Re: [OE-core] [PATCH] create-spdx: Add check for variable contents along with quotes

2023-02-16 Thread Saul Wold 



On 2/16/23 07:25, Joshua Watt wrote:

On Wed, Feb 15, 2023 at 6:31 PM Saul Wold  wrote:


This adds a check to ensure we that if a variable is
empty it gets an empty string, this also adds quotes
to indicate the variable contents.

   "comment": "CUSTOM_SPECIAL=''"
or
   "comment": "CUSTOM_SPECIAL= 'variable contents'"

Signed-off-by: Saul Wold 
---
  meta/classes/create-spdx-2.2.bbclass | 5 -
  1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/classes/create-spdx-2.2.bbclass 
b/meta/classes/create-spdx-2.2.bbclass
index 28a42e009f6..8b18ada40a4 100644
--- a/meta/classes/create-spdx-2.2.bbclass
+++ b/meta/classes/create-spdx-2.2.bbclass
@@ -484,7 +484,10 @@ python do_create_spdx() {

  if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"):
  for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split():
-recipe.annotations.append(create_annotation(d, var + "=" + 
d.getVar(var)))
+if d.getVar(var):
+recipe.annotations.append(create_annotation(d, var + "= '" + 
d.getVar(var) + "'"))


Why the extra space after the = ?


Right, probably should remove that.


Does the variable need some escaping in case it already has a single
quote in it?

Was thinking about consistency with the empty case below, but I guess we 
need to think not just of a "stray" single quote in the string, but also 
a stray double quote (").


I guess we can just remove the single quotes completely for both cases.

Sau!



+else:
+recipe.annotations.append(create_annotation(d, var + "=''"))

  # Some CVEs may be patched during the build process without incrementing 
the version number,
  # so querying for CVEs based on the CPE id can lead to false positives. 
To account for this,
--
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177295): 
https://lists.openembedded.org/g/openembedded-core/message/177295
Mute This Topic: https://lists.openembedded.org/mt/96996669/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] create-spdx: Add check for variable contents along with quotes

2023-02-16 Thread Joshua Watt 
On Wed, Feb 15, 2023 at 6:31 PM Saul Wold  wrote:
>
> This adds a check to ensure we that if a variable is
> empty it gets an empty string, this also adds quotes
> to indicate the variable contents.
>
>   "comment": "CUSTOM_SPECIAL=''"
> or
>   "comment": "CUSTOM_SPECIAL= 'variable contents'"
>
> Signed-off-by: Saul Wold 
> ---
>  meta/classes/create-spdx-2.2.bbclass | 5 -
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/meta/classes/create-spdx-2.2.bbclass 
> b/meta/classes/create-spdx-2.2.bbclass
> index 28a42e009f6..8b18ada40a4 100644
> --- a/meta/classes/create-spdx-2.2.bbclass
> +++ b/meta/classes/create-spdx-2.2.bbclass
> @@ -484,7 +484,10 @@ python do_create_spdx() {
>
>  if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"):
>  for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split():
> -recipe.annotations.append(create_annotation(d, var + "=" + 
> d.getVar(var)))
> +if d.getVar(var):
> +recipe.annotations.append(create_annotation(d, var + "= '" + 
> d.getVar(var) + "'"))

Why the extra space after the = ?

Does the variable need some escaping in case it already has a single
quote in it?

> +else:
> +recipe.annotations.append(create_annotation(d, var + "=''"))
>
>  # Some CVEs may be patched during the build process without incrementing 
> the version number,
>  # so querying for CVEs based on the CPE id can lead to false positives. 
> To account for this,
> --
> 2.25.1
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177294): 
https://lists.openembedded.org/g/openembedded-core/message/177294
Mute This Topic: https://lists.openembedded.org/mt/96996669/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] create-spdx: Add check for variable contents along with quotes

2023-02-15 Thread Saul Wold 
This adds a check to ensure we that if a variable is
empty it gets an empty string, this also adds quotes
to indicate the variable contents.

  "comment": "CUSTOM_SPECIAL=''"
or
  "comment": "CUSTOM_SPECIAL= 'variable contents'"

Signed-off-by: Saul Wold 
---
 meta/classes/create-spdx-2.2.bbclass | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/classes/create-spdx-2.2.bbclass 
b/meta/classes/create-spdx-2.2.bbclass
index 28a42e009f6..8b18ada40a4 100644
--- a/meta/classes/create-spdx-2.2.bbclass
+++ b/meta/classes/create-spdx-2.2.bbclass
@@ -484,7 +484,10 @@ python do_create_spdx() {
 
 if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"):
 for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split():
-recipe.annotations.append(create_annotation(d, var + "=" + 
d.getVar(var)))
+if d.getVar(var):
+recipe.annotations.append(create_annotation(d, var + "= '" + 
d.getVar(var) + "'"))
+else:
+recipe.annotations.append(create_annotation(d, var + "=''"))
 
 # Some CVEs may be patched during the build process without incrementing 
the version number,
 # so querying for CVEs based on the CPE id can lead to false positives. To 
account for this,
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177224): 
https://lists.openembedded.org/g/openembedded-core/message/177224
Mute This Topic: https://lists.openembedded.org/mt/96996669/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-