From: akuster <[email protected]> The cve-check file should be saved always, it has good info.
Put a copy in the log dir as cve-summary with symlinks to latest run. [Yocto #13974] Signed-off-by: Armin Kuster <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 859849c7b594d844819ad8c3f7d8325388d94b93) Signed-off-by: Steve Sakoman <[email protected]> --- meta/classes/cve-check.bbclass | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 514897e8b8..0889e7544a 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" CVE_CHECK_LOG ?= "${T}/cve.log" CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" +CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve" +CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary" +CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}" CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" @@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= "" # CVE_CHECK_WHITELIST ?= "" +python cve_save_summary_handler () { + import shutil + import datetime + + cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") + + cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME") + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") + bb.utils.mkdirhier(cvelogpath) + + timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S') + cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp)) + + shutil.copyfile(cve_tmp_file, cve_summary_file) + + if cve_summary_file and os.path.exists(cve_summary_file): + cvefile_link = os.path.join(cvelogpath, cve_summary_name) + + if os.path.exists(os.path.realpath(cvefile_link)): + os.remove(cvefile_link) + os.symlink(os.path.basename(cve_summary_file), cvefile_link) +} + +addhandler cve_save_summary_handler +cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted" + python do_cve_check () { """ Check recipe for patched and unpatched CVEs @@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): f.write(write_string) if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") + bb.utils.mkdirhier(cvelogpath) + with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: f.write("%s" % write_string) -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142526): https://lists.openembedded.org/g/openembedded-core/message/142526 Mute This Topic: https://lists.openembedded.org/mt/76843059/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
