Re: [yocto] [meta-security][PATCH 1/2] oe-selftest: add running cve checker
Chen, On 6/14/19 1:13 AM, ChenQi wrote: > Hi Armin, > > I just noticed this selftest case. > Have you considered putting it into oe-core? Yes I have. That was the first place I wanted to put it but Richard and Ross have reservations about doing that so it sits in meta-security until we can get it into core. Regards, armin > > Best Regards, > Chen Qi > > On 05/10/2019 11:09 AM, Armin Kuster wrote: >> Signed-off-by: Armin Kuster >> --- >> lib/oeqa/selftest/cases/cvechecker.py | 27 +++ >> 1 file changed, 27 insertions(+) >> create mode 100644 lib/oeqa/selftest/cases/cvechecker.py >> >> diff --git a/lib/oeqa/selftest/cases/cvechecker.py >> b/lib/oeqa/selftest/cases/cvechecker.py >> new file mode 100644 >> index 000..23ca7d2 >> --- /dev/null >> +++ b/lib/oeqa/selftest/cases/cvechecker.py >> @@ -0,0 +1,27 @@ >> +import os >> +import re >> + >> +from oeqa.selftest.case import OESelftestTestCase >> +from oeqa.utils.commands import bitbake, get_bb_var >> + >> +class CveCheckerTests(OESelftestTestCase): >> + def test_cve_checker(self): >> + image = "core-image-sato" >> + >> + deploy_dir = get_bb_var("DEPLOY_DIR_IMAGE") >> + image_link_name = get_bb_var('IMAGE_LINK_NAME', image) >> + >> + manifest_link = os.path.join(deploy_dir, "%s.cve" % >> image_link_name) >> + >> + self.logger.info('CVE_CHECK_MANIFEST = "%s"' % manifest_link) >> + if (not 'cve-check' in get_bb_var('INHERIT')): >> + add_cve_check_config = 'INHERIT += "cve-check"' >> + self.append_config(add_cve_check_config) >> + self.append_config('CVE_CHECK_MANIFEST = "%s"' % manifest_link) >> + result = bitbake("-k -c cve_check %s" % image, >> ignore_status=True) >> + if (not 'cve-check' in get_bb_var('INHERIT')): >> + self.remove_config(add_cve_check_config) >> + >> + isfile = os.path.isfile(manifest_link) >> + self.assertEqual(True, isfile, 'Failed to create cve data >> file : %s' % manifest_link) >> + > > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-security][PATCH 1/2] oe-selftest: add running cve checker
Hi Armin, I just noticed this selftest case. Have you considered putting it into oe-core? Best Regards, Chen Qi On 05/10/2019 11:09 AM, Armin Kuster wrote: Signed-off-by: Armin Kuster --- lib/oeqa/selftest/cases/cvechecker.py | 27 +++ 1 file changed, 27 insertions(+) create mode 100644 lib/oeqa/selftest/cases/cvechecker.py diff --git a/lib/oeqa/selftest/cases/cvechecker.py b/lib/oeqa/selftest/cases/cvechecker.py new file mode 100644 index 000..23ca7d2 --- /dev/null +++ b/lib/oeqa/selftest/cases/cvechecker.py @@ -0,0 +1,27 @@ +import os +import re + +from oeqa.selftest.case import OESelftestTestCase +from oeqa.utils.commands import bitbake, get_bb_var + +class CveCheckerTests(OESelftestTestCase): +def test_cve_checker(self): +image = "core-image-sato" + +deploy_dir = get_bb_var("DEPLOY_DIR_IMAGE") +image_link_name = get_bb_var('IMAGE_LINK_NAME', image) + +manifest_link = os.path.join(deploy_dir, "%s.cve" % image_link_name) + +self.logger.info('CVE_CHECK_MANIFEST = "%s"' % manifest_link) +if (not 'cve-check' in get_bb_var('INHERIT')): +add_cve_check_config = 'INHERIT += "cve-check"' +self.append_config(add_cve_check_config) +self.append_config('CVE_CHECK_MANIFEST = "%s"' % manifest_link) +result = bitbake("-k -c cve_check %s" % image, ignore_status=True) +if (not 'cve-check' in get_bb_var('INHERIT')): +self.remove_config(add_cve_check_config) + +isfile = os.path.isfile(manifest_link) +self.assertEqual(True, isfile, 'Failed to create cve data file : %s' % manifest_link) + -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH 1/2] oe-selftest: add running cve checker
Signed-off-by: Armin Kuster --- lib/oeqa/selftest/cases/cvechecker.py | 27 +++ 1 file changed, 27 insertions(+) create mode 100644 lib/oeqa/selftest/cases/cvechecker.py diff --git a/lib/oeqa/selftest/cases/cvechecker.py b/lib/oeqa/selftest/cases/cvechecker.py new file mode 100644 index 000..23ca7d2 --- /dev/null +++ b/lib/oeqa/selftest/cases/cvechecker.py @@ -0,0 +1,27 @@ +import os +import re + +from oeqa.selftest.case import OESelftestTestCase +from oeqa.utils.commands import bitbake, get_bb_var + +class CveCheckerTests(OESelftestTestCase): +def test_cve_checker(self): +image = "core-image-sato" + +deploy_dir = get_bb_var("DEPLOY_DIR_IMAGE") +image_link_name = get_bb_var('IMAGE_LINK_NAME', image) + +manifest_link = os.path.join(deploy_dir, "%s.cve" % image_link_name) + +self.logger.info('CVE_CHECK_MANIFEST = "%s"' % manifest_link) +if (not 'cve-check' in get_bb_var('INHERIT')): +add_cve_check_config = 'INHERIT += "cve-check"' +self.append_config(add_cve_check_config) +self.append_config('CVE_CHECK_MANIFEST = "%s"' % manifest_link) +result = bitbake("-k -c cve_check %s" % image, ignore_status=True) +if (not 'cve-check' in get_bb_var('INHERIT')): +self.remove_config(add_cve_check_config) + +isfile = os.path.isfile(manifest_link) +self.assertEqual(True, isfile, 'Failed to create cve data file : %s' % manifest_link) + -- 2.17.1 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto