Re: [yocto] [meta-security][PATCH 1/2] oe-selftest: add running cve checker
Chen,
On 6/14/19 1:13 AM, ChenQi wrote:
> Hi Armin,
>
> I just noticed this selftest case.
> Have you considered putting it into oe-core?
Yes I have. That was the first place I wanted to put it but Richard and
Ross have reservations about doing that so it sits in meta-security
until we can get it into core.
Regards,
armin
>
> Best Regards,
> Chen Qi
>
> On 05/10/2019 11:09 AM, Armin Kuster wrote:
>> Signed-off-by: Armin Kuster
>> ---
>> lib/oeqa/selftest/cases/cvechecker.py | 27 +++
>> 1 file changed, 27 insertions(+)
>> create mode 100644 lib/oeqa/selftest/cases/cvechecker.py
>>
>> diff --git a/lib/oeqa/selftest/cases/cvechecker.py
>> b/lib/oeqa/selftest/cases/cvechecker.py
>> new file mode 100644
>> index 000..23ca7d2
>> --- /dev/null
>> +++ b/lib/oeqa/selftest/cases/cvechecker.py
>> @@ -0,0 +1,27 @@
>> +import os
>> +import re
>> +
>> +from oeqa.selftest.case import OESelftestTestCase
>> +from oeqa.utils.commands import bitbake, get_bb_var
>> +
>> +class CveCheckerTests(OESelftestTestCase):
>> + def test_cve_checker(self):
>> + image = "core-image-sato"
>> +
>> + deploy_dir = get_bb_var("DEPLOY_DIR_IMAGE")
>> + image_link_name = get_bb_var('IMAGE_LINK_NAME', image)
>> +
>> + manifest_link = os.path.join(deploy_dir, "%s.cve" %
>> image_link_name)
>> +
>> + self.logger.info('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
>> + if (not 'cve-check' in get_bb_var('INHERIT')):
>> + add_cve_check_config = 'INHERIT += "cve-check"'
>> + self.append_config(add_cve_check_config)
>> + self.append_config('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
>> + result = bitbake("-k -c cve_check %s" % image,
>> ignore_status=True)
>> + if (not 'cve-check' in get_bb_var('INHERIT')):
>> + self.remove_config(add_cve_check_config)
>> +
>> + isfile = os.path.isfile(manifest_link)
>> + self.assertEqual(True, isfile, 'Failed to create cve data
>> file : %s' % manifest_link)
>> +
>
>
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-security][PATCH 1/2] oe-selftest: add running cve checker
Hi Armin,
I just noticed this selftest case.
Have you considered putting it into oe-core?
Best Regards,
Chen Qi
On 05/10/2019 11:09 AM, Armin Kuster wrote:
Signed-off-by: Armin Kuster
---
lib/oeqa/selftest/cases/cvechecker.py | 27 +++
1 file changed, 27 insertions(+)
create mode 100644 lib/oeqa/selftest/cases/cvechecker.py
diff --git a/lib/oeqa/selftest/cases/cvechecker.py
b/lib/oeqa/selftest/cases/cvechecker.py
new file mode 100644
index 000..23ca7d2
--- /dev/null
+++ b/lib/oeqa/selftest/cases/cvechecker.py
@@ -0,0 +1,27 @@
+import os
+import re
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake, get_bb_var
+
+class CveCheckerTests(OESelftestTestCase):
+def test_cve_checker(self):
+image = "core-image-sato"
+
+deploy_dir = get_bb_var("DEPLOY_DIR_IMAGE")
+image_link_name = get_bb_var('IMAGE_LINK_NAME', image)
+
+manifest_link = os.path.join(deploy_dir, "%s.cve" % image_link_name)
+
+self.logger.info('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
+if (not 'cve-check' in get_bb_var('INHERIT')):
+add_cve_check_config = 'INHERIT += "cve-check"'
+self.append_config(add_cve_check_config)
+self.append_config('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
+result = bitbake("-k -c cve_check %s" % image, ignore_status=True)
+if (not 'cve-check' in get_bb_var('INHERIT')):
+self.remove_config(add_cve_check_config)
+
+isfile = os.path.isfile(manifest_link)
+self.assertEqual(True, isfile, 'Failed to create cve data file : %s' %
manifest_link)
+
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH 1/2] oe-selftest: add running cve checker
Signed-off-by: Armin Kuster
---
lib/oeqa/selftest/cases/cvechecker.py | 27 +++
1 file changed, 27 insertions(+)
create mode 100644 lib/oeqa/selftest/cases/cvechecker.py
diff --git a/lib/oeqa/selftest/cases/cvechecker.py
b/lib/oeqa/selftest/cases/cvechecker.py
new file mode 100644
index 000..23ca7d2
--- /dev/null
+++ b/lib/oeqa/selftest/cases/cvechecker.py
@@ -0,0 +1,27 @@
+import os
+import re
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake, get_bb_var
+
+class CveCheckerTests(OESelftestTestCase):
+def test_cve_checker(self):
+image = "core-image-sato"
+
+deploy_dir = get_bb_var("DEPLOY_DIR_IMAGE")
+image_link_name = get_bb_var('IMAGE_LINK_NAME', image)
+
+manifest_link = os.path.join(deploy_dir, "%s.cve" % image_link_name)
+
+self.logger.info('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
+if (not 'cve-check' in get_bb_var('INHERIT')):
+add_cve_check_config = 'INHERIT += "cve-check"'
+self.append_config(add_cve_check_config)
+self.append_config('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
+result = bitbake("-k -c cve_check %s" % image, ignore_status=True)
+if (not 'cve-check' in get_bb_var('INHERIT')):
+self.remove_config(add_cve_check_config)
+
+isfile = os.path.isfile(manifest_link)
+self.assertEqual(True, isfile, 'Failed to create cve data file : %s' %
manifest_link)
+
--
2.17.1
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
