Reviewed-by: Ernst Sjöstrand <ernstp@gmail.com>

Den tis 17 maj 2022 kl 08:01 skrev Marta Rybczynska <rybczynska@gmail.com>:

> The addition of summary output caused two issues: error when building
> an image and the fact that JSON output was generated even when
> CVE_CHECK_FORMAT_JSON.
>
> When generating an image it caused an error like:
> ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python
> function in exec_func_python() autogenerated:
>
>   The stack trace of python calls that resulted in this exception/failure
> was:
>   File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
>        0001:
>    *** 0002:cve_check_write_rootfs_manifest(d)
>        0003:
>   File: '/home/alexk/poky/meta/classes/cve-check.bbclass', lineno: 213,
> function: cve_check_write_rootfs_manifest
>        0209:
>        0210:        link_path = os.path.join(deploy_dir, "%s.json" %
> link_name)
>        0211:        manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
>        0212:        bb.note("Generating JSON CVE manifest")
>    *** 0213:        generate_json_report(json_summary_name,
> json_summary_link_name)
>        0214:        bb.plain("Image CVE JSON report stored in: %s" %
> link_path)
>        0215:}
>        0216:
>        0217:ROOTFS_POSTPROCESS_COMMAND:prepend =
> "${@'cve_check_write_rootfs_manifest; ' if
> d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
>   Exception: NameError: name 'json_summary_name' is not defined
>
> The fix is to pass the d variable to the pure python function
> generate_json_report
> to get correct values of variables and add conditions for the JSON
> output where needed.
>
> In addition clarify the message presenting the summary JSON file,
> which isn't related to an image.
>
> Uses partial fixes from Alex Kiernan, Ernst Sjöstrand (ernstp),
> and Davide Gardenal.
>
> Fixes: f2987891d315 ("cve-check: add JSON format to summary output")
>
> Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
> ---
>  meta/classes/cve-check.bbclass | 18 ++++++++++--------
>  1 file changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/meta/classes/cve-check.bbclass
> b/meta/classes/cve-check.bbclass
> index 24ddb865ea..7cd98ae462 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -79,7 +79,7 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
>  # set to "alphabetical" for version using single alphabetical character
> as increment release
>  CVE_VERSION_SUFFIX ??= ""
>
> -def generate_json_report(out_path, link_path):
> +def generate_json_report(d, out_path, link_path):
>      if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
>          import json
>          from oe.cve_check import cve_check_merge_jsons
> @@ -127,10 +127,11 @@ python cve_save_summary_handler () {
>                      os.remove(cvefile_link)
>                  os.symlink(os.path.basename(cve_summary_file),
> cvefile_link)
>
> +    if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
>          json_summary_link_name = os.path.join(cvelogpath,
> d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
>          json_summary_name = os.path.join(cvelogpath, "%s-%s.json" %
> (cve_summary_name, timestamp))
> -        generate_json_report(json_summary_name, json_summary_link_name)
> -        bb.plain("CVE report summary created at: %s" %
> json_summary_link_name)
> +        generate_json_report(d, json_summary_name, json_summary_link_name)
> +        bb.plain("Complete CVE JSON report summary created at: %s" %
> json_summary_link_name)
>  }
>
>  addhandler cve_save_summary_handler
> @@ -207,11 +208,12 @@ python cve_check_write_rootfs_manifest () {
>                  os.symlink(os.path.basename(manifest_name), manifest_link)
>              bb.plain("Image CVE report stored in: %s" % manifest_name)
>
> -        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
> -        manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
> -        bb.note("Generating JSON CVE manifest")
> -        generate_json_report(json_summary_name, json_summary_link_name)
> -        bb.plain("Image CVE JSON report stored in: %s" % link_path)
> +        if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
> +            link_path = os.path.join(deploy_dir, "%s.json" % link_name)
> +            manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
> +            bb.note("Generating JSON CVE manifest")
> +            generate_json_report(d, manifest_path, link_path)
> +            bb.plain("Image CVE JSON report stored in: %s" % link_path)
>  }
>
>  ROOTFS_POSTPROCESS_COMMAND:prepend =
> "${@'cve_check_write_rootfs_manifest; ' if
> d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
> --
> 2.33.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#165707):
> https://lists.openembedded.org/g/openembedded-core/message/165707
> Mute This Topic: https://lists.openembedded.org/mt/91158052/4947266
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> ernstp@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>