diff options
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r-- | meta/classes/cve-check.bbclass | 69 |
1 files changed, 54 insertions, 15 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 0ab7ec7ae6..3bb924ba34 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -176,6 +176,8 @@ python cve_check_write_rootfs_manifest () { | |||
176 | """ | 176 | """ |
177 | 177 | ||
178 | import shutil | 178 | import shutil |
179 | import json | ||
180 | from oe.rootfs import image_list_installed_packages | ||
179 | from oe.cve_check import cve_check_merge_jsons | 181 | from oe.cve_check import cve_check_merge_jsons |
180 | 182 | ||
181 | if d.getVar("CVE_CHECK_COPY_FILES") == "1": | 183 | if d.getVar("CVE_CHECK_COPY_FILES") == "1": |
@@ -186,26 +188,63 @@ python cve_check_write_rootfs_manifest () { | |||
186 | if os.path.exists(deploy_file_json): | 188 | if os.path.exists(deploy_file_json): |
187 | bb.utils.remove(deploy_file_json) | 189 | bb.utils.remove(deploy_file_json) |
188 | 190 | ||
189 | if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")): | 191 | # Create a list of relevant recipies |
190 | bb.note("Writing rootfs CVE manifest") | 192 | recipies = set() |
191 | deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") | 193 | for pkg in list(image_list_installed_packages(d)): |
192 | link_name = d.getVar("IMAGE_LINK_NAME") | 194 | pkg_info = os.path.join(d.getVar('PKGDATA_DIR'), |
195 | 'runtime-reverse', pkg) | ||
196 | pkg_data = oe.packagedata.read_pkgdatafile(pkg_info) | ||
197 | recipies.add(pkg_data["PN"]) | ||
198 | |||
199 | bb.note("Writing rootfs CVE manifest") | ||
200 | deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") | ||
201 | link_name = d.getVar("IMAGE_LINK_NAME") | ||
202 | |||
203 | json_data = {"version":"1", "package": []} | ||
204 | text_data = "" | ||
205 | enable_json = d.getVar("CVE_CHECK_FORMAT_JSON") == "1" | ||
206 | enable_text = d.getVar("CVE_CHECK_FORMAT_TEXT") == "1" | ||
207 | |||
208 | save_pn = d.getVar("PN") | ||
209 | |||
210 | for pkg in recipies: | ||
211 | # To be able to use the CVE_CHECK_RECIPE_FILE variable we have to evaluate | ||
212 | # it with the different PN names set each time. | ||
213 | d.setVar("PN", pkg) | ||
214 | if enable_text: | ||
215 | pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE") | ||
216 | if os.path.exists(pkgfilepath): | ||
217 | with open(pkgfilepath) as pfile: | ||
218 | text_data += pfile.read() | ||
219 | |||
220 | if enable_json: | ||
221 | pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE_JSON") | ||
222 | if os.path.exists(pkgfilepath): | ||
223 | with open(pkgfilepath) as j: | ||
224 | data = json.load(j) | ||
225 | cve_check_merge_jsons(json_data, data) | ||
226 | |||
227 | d.setVar("PN", save_pn) | ||
228 | |||
229 | if enable_text: | ||
230 | link_path = os.path.join(deploy_dir, "%s.cve" % link_name) | ||
193 | manifest_name = d.getVar("CVE_CHECK_MANIFEST") | 231 | manifest_name = d.getVar("CVE_CHECK_MANIFEST") |
194 | cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") | ||
195 | 232 | ||
196 | bb.utils.mkdirhier(os.path.dirname(manifest_name)) | 233 | with open(manifest_name, "w") as f: |
197 | shutil.copyfile(cve_tmp_file, manifest_name) | 234 | f.write(text_data) |
198 | 235 | ||
199 | manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name) | 236 | update_symlinks(manifest_name, link_path) |
200 | update_symlinks(manifest_name, manifest_link) | ||
201 | bb.plain("Image CVE report stored in: %s" % manifest_name) | 237 | bb.plain("Image CVE report stored in: %s" % manifest_name) |
202 | 238 | ||
203 | if d.getVar("CVE_CHECK_FORMAT_JSON") == "1": | 239 | if enable_json: |
204 | link_path = os.path.join(deploy_dir, "%s.json" % link_name) | 240 | link_path = os.path.join(deploy_dir, "%s.json" % link_name) |
205 | manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON") | 241 | manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") |
206 | bb.note("Generating JSON CVE manifest") | 242 | |
207 | generate_json_report(d, manifest_path, link_path) | 243 | with open(manifest_name, "w") as f: |
208 | bb.plain("Image CVE JSON report stored in: %s" % link_path) | 244 | json.dump(json_data, f, indent=2) |
245 | |||
246 | update_symlinks(manifest_name, link_path) | ||
247 | bb.plain("Image CVE JSON report stored in: %s" % manifest_name) | ||
209 | } | 248 | } |
210 | 249 | ||
211 | ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" | 250 | ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" |