* [PATCH 1/2] cve-check.bbclass: add layer to cve log
@ 2021-02-08 5:51 akuster
2021-02-08 5:51 ` [PATCH 2/2] cve-check: add include/exclude layers akuster
0 siblings, 1 reply; 5+ messages in thread
From: akuster @ 2021-02-08 5:51 UTC (permalink / raw)
To: openembedded-core
Lets include whcih layer a package belongs to and
add it to the cve logs
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/classes/cve-check.bbclass | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index ed86403b6bc..061af7a2760 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -335,6 +335,9 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
"""
cve_file = d.getVar("CVE_CHECK_LOG")
+ fdir_name = d.getVar("FILE_DIRNAME")
+ layer = fdir_name.split("/")[-3]
+
nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
write_string = ""
unpatched_cves = []
@@ -344,6 +347,7 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
is_patched = cve in patched
if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
continue
+ write_string += "LAYER: %s\n" % layer
write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
write_string += "CVE: %s\n" % cve
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] cve-check: add include/exclude layers
2021-02-08 5:51 [PATCH 1/2] cve-check.bbclass: add layer to cve log akuster
@ 2021-02-08 5:51 ` akuster
2021-02-08 10:16 ` [OE-core] " Richard Purdie
0 siblings, 1 reply; 5+ messages in thread
From: akuster @ 2021-02-08 5:51 UTC (permalink / raw)
To: openembedded-core
There are times when exluding or including a layer
may be desired. This provide the framwork for that via
two variables. The default is all layers in bblayers.
CVE_CHECK_LAYER_INCLUDELIST
CVE_CHECK_LAYER_EXCLUDELIST
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/classes/cve-check.bbclass | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061af7a2760..112ee3379d3 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= ""
#
CVE_CHECK_WHITELIST ?= ""
+# Layers to be excluded
+CVE_CHECK_LAYER_EXCLUDELIST ??= ""
+
+# Layers to be included
+CVE_CHECK_LAYER_INCLUDELIST ??= ""
+
+
# set to "alphabetical" for version using single alphabetical character as increament release
CVE_VERSION_SUFFIX ??= ""
@@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
CVE manifest if enabled.
"""
+
cve_file = d.getVar("CVE_CHECK_LOG")
fdir_name = d.getVar("FILE_DIRNAME")
layer = fdir_name.split("/")[-3]
+ include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
+ exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
+
+ if exclude_layers and layer in exclude_layers:
+ return
+
+ if include_layers and layer not in include_layers:
+ return
+
nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
write_string = ""
unpatched_cves = []
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH 2/2] cve-check: add include/exclude layers
2021-02-08 5:51 ` [PATCH 2/2] cve-check: add include/exclude layers akuster
@ 2021-02-08 10:16 ` Richard Purdie
2021-02-08 15:55 ` akuster
0 siblings, 1 reply; 5+ messages in thread
From: Richard Purdie @ 2021-02-08 10:16 UTC (permalink / raw)
To: akuster, openembedded-core
On Mon, 2021-02-08 at 05:51 +0000, akuster wrote:
> There are times when exluding or including a layer
> may be desired. This provide the framwork for that via
> two variables. The default is all layers in bblayers.
>
> CVE_CHECK_LAYER_INCLUDELIST
> CVE_CHECK_LAYER_EXCLUDELIST
Do we need to document these?
Cheers,
Richard
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH 2/2] cve-check: add include/exclude layers
2021-02-08 10:16 ` [OE-core] " Richard Purdie
@ 2021-02-08 15:55 ` akuster
2021-02-09 9:05 ` Richard Purdie
0 siblings, 1 reply; 5+ messages in thread
From: akuster @ 2021-02-08 15:55 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
On 2/8/21 2:16 AM, Richard Purdie wrote:
> On Mon, 2021-02-08 at 05:51 +0000, akuster wrote:
>> There are times when exluding or including a layer
>> may be desired. This provide the framwork for that via
>> two variables. The default is all layers in bblayers.
>>
>> CVE_CHECK_LAYER_INCLUDELIST
>> CVE_CHECK_LAYER_EXCLUDELIST
> Do we need to document these?
Yes if and when the patches are accepted. By doc do you mean the
manuals or documentation.conf?
- armin
>
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH 2/2] cve-check: add include/exclude layers
2021-02-08 15:55 ` akuster
@ 2021-02-09 9:05 ` Richard Purdie
0 siblings, 0 replies; 5+ messages in thread
From: Richard Purdie @ 2021-02-09 9:05 UTC (permalink / raw)
To: akuster808, openembedded-core
On Mon, 2021-02-08 at 07:55 -0800, akuster808 wrote:
>
> On 2/8/21 2:16 AM, Richard Purdie wrote:
> > On Mon, 2021-02-08 at 05:51 +0000, akuster wrote:
> > > There are times when exluding or including a layer
> > > may be desired. This provide the framwork for that via
> > > two variables. The default is all layers in bblayers.
> > >
> > > CVE_CHECK_LAYER_INCLUDELIST
> > > CVE_CHECK_LAYER_EXCLUDELIST
> > Do we need to document these?
> Yes if and when the patches are accepted. By doc do you mean the
> manuals or documentation.conf?
I was thinking the of the manuals but both may make sense. The patch is
in so looking forward to the docs updated, thanks! :)
Cheers,
Richard
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-02-09 9:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-08 5:51 [PATCH 1/2] cve-check.bbclass: add layer to cve log akuster
2021-02-08 5:51 ` [PATCH 2/2] cve-check: add include/exclude layers akuster
2021-02-08 10:16 ` [OE-core] " Richard Purdie
2021-02-08 15:55 ` akuster
2021-02-09 9:05 ` Richard Purdie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.