From: Daniel Turull <[email protected]> Adding option to be able to import debugsources.zstd directly. The linux-yocto-debugsources.zstd is generated in every build and does not require any additional configuration.
In contrast, SPDX_INCLUDE_COMPILED_SOURCES needs to be explicitly added and increases build time. Signed-off-by: Daniel Turull <[email protected]> Signed-off-by: Mathieu Dubois-Briand <[email protected]> (cherry picked from commit c84a8958f30bbb982656ddcbe7476f6f81e1a6fb) Signed-off-by: Himanshu Jadon <[email protected]> --- scripts/contrib/improve_kernel_cve_report.py | 27 ++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/scripts/contrib/improve_kernel_cve_report.py b/scripts/contrib/improve_kernel_cve_report.py index 5c39df05a5..3a15b1ed26 100755 --- a/scripts/contrib/improve_kernel_cve_report.py +++ b/scripts/contrib/improve_kernel_cve_report.py @@ -236,6 +236,26 @@ def read_spdx3(spdx): cfiles.add(filename) return cfiles +def read_debugsources(file_path): + ''' + Read zstd file from pkgdata to extract sources + ''' + import zstandard as zstd + import itertools + # Decompress the .zst file + cfiles = set() + with open(file_path, 'rb') as fh: + dctx = zstd.ZstdDecompressor() + with dctx.stream_reader(fh) as reader: + decompressed_bytes = reader.read() + json_data = json.loads(decompressed_bytes) + # We need to remove one level from the debug sources + for source_list in json_data.values(): + for source in source_list: + src = source.split("/",1)[1] + cfiles.add(src) + return cfiles + def check_kernel_compiled_files(compiled_files, cve_info): """ Return if a CVE affected us depending on compiled files @@ -372,6 +392,10 @@ def main(): "--spdx", help="SPDX2/3 for the kernel. Needs to include compiled sources", ) + parser.add_argument( + "--debug-sources-file", + help="Debug sources zstd file generated from Yocto", + ) parser.add_argument( "--datadir", type=pathlib.Path, @@ -415,6 +439,9 @@ def main(): if args.spdx: compiled_files = read_spdx(args.spdx) logging.info("Total compiled files %d", len(compiled_files)) + if args.debug_sources_file: + compiled_files = read_debugsources(args.debug_sources_file) + logging.info("Total compiled files %d", len(compiled_files)) if args.old_cve_report: with open(args.old_cve_report, encoding='ISO-8859-1') as f: -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232693): https://lists.openembedded.org/g/openembedded-core/message/232693 Mute This Topic: https://lists.openembedded.org/mt/118218212/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
