On 29/03/2022 14.54, Marta Rybczynska wrote:
Add an option to output the CVE check in a JSON-based format.
This format is easier to parse in software than the original
text-based one and allows post-processing by other tools.
Output formats are now handed by CVE_CHECK_FORMAT_TEXT and
CVE_CHECK_FORMAT_JSON. Both of them are enabled by default.
The JSON output format gets generated in a similar way to the
text format with the exception of the manifest: appending to
JSON arrays requires parsing the file. Because of that we
first write JSON fragments and then assemble them in one pass
at the end.
Signed-off-by: Marta Rybczynska <[email protected]>
---
Hi Marta,
When upgrading from honister to kirkstone, this patch was included.
We have INHERIT += "cve" in our distro conf.
When doing a build from scratch it works fine with the cve json output,
but when doing an incremental build it will throw:
bb.error("Error adding the same package twice")
I have tried modifying that line to:
bb.error("Error adding the same package twice. Offending package: %s" %
product["name"])
It looks like it tries to add all packages again...
I have just disabled json output for now.
CVE_CHECK_FORMAT_JSON = "0"
Br,
/Sean
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167144):
https://lists.openembedded.org/g/openembedded-core/message/167144
Mute This Topic: https://lists.openembedded.org/mt/90107274/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
