[OE-Core][PATCH] cve-check: Fix rootfs CVE generation

[OE-Core][PATCH] cve-check: Fix rootfs CVE generation

[Alex Kiernan]

Building an image with INHERIT += "cve-check" fails with undefined
variables and fails to pass d into pure python functions:

  ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python function in exec_func_python() autogenerated:

  The stack trace of python calls that resulted in this exception/failure was:
  File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
       0001:
   *** 0002:cve_check_write_rootfs_manifest(d)
       0003:
  File: '/home/alexk/poky/meta/classes/cve-check.bbclass', lineno: 213, function: cve_check_write_rootfs_manifest
       0209:
       0210:        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
       0211:        manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
       0212:        bb.note("Generating JSON CVE manifest")
   *** 0213:        generate_json_report(json_summary_name, json_summary_link_name)
       0214:        bb.plain("Image CVE JSON report stored in: %s" % link_path)
       0215:}
       0216:
       0217:ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
  Exception: NameError: name 'json_summary_name' is not defined

Fixes: f2987891d315 ("cve-check: add JSON format to summary output")
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
---
 meta/classes/cve-check.bbclass | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 24ddb865eaf5..d1ad875d9508 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -79,7 +79,7 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
 # set to "alphabetical" for version using single alphabetical character as increment release
 CVE_VERSION_SUFFIX ??= ""
 
-def generate_json_report(out_path, link_path):
+def generate_json_report(d, out_path, link_path):
     if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
         import json
         from oe.cve_check import cve_check_merge_jsons
@@ -129,7 +129,7 @@ python cve_save_summary_handler () {
 
         json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
         json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp))
-        generate_json_report(json_summary_name, json_summary_link_name)
+        generate_json_report(d, json_summary_name, json_summary_link_name)
         bb.plain("CVE report summary created at: %s" % json_summary_link_name)
 }
 
@@ -210,7 +210,7 @@ python cve_check_write_rootfs_manifest () {
         link_path = os.path.join(deploy_dir, "%s.json" % link_name)
         manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
         bb.note("Generating JSON CVE manifest")
-        generate_json_report(json_summary_name, json_summary_link_name)
+        generate_json_report(d, manifest_path, link_path)
         bb.plain("Image CVE JSON report stored in: %s" % link_path)
 }
 
-- 
2.35.1

Re: [OE-Core][PATCH] cve-check: Fix rootfs CVE generation

[Marta Rybczynska]

[-- Attachment #1: Type: text/plain, Size: 370 bytes --]

On Mon, May 16, 2022 at 9:45 PM Alex Kiernan <alex.kiernan@gmail.com> wrote:

> Building an image with INHERIT += "cve-check" fails with undefined
> variables and fails to pass d into pure python functions:
>
>
Thank you Alex for this fix. It fixes the case of a standard build. I will
be sending
a followup for a case of running text-only outputs.

Kind regards,
Marta

[-- Attachment #2: Type: text/html, Size: 768 bytes --]