Re: [OE-core][PATCH v3 1/2] cve-check: add json format

Mon, 27 Jun 2022 00:02:11 -0700 


On 21/06/2022 15.06, Marta Rybczynska wrote:




On Tue, Jun 21, 2022 at 12:45 PM Sean Nyekjaer <[email protected] 
<mailto:[email protected]>> wrote:




    On 29/03/2022 14.54, Marta Rybczynska wrote:
     > Add an option to output the CVE check in a JSON-based format.
     > This format is easier to parse in software than the original
     > text-based one and allows post-processing by other tools.
     >
     > Output formats are now handed by CVE_CHECK_FORMAT_TEXT and
     > CVE_CHECK_FORMAT_JSON. Both of them are enabled by default.
     >
     > The JSON output format gets generated in a similar way to the
     > text format with the exception of the manifest: appending to
     > JSON arrays requires parsing the file. Because of that we
     > first write JSON fragments and then assemble them in one pass
     > at the end.
     >
     > Signed-off-by: Marta Rybczynska <[email protected]
    <mailto:[email protected]>>
     >
     > ---

    Hi Marta,

    When upgrading from honister to kirkstone, this patch was included.

    We have INHERIT += "cve" in our distro conf.
    When doing a build from scratch it works fine with the cve json output,
    but when doing an incremental build it will throw:
             bb.error("Error adding the same package twice")

    I have tried modifying that line to:
             bb.error("Error adding the same package twice. Offending
    package: %s" %
    product["name"])

    It looks like it tries to add all packages again...

    I have just disabled json output for now.
    CVE_CHECK_FORMAT_JSON = "0"


Dear Sean,

Thank you for the report. Could you please describe your configuration a 
little bit, especially, which layers do you use? Do you do an image 
build or a world build, or maybe a multiple image build?


I'm trying to imagine what is happening in your case, will try to reproduce.

Kind regards,
Marta


Hi Marta,

We are using:
meta-clang
meta-intel
meta-openembedded
meta-rauc
meta-security
meta-virtualization
poky

We are building an image :)


I can try to see if I can reproduce with a core-minimal-image, but it 
will have to wait until after summer...


/Sean

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167313): 
https://lists.openembedded.org/g/openembedded-core/message/167313
Mute This Topic: https://lists.openembedded.org/mt/90107274/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-























					Reply via email to