diff options
| author | Marta Rybczynska <rybczynska@gmail.com> | 2022-06-03 14:17:10 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-06-11 10:06:13 +0100 |
| commit | 34eecaa053b257443a18d4b20cab660621f03128 (patch) | |
| tree | f8f5cda8af03bd1b6cd8088b6120fcaba4eab577 | |
| parent | 7f22fb48eb910e5325d659e2513003c812289194 (diff) | |
| download | poky-34eecaa053b257443a18d4b20cab660621f03128.tar.gz | |
cve-check: write empty fragment files in the text mode
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.
However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.
Fix it by always writing a fragment file, even if empty.
(From OE-Core rev: 79c02facd3f248122b4b7a6bd00192151e4a6406)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/cve-check.bbclass | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 3844efcddb..0c5f40b78d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -435,23 +435,22 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): | |||
| 435 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": | 435 | if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": |
| 436 | bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) | 436 | bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) |
| 437 | 437 | ||
| 438 | if write_string: | 438 | with open(cve_file, "w") as f: |
| 439 | with open(cve_file, "w") as f: | 439 | bb.note("Writing file %s with CVE information" % cve_file) |
| 440 | bb.note("Writing file %s with CVE information" % cve_file) | 440 | f.write(write_string) |
| 441 | f.write(write_string) | ||
| 442 | 441 | ||
| 443 | if d.getVar("CVE_CHECK_COPY_FILES") == "1": | 442 | if d.getVar("CVE_CHECK_COPY_FILES") == "1": |
| 444 | deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") | 443 | deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") |
| 445 | bb.utils.mkdirhier(os.path.dirname(deploy_file)) | 444 | bb.utils.mkdirhier(os.path.dirname(deploy_file)) |
| 446 | with open(deploy_file, "w") as f: | 445 | with open(deploy_file, "w") as f: |
| 447 | f.write(write_string) | 446 | f.write(write_string) |
| 448 | 447 | ||
| 449 | if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": | 448 | if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": |
| 450 | cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") | 449 | cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") |
| 451 | bb.utils.mkdirhier(cvelogpath) | 450 | bb.utils.mkdirhier(cvelogpath) |
| 452 | 451 | ||
| 453 | with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: | 452 | with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: |
| 454 | f.write("%s" % write_string) | 453 | f.write("%s" % write_string) |
| 455 | 454 | ||
| 456 | def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file): | 455 | def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file): |
| 457 | """ | 456 | """ |