diff options
| author |   akuster <akuster808@gmail.com> | 2020-07-12 22:38:28 +0000 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2020-09-14 04:26:37 -1000 |
| commit | 4dab2610a35a998ee0bf5309a0b399ee0d54b4a8 (patch) | |
| tree | ef48f747057858e9ebdbc4d2282f9776604553a5 | |
| parent | d5406b389fcae8fb0f5fc9cc7dbf7ee819c04bc8 (diff) | |
| download | openembedded-core-contrib-4dab2610a35a998ee0bf5309a0b399ee0d54b4a8.tar.gz | |
cve-check.bbclass: always save cve report
The cve-check file should be saved always, it has good info.
Put a copy in the log dir as cve-summary with symlinks to latest run.
[Yocto #13974]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 859849c7b594d844819ad8c3f7d8325388d94b93)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/classes/cve-check.bbclass | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 514897e8b8..0889e7544a 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" CVE_CHECK_LOG ?= "${T}/cve.log" CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" +CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve" +CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary" +CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}" CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" @@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= "" # CVE_CHECK_WHITELIST ?= "" +python cve_save_summary_handler () { + import shutil + import datetime + + cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") + + cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME") + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") + bb.utils.mkdirhier(cvelogpath) + + timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S') + cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp)) + + shutil.copyfile(cve_tmp_file, cve_summary_file) + + if cve_summary_file and os.path.exists(cve_summary_file): + cvefile_link = os.path.join(cvelogpath, cve_summary_name) + + if os.path.exists(os.path.realpath(cvefile_link)): + os.remove(cvefile_link) + os.symlink(os.path.basename(cve_summary_file), cvefile_link) +} + +addhandler cve_save_summary_handler +cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted" + python do_cve_check () { """ Check recipe for patched and unpatched CVEs @@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): f.write(write_string) if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") + bb.utils.mkdirhier(cvelogpath) + with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: f.write("%s" % write_string) |