Den fre 3 juni 2022 kl 14:17 skrev Marta Rybczynska <[email protected]>:
> In the cve-check text mode output, we didn't write fragment > files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1), > or no unpached CVEs otherwise. > > However, in a system after multiple builds, > cve_check_write_rootfs_manifest might find older files and use > them as current, what leads to incorrect reporting. > > Fix it by always writing a fragment file, even if empty. > > Signed-off-by: Marta Rybczynska <[email protected]> > --- > meta/classes/cve-check.bbclass | 27 +++++++++++++-------------- > 1 file changed, 13 insertions(+), 14 deletions(-) > > diff --git a/meta/classes/cve-check.bbclass > b/meta/classes/cve-check.bbclass > index c80a365819..0579d882db 100644 > --- a/meta/classes/cve-check.bbclass > +++ b/meta/classes/cve-check.bbclass > @@ -440,23 +440,22 @@ def cve_write_data_text(d, patched, unpatched, > ignored, cve_data): > if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": > bb.warn("Found unpatched CVE (%s), for more information check %s" > % (" ".join(unpatched_cves),cve_file)) > > - if write_string: > - with open(cve_file, "w") as f: > - bb.note("Writing file %s with CVE information" % cve_file) > - f.write(write_string) > + with open(cve_file, "w") as f: > + bb.note("Writing file %s with CVE information" % cve_file) > This note feels quite redundant now. > + f.write(write_string) > > - if d.getVar("CVE_CHECK_COPY_FILES") == "1": > - deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") > - bb.utils.mkdirhier(os.path.dirname(deploy_file)) > - with open(deploy_file, "w") as f: > - f.write(write_string) > + if d.getVar("CVE_CHECK_COPY_FILES") == "1": > + deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") > + bb.utils.mkdirhier(os.path.dirname(deploy_file)) > + with open(deploy_file, "w") as f: > + f.write(write_string) > > - if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": > - cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") > - bb.utils.mkdirhier(cvelogpath) > + if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": > + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") > + bb.utils.mkdirhier(cvelogpath) > > - with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: > - f.write("%s" % write_string) > + with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: > + f.write("%s" % write_string) > > def cve_check_write_json_output(d, output, direct_file, deploy_file, > manifest_file): > """ > -- > 2.33.0 > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166546): https://lists.openembedded.org/g/openembedded-core/message/166546 Mute This Topic: https://lists.openembedded.org/mt/91519548/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
