From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A4B2C433F5 for ; Tue, 17 May 2022 07:56:01 +0000 (UTC) Received: from mail-il1-f181.google.com (mail-il1-f181.google.com [209.85.166.181]) by mx.groups.io with SMTP id smtpd.web10.4478.1652774153324648482 for ; Tue, 17 May 2022 00:55:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=FF4q4LH1; spf=pass (domain: gmail.com, ip: 209.85.166.181, mailfrom: ernstp@gmail.com) Received: by mail-il1-f181.google.com with SMTP id i15so2201424ilk.5 for ; Tue, 17 May 2022 00:55:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=povlwlMbWHHB/8yEHM67jfHEUATGH+PSDwZzyCtygTQ=; b=FF4q4LH1fL1jeWd6jDtfpO5UteWldi+vTJuSkHrttqBu5iIgsk4wrVHeZz2N1Uu9Pd 7xQ2M/KpWi3rYx2QlCu1Q1F74HPIp77jzHm7W7X/AFkGz4tqgnqIFnjS8F7z8eSJhPvB F6D7gjY0usU8d9wSkaf06/Qx6r96DdJarmrp2dVIiYracm2++ZQycDykI3UIAUGxb4rp 2NXHGo3ab9qTUQuNZ8lztE43ApwLB+MsaHzCd+iRk2SYxAWU4PMFz9tEYPN2IQPmI6OB ki6LuMml7gTlYFHLa1Nt6ZSxEitfTbOVUYG7zQ1B2mmvRworir8L6+5ug44tWDhRwAdr AAEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=povlwlMbWHHB/8yEHM67jfHEUATGH+PSDwZzyCtygTQ=; b=OCdsP3ckC+0Jk/WiDWpfCPGMMZU2xjUZW2bzudrPnpb//UU3pojM2ienHWMSagCyZx lPBTvuzyuzzPlS94g/8b8ihvah9cGlKa/6dFeRlZ2lPG+2HGmql2ssbCA6X+A/piwcSs ZAF9K6Xq+/UVJv3smHq4k71jO5KjI2rqFAHVnJO7sWhPEkHgY+9nLjRuXFhZChFTYY9D pU+/aiHk6QiX67ZjQS8rnScMNRj7jocBZQOUDvTsK0wxxUNuJ4ZegatADnMDggOhT3Cg m7wQ4/1RR8LMAQf4JoTa/bw6Ahc7lLXf4FJpfOqHeHXLOKfgxiXOhCuCu+JR/jptRzry 5qwA== X-Gm-Message-State: AOAM5310kp4xtj1fgaQJ1RsZnVFNF4QXon0YEOmjHvLzwGHWTfZBzXIs 5y9LNZ5IV/y2wxYq5vK5P7wN8oC9bdcIb3B8Fx4= X-Google-Smtp-Source: ABdhPJxnT+4bSkHMVxL0yJcH1pgDUEY+5gGvra39YaWKgVPL2kTewGOjomOWkBlaivTLtkEBEwWaT2m+FSo2uL9ijn4= X-Received: by 2002:a05:6e02:1c81:b0:2d1:3971:9343 with SMTP id w1-20020a056e021c8100b002d139719343mr1138011ill.237.1652774152749; Tue, 17 May 2022 00:55:52 -0700 (PDT) MIME-Version: 1.0 References: <20220517060115.1913044-1-rybczynska@gmail.com> In-Reply-To: <20220517060115.1913044-1-rybczynska@gmail.com> From: =?UTF-8?Q?Ernst_Sj=C3=B6strand?= Date: Tue, 17 May 2022 09:55:41 +0200 Message-ID: Subject: Re: [OE-core] [PATCH] cve-check: Fix report generation To: Marta Rybczynska Cc: openembedded-core@lists.openembedded.org, alex.kiernan@gmail.com, Marta Rybczynska Content-Type: multipart/alternative; boundary="00000000000044c6a205df30787a" List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 May 2022 07:56:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165711 --00000000000044c6a205df30787a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ernst Sj=C3=B6strand Den tis 17 maj 2022 kl 08:01 skrev Marta Rybczynska : > The addition of summary output caused two issues: error when building > an image and the fact that JSON output was generated even when > CVE_CHECK_FORMAT_JSON. > > When generating an image it caused an error like: > ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python > function in exec_func_python() autogenerated: > > The stack trace of python calls that resulted in this exception/failure > was: > File: 'exec_func_python() autogenerated', lineno: 2, function: > 0001: > *** 0002:cve_check_write_rootfs_manifest(d) > 0003: > File: '/home/alexk/poky/meta/classes/cve-check.bbclass', lineno: 213, > function: cve_check_write_rootfs_manifest > 0209: > 0210: link_path =3D os.path.join(deploy_dir, "%s.json" % > link_name) > 0211: manifest_path =3D d.getVar("CVE_CHECK_MANIFEST_JSON") > 0212: bb.note("Generating JSON CVE manifest") > *** 0213: generate_json_report(json_summary_name, > json_summary_link_name) > 0214: bb.plain("Image CVE JSON report stored in: %s" % > link_path) > 0215:} > 0216: > 0217:ROOTFS_POSTPROCESS_COMMAND:prepend =3D > "${@'cve_check_write_rootfs_manifest; ' if > d.getVar('CVE_CHECK_CREATE_MANIFEST') =3D=3D '1' else ''}" > Exception: NameError: name 'json_summary_name' is not defined > > The fix is to pass the d variable to the pure python function > generate_json_report > to get correct values of variables and add conditions for the JSON > output where needed. > > In addition clarify the message presenting the summary JSON file, > which isn't related to an image. > > Uses partial fixes from Alex Kiernan, Ernst Sj=C3=B6strand (ernstp), > and Davide Gardenal. > > Fixes: f2987891d315 ("cve-check: add JSON format to summary output") > > Signed-off-by: Marta Rybczynska > --- > meta/classes/cve-check.bbclass | 18 ++++++++++-------- > 1 file changed, 10 insertions(+), 8 deletions(-) > > diff --git a/meta/classes/cve-check.bbclass > b/meta/classes/cve-check.bbclass > index 24ddb865ea..7cd98ae462 100644 > --- a/meta/classes/cve-check.bbclass > +++ b/meta/classes/cve-check.bbclass > @@ -79,7 +79,7 @@ CVE_CHECK_LAYER_INCLUDELIST ??=3D "" > # set to "alphabetical" for version using single alphabetical character > as increment release > CVE_VERSION_SUFFIX ??=3D "" > > -def generate_json_report(out_path, link_path): > +def generate_json_report(d, out_path, link_path): > if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): > import json > from oe.cve_check import cve_check_merge_jsons > @@ -127,10 +127,11 @@ python cve_save_summary_handler () { > os.remove(cvefile_link) > os.symlink(os.path.basename(cve_summary_file), > cvefile_link) > > + if d.getVar("CVE_CHECK_FORMAT_JSON") =3D=3D "1": > json_summary_link_name =3D os.path.join(cvelogpath, > d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")) > json_summary_name =3D os.path.join(cvelogpath, "%s-%s.json" % > (cve_summary_name, timestamp)) > - generate_json_report(json_summary_name, json_summary_link_name) > - bb.plain("CVE report summary created at: %s" % > json_summary_link_name) > + generate_json_report(d, json_summary_name, json_summary_link_nam= e) > + bb.plain("Complete CVE JSON report summary created at: %s" % > json_summary_link_name) > } > > addhandler cve_save_summary_handler > @@ -207,11 +208,12 @@ python cve_check_write_rootfs_manifest () { > os.symlink(os.path.basename(manifest_name), manifest_lin= k) > bb.plain("Image CVE report stored in: %s" % manifest_name) > > - link_path =3D os.path.join(deploy_dir, "%s.json" % link_name) > - manifest_path =3D d.getVar("CVE_CHECK_MANIFEST_JSON") > - bb.note("Generating JSON CVE manifest") > - generate_json_report(json_summary_name, json_summary_link_name) > - bb.plain("Image CVE JSON report stored in: %s" % link_path) > + if d.getVar("CVE_CHECK_FORMAT_JSON") =3D=3D "1": > + link_path =3D os.path.join(deploy_dir, "%s.json" % link_name= ) > + manifest_path =3D d.getVar("CVE_CHECK_MANIFEST_JSON") > + bb.note("Generating JSON CVE manifest") > + generate_json_report(d, manifest_path, link_path) > + bb.plain("Image CVE JSON report stored in: %s" % link_path) > } > > ROOTFS_POSTPROCESS_COMMAND:prepend =3D > "${@'cve_check_write_rootfs_manifest; ' if > d.getVar('CVE_CHECK_CREATE_MANIFEST') =3D=3D '1' else ''}" > -- > 2.33.0 > > > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- > Links: You receive all messages sent to this group. > View/Reply Online (#165707): > https://lists.openembedded.org/g/openembedded-core/message/165707 > Mute This Topic: https://lists.openembedded.org/mt/91158052/4947266 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > ernstp@gmail.com] > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- > > --00000000000044c6a205df30787a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Reviewed-by: Ernst Sj=C3=B6strand <ernstp@gmail.com>

=
Den tis 17 maj 2022 kl 08:01 skrev Ma= rta Rybczynska <rybczynska@gmail= .com>:
Th= e addition of summary output caused two issues: error when building
an image and the fact that JSON output was generated even when
CVE_CHECK_FORMAT_JSON.

When generating an image it caused an error like:
ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python functi= on in exec_func_python() autogenerated:

=C2=A0 The stack trace of python calls that resulted in this exception/fail= ure was:
=C2=A0 File: 'exec_func_python() autogenerated', lineno: 2, functio= n: <module>
=C2=A0 =C2=A0 =C2=A0 =C2=A00001:
=C2=A0 =C2=A0*** 0002:cve_check_write_rootfs_manifest(d)
=C2=A0 =C2=A0 =C2=A0 =C2=A00003:
=C2=A0 File: '/home/alexk/poky/meta/classes/cve-check.bbclass', lin= eno: 213, function: cve_check_write_rootfs_manifest
=C2=A0 =C2=A0 =C2=A0 =C2=A00209:
=C2=A0 =C2=A0 =C2=A0 =C2=A00210:=C2=A0 =C2=A0 =C2=A0 =C2=A0 link_path =3D o= s.path.join(deploy_dir, "%s.json" % link_name)
=C2=A0 =C2=A0 =C2=A0 =C2=A00211:=C2=A0 =C2=A0 =C2=A0 =C2=A0 manifest_path = =3D d.getVar("CVE_CHECK_MANIFEST_JSON")
=C2=A0 =C2=A0 =C2=A0 =C2=A00212:=C2=A0 =C2=A0 =C2=A0 =C2=A0 bb.note("G= enerating JSON CVE manifest")
=C2=A0 =C2=A0*** 0213:=C2=A0 =C2=A0 =C2=A0 =C2=A0 generate_json_report(json= _summary_name, json_summary_link_name)
=C2=A0 =C2=A0 =C2=A0 =C2=A00214:=C2=A0 =C2=A0 =C2=A0 =C2=A0 bb.plain("= Image CVE JSON report stored in: %s" % link_path)
=C2=A0 =C2=A0 =C2=A0 =C2=A00215:}
=C2=A0 =C2=A0 =C2=A0 =C2=A00216:
=C2=A0 =C2=A0 =C2=A0 =C2=A00217:ROOTFS_POSTPROCESS_COMMAND:prepend =3D &quo= t;${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK= _CREATE_MANIFEST') =3D=3D '1' else ''}"
=C2=A0 Exception: NameError: name 'json_summary_name' is not define= d

The fix is to pass the d variable to the pure python function generate_json= _report
to get correct values of variables and add conditions for the JSON
output where needed.

In addition clarify the message presenting the summary JSON file,
which isn't related to an image.

Uses partial fixes from Alex Kiernan, Ernst Sj=C3=B6strand (ernstp),
and Davide Gardenal.

Fixes: f2987891d315 ("cve-check: add JSON format to summary output&quo= t;)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
=C2=A0meta/classes/cve-check.bbclass | 18 ++++++++++--------
=C2=A01 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclas= s
index 24ddb865ea..7cd98ae462 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -79,7 +79,7 @@ CVE_CHECK_LAYER_INCLUDELIST ??=3D ""
=C2=A0# set to "alphabetical" for version using single alphabetic= al character as increment release
=C2=A0CVE_VERSION_SUFFIX ??=3D ""

-def generate_json_report(out_path, link_path):
+def generate_json_report(d, out_path, link_path):
=C2=A0 =C2=A0 =C2=A0if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDE= X_PATH")):
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0import json
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0from oe.cve_check import cve_check_merge_= jsons
@@ -127,10 +127,11 @@ python cve_save_summary_handler () {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0os.remove(cvefile_link)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0os.symlink(os= .path.basename(cve_summary_file), cvefile_link)

+=C2=A0 =C2=A0 if d.getVar("CVE_CHECK_FORMAT_JSON") =3D=3D "= 1":
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0json_summary_link_name =3D os.path.join(c= velogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0json_summary_name =3D os.path.join(cvelog= path, "%s-%s.json" % (cve_summary_name, timestamp))
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 generate_json_report(json_summary_name, json_s= ummary_link_name)
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 bb.plain("CVE report summary created at: = %s" % json_summary_link_name)
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 generate_json_report(d, json_summary_name, jso= n_summary_link_name)
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 bb.plain("Complete CVE JSON report summar= y created at: %s" % json_summary_link_name)
=C2=A0}

=C2=A0addhandler cve_save_summary_handler
@@ -207,11 +208,12 @@ python cve_check_write_rootfs_manifest () {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0os.symlink(os= .path.basename(manifest_name), manifest_link)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0bb.plain("Image CVE re= port stored in: %s" % manifest_name)

-=C2=A0 =C2=A0 =C2=A0 =C2=A0 link_path =3D os.path.join(deploy_dir, "%= s.json" % link_name)
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 manifest_path =3D d.getVar("CVE_CHECK_MAN= IFEST_JSON")
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 bb.note("Generating JSON CVE manifest&quo= t;)
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 generate_json_report(json_summary_name, json_s= ummary_link_name)
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 bb.plain("Image CVE JSON report stored in= : %s" % link_path)
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 if d.getVar("CVE_CHECK_FORMAT_JSON")= =3D=3D "1":
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 link_path =3D os.path.join(deplo= y_dir, "%s.json" % link_name)
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 manifest_path =3D d.getVar("= ;CVE_CHECK_MANIFEST_JSON")
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 bb.note("Generating JSON CV= E manifest")
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 generate_json_report(d, manifest= _path, link_path)
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 bb.plain("Image CVE JSON re= port stored in: %s" % link_path)
=C2=A0}

=C2=A0ROOTFS_POSTPROCESS_COMMAND:prepend =3D "${@'cve_check_write_= rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') =3D= =3D '1' else ''}"
--
2.33.0


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Links: You receive all messages sent to this group.
View/Reply Online (#165707): https:= //lists.openembedded.org/g/openembedded-core/message/165707
Mute This Topic: https://lists.openembedded.org/mt= /91158052/4947266
Group Owner: openembedded-core+owner@lists.openembedded.org<= br> Unsubscribe: https://lists.openembedded.org/= g/openembedded-core/unsub [ernstp@gmail.com]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-

--00000000000044c6a205df30787a--