On 7/12/20 3:38 PM, akuster via lists.openembedded.org wrote: > The cve-check file should be saved always, it has good info. > > Put a copy in the log dir as cve-summary with symlinks to latest run. > > [Yocto #13974]
ping. Any issues with this? Did I miss a response to this? -armin > Signed-off-by: Armin Kuster <[email protected]> > --- > meta/classes/cve-check.bbclass | 32 ++++++++++++++++++++++++++++++++ > 1 file changed, 32 insertions(+) > > diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass > index 514897e8b8..0889e7544a 100644 > --- a/meta/classes/cve-check.bbclass > +++ b/meta/classes/cve-check.bbclass > @@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" > > CVE_CHECK_LOG ?= "${T}/cve.log" > CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" > +CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve" > +CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary" > +CVE_CHECK_SUMMARY_FILE ?= > "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}" > > CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" > CVE_CHECK_MANIFEST ?= > "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" > @@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= "" > # > CVE_CHECK_WHITELIST ?= "" > > +python cve_save_summary_handler () { > + import shutil > + import datetime > + > + cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") > + > + cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME") > + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") > + bb.utils.mkdirhier(cvelogpath) > + > + timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S') > + cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % > (cve_summary_name, timestamp)) > + > + shutil.copyfile(cve_tmp_file, cve_summary_file) > + > + if cve_summary_file and os.path.exists(cve_summary_file): > + cvefile_link = os.path.join(cvelogpath, cve_summary_name) > + > + if os.path.exists(os.path.realpath(cvefile_link)): > + os.remove(cvefile_link) > + os.symlink(os.path.basename(cve_summary_file), cvefile_link) > +} > + > +addhandler cve_save_summary_handler > +cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted" > + > python do_cve_check () { > """ > Check recipe for patched and unpatched CVEs > @@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, > cve_data): > f.write(write_string) > > if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": > + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") > + bb.utils.mkdirhier(cvelogpath) > + > with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: > f.write("%s" % write_string) > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#140721): https://lists.openembedded.org/g/openembedded-core/message/140721 Mute This Topic: https://lists.openembedded.org/mt/75466539/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
