* [PATCH] cve-check.bbclass: always save cve report
@ 2020-07-12 22:38 akuster
2020-07-21 9:54 ` [OE-core] " Adrian Bunk
0 siblings, 1 reply; 3+ messages in thread
From: akuster @ 2020-07-12 22:38 UTC (permalink / raw)
To: openembedded-core
The cve-check file should be saved always, it has good info.
Put a copy in the log dir as cve-summary with symlinks to latest run.
[Yocto #13974]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/classes/cve-check.bbclass | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 514897e8b8..0889e7544a 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
CVE_CHECK_LOG ?= "${T}/cve.log"
CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
+CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
+CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
+CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
@@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= ""
#
CVE_CHECK_WHITELIST ?= ""
+python cve_save_summary_handler () {
+ import shutil
+ import datetime
+
+ cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
+
+ cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
+ cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+ bb.utils.mkdirhier(cvelogpath)
+
+ timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
+ cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp))
+
+ shutil.copyfile(cve_tmp_file, cve_summary_file)
+
+ if cve_summary_file and os.path.exists(cve_summary_file):
+ cvefile_link = os.path.join(cvelogpath, cve_summary_name)
+
+ if os.path.exists(os.path.realpath(cvefile_link)):
+ os.remove(cvefile_link)
+ os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+}
+
+addhandler cve_save_summary_handler
+cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted"
+
python do_cve_check () {
"""
Check recipe for patched and unpatched CVEs
@@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
f.write(write_string)
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
+ cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+ bb.utils.mkdirhier(cvelogpath)
+
with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
f.write("%s" % write_string)
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] cve-check.bbclass: always save cve report
2020-07-12 22:38 [PATCH] cve-check.bbclass: always save cve report akuster
@ 2020-07-21 9:54 ` Adrian Bunk
2020-07-21 15:12 ` akuster
0 siblings, 1 reply; 3+ messages in thread
From: Adrian Bunk @ 2020-07-21 9:54 UTC (permalink / raw)
To: akuster; +Cc: openembedded-core
This breaks building the SDK in distributions with INHERIT += "cve-check":
$ bitbake tmp-sdk -c populate_sdk
...
NOTE: Tasks Summary: Attempted 2785 tasks of which 2785 didn't need to be rerun and all succeeded.
ERROR: Execution of event handler 'cve_save_summary_handler' failed
Traceback (most recent call last):
File "/home/bunk/yoctomaster/yocto-tmp/sources/poky/meta/classes/cve-check.bbclass", line 65, in cve_save_summary_handler(e=<bb.event.BuildCompleted object at 0x7fcf4e4bada0>):
> shutil.copyfile(cve_tmp_file, cve_summary_file)
File "/usr/lib/python3.6/shutil.py", line 120, in copyfile(src='/home/bunk/yoctomaster/yocto-tmp/build_tmp/tmp/cve_check', dst='/home/bunk/yoctomaster/yocto-tmp/build_tmp/tmp/log/cve/cve-summary-20200721124814.txt', follow_symlinks=True):
else:
> with open(src, 'rb') as fsrc:
with open(dst, 'wb') as fdst:
FileNotFoundError: [Errno 2] No such file or directory: '/home/bunk/yoctomaster/yocto-tmp/build_tmp/tmp/cve_check'
Summary: There was 1 ERROR message shown, returning a non-zero exit code.
$
cu
Adrian
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] cve-check.bbclass: always save cve report
2020-07-21 9:54 ` [OE-core] " Adrian Bunk
@ 2020-07-21 15:12 ` akuster
0 siblings, 0 replies; 3+ messages in thread
From: akuster @ 2020-07-21 15:12 UTC (permalink / raw)
To: Adrian Bunk; +Cc: openembedded-core
On 7/21/20 2:54 AM, Adrian Bunk wrote:
> This breaks building the SDK in distributions with INHERIT += "cve-check":
>
> $ bitbake tmp-sdk -c populate_sdk
> ...
> NOTE: Tasks Summary: Attempted 2785 tasks of which 2785 didn't need to be rerun and all succeeded.
> ERROR: Execution of event handler 'cve_save_summary_handler' failed
> Traceback (most recent call last):
> File "/home/bunk/yoctomaster/yocto-tmp/sources/poky/meta/classes/cve-check.bbclass", line 65, in cve_save_summary_handler(e=<bb.event.BuildCompleted object at 0x7fcf4e4bada0>):
>
> > shutil.copyfile(cve_tmp_file, cve_summary_file)
>
> File "/usr/lib/python3.6/shutil.py", line 120, in copyfile(src='/home/bunk/yoctomaster/yocto-tmp/build_tmp/tmp/cve_check', dst='/home/bunk/yoctomaster/yocto-tmp/build_tmp/tmp/log/cve/cve-summary-20200721124814.txt', follow_symlinks=True):
> else:
> > with open(src, 'rb') as fsrc:
> with open(dst, 'wb') as fdst:
> FileNotFoundError: [Errno 2] No such file or directory: '/home/bunk/yoctomaster/yocto-tmp/build_tmp/tmp/cve_check'
thanks. I will take a look.
-armin
>
> Summary: There was 1 ERROR message shown, returning a non-zero exit code.
> $
>
> cu
> Adrian
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-21 15:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-12 22:38 [PATCH] cve-check.bbclass: always save cve report akuster
2020-07-21 9:54 ` [OE-core] " Adrian Bunk
2020-07-21 15:12 ` akuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.