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 0ab7ec7ae6..3bb924ba34 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -176,6 +176,8 @@ python cve_check_write_rootfs_manifest () {
    """
    import shutil
+    import json
+    from oe.rootfs import image_list_installed_packages
    from oe.cve_check import cve_check_merge_jsons
    if d.getVar("CVE_CHECK_COPY_FILES") == "1":
@@ -186,26 +188,63 @@ python cve_check_write_rootfs_manifest () {
        if os.path.exists(deploy_file_json):
            bb.utils.remove(deploy_file_json)
-    if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")):
+    # Create a list of relevant recipies
-        bb.note("Writing rootfs CVE manifest")
+    recipies = set()
-        deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
+    for pkg in list(image_list_installed_packages(d)):
-        link_name = d.getVar("IMAGE_LINK_NAME")
+        pkg_info = os.path.join(d.getVar('PKGDATA_DIR'),
+                                'runtime-reverse', pkg)
+        pkg_data = oe.packagedata.read_pkgdatafile(pkg_info)
+        recipies.add(pkg_data["PN"])
+    bb.note("Writing rootfs CVE manifest")
+    deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
+    link_name = d.getVar("IMAGE_LINK_NAME")
+    json_data = {"version":"1", "package": []}
+    text_data = ""
+    enable_json = d.getVar("CVE_CHECK_FORMAT_JSON") == "1"
+    enable_text = d.getVar("CVE_CHECK_FORMAT_TEXT") == "1"
+    save_pn = d.getVar("PN")
+    for pkg in recipies:
+        # To be able to use the CVE_CHECK_RECIPE_FILE variable we have to evaluate
+        # it with the different PN names set each time.
+        d.setVar("PN", pkg)
+        if enable_text:
+            pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE")
+            if os.path.exists(pkgfilepath):
+                with open(pkgfilepath) as pfile:
+                    text_data += pfile.read()
+        if enable_json:
+            pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE_JSON")
+            if os.path.exists(pkgfilepath):
+                with open(pkgfilepath) as j:
+                    data = json.load(j)
+                    cve_check_merge_jsons(json_data, data)
+    d.setVar("PN", save_pn)
+    if enable_text:
+        link_path = os.path.join(deploy_dir, "%s.cve" % link_name)
        manifest_name = d.getVar("CVE_CHECK_MANIFEST")
-        cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
-        bb.utils.mkdirhier(os.path.dirname(manifest_name))
+        with open(manifest_name, "w") as f:
-        shutil.copyfile(cve_tmp_file, manifest_name)
+            f.write(text_data)
-        manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name)
+        update_symlinks(manifest_name, link_path)
-        update_symlinks(manifest_name, manifest_link)
        bb.plain("Image CVE report stored in: %s" % manifest_name)
-        if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
+    if enable_json:
-            link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
-            manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
+        manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
-            bb.note("Generating JSON CVE manifest")
-            generate_json_report(d, manifest_path, link_path)
+        with open(manifest_name, "w") as f:
-            bb.plain("Image CVE JSON report stored in: %s" % link_path)
+            json.dump(json_data, f, indent=2)
+        update_symlinks(manifest_name, link_path)
+        bb.plain("Image CVE JSON report stored in: %s" % manifest_name)
 }
 ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 0ab7ec7ae6..3bb924ba34 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -176,6 +176,8 @@ python cve_check_write_rootfs_manifest () {
176	"""	176	"""
177		177
178	import shutil	178	import shutil
		179	import json
		180	from oe.rootfs import image_list_installed_packages
179	from oe.cve_check import cve_check_merge_jsons	181	from oe.cve_check import cve_check_merge_jsons
180		182
181	if d.getVar("CVE_CHECK_COPY_FILES") == "1":	183	if d.getVar("CVE_CHECK_COPY_FILES") == "1":
@@ -186,26 +188,63 @@ python cve_check_write_rootfs_manifest () {
186	if os.path.exists(deploy_file_json):	188	if os.path.exists(deploy_file_json):
187	bb.utils.remove(deploy_file_json)	189	bb.utils.remove(deploy_file_json)
188		190
189	if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")):	191	# Create a list of relevant recipies
190	bb.note("Writing rootfs CVE manifest")	192	recipies = set()
191	deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")	193	for pkg in list(image_list_installed_packages(d)):
192	link_name = d.getVar("IMAGE_LINK_NAME")	194	pkg_info = os.path.join(d.getVar('PKGDATA_DIR'),
		195	'runtime-reverse', pkg)
		196	pkg_data = oe.packagedata.read_pkgdatafile(pkg_info)
		197	recipies.add(pkg_data["PN"])
		198
		199	bb.note("Writing rootfs CVE manifest")
		200	deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
		201	link_name = d.getVar("IMAGE_LINK_NAME")
		202
		203	json_data = {"version":"1", "package": []}
		204	text_data = ""
		205	enable_json = d.getVar("CVE_CHECK_FORMAT_JSON") == "1"
		206	enable_text = d.getVar("CVE_CHECK_FORMAT_TEXT") == "1"
		207
		208	save_pn = d.getVar("PN")
		209
		210	for pkg in recipies:
		211	# To be able to use the CVE_CHECK_RECIPE_FILE variable we have to evaluate
		212	# it with the different PN names set each time.
		213	d.setVar("PN", pkg)
		214	if enable_text:
		215	pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE")
		216	if os.path.exists(pkgfilepath):
		217	with open(pkgfilepath) as pfile:
		218	text_data += pfile.read()
		219
		220	if enable_json:
		221	pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE_JSON")
		222	if os.path.exists(pkgfilepath):
		223	with open(pkgfilepath) as j:
		224	data = json.load(j)
		225	cve_check_merge_jsons(json_data, data)
		226
		227	d.setVar("PN", save_pn)
		228
		229	if enable_text:
		230	link_path = os.path.join(deploy_dir, "%s.cve" % link_name)
193	manifest_name = d.getVar("CVE_CHECK_MANIFEST")	231	manifest_name = d.getVar("CVE_CHECK_MANIFEST")
194	cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
195		232
196	bb.utils.mkdirhier(os.path.dirname(manifest_name))	233	with open(manifest_name, "w") as f:
197	shutil.copyfile(cve_tmp_file, manifest_name)	234	f.write(text_data)
198		235
199	manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name)	236	update_symlinks(manifest_name, link_path)
200	update_symlinks(manifest_name, manifest_link)
201	bb.plain("Image CVE report stored in: %s" % manifest_name)	237	bb.plain("Image CVE report stored in: %s" % manifest_name)
202		238
203	if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":	239	if enable_json:
204	link_path = os.path.join(deploy_dir, "%s.json" % link_name)	240	link_path = os.path.join(deploy_dir, "%s.json" % link_name)
205	manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")	241	manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
206	bb.note("Generating JSON CVE manifest")	242
207	generate_json_report(d, manifest_path, link_path)	243	with open(manifest_name, "w") as f:
208	bb.plain("Image CVE JSON report stored in: %s" % link_path)	244	json.dump(json_data, f, indent=2)
		245
		246	update_symlinks(manifest_name, link_path)
		247	bb.plain("Image CVE JSON report stored in: %s" % manifest_name)
209	}	248	}
210		249
211	ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"	250	ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"