In the cve-check text mode output, we didn't write fragment files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1), or no unpached CVEs otherwise.
However, in a system after multiple builds, cve_check_write_rootfs_manifest might find older files and use them as current, what leads to incorrect reporting. Fix it by always writing a fragment file, even if empty. Signed-off-by: Marta Rybczynska <[email protected]> --- meta/classes/cve-check.bbclass | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c80a365819..0579d882db 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -440,23 +440,22 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) - if write_string: - with open(cve_file, "w") as f: - bb.note("Writing file %s with CVE information" % cve_file) - f.write(write_string) + with open(cve_file, "w") as f: + bb.note("Writing file %s with CVE information" % cve_file) + f.write(write_string) - if d.getVar("CVE_CHECK_COPY_FILES") == "1": - deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") - bb.utils.mkdirhier(os.path.dirname(deploy_file)) - with open(deploy_file, "w") as f: - f.write(write_string) + if d.getVar("CVE_CHECK_COPY_FILES") == "1": + deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") + bb.utils.mkdirhier(os.path.dirname(deploy_file)) + with open(deploy_file, "w") as f: + f.write(write_string) - if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": - cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") - bb.utils.mkdirhier(cvelogpath) + if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") + bb.utils.mkdirhier(cvelogpath) - with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: - f.write("%s" % write_string) + with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: + f.write("%s" % write_string) def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file): """ -- 2.33.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166517): https://lists.openembedded.org/g/openembedded-core/message/166517 Mute This Topic: https://lists.openembedded.org/mt/91519548/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
