Hi Davide,
This patch needs to be sent first for the master branch and backported
for kirkstone only after that.
Jose
Davide Gardenal <davidegarde2...@gmail.com> escreveu no dia segunda,
2/05/2022 à(s) 08:43:
> Create generate_json_report including all the code used to generate the
> JSON
> manifest file.
> Add to cve_save_summary_handler the ability to create the summary in JSON
> format.
>
> Signed-off-by: Davide Gardenal <davide.garde...@huawei.com>
> ---
> meta/classes/cve-check.bbclass | 50 +++++++++++++-------
> 1 file changed, 32 insertions(+), 18 deletions(-)
>
> diff --git a/meta/classes/cve-check.bbclass
> b/meta/classes/cve-check.bbclass
> index 78516d0..64875d7 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -79,6 +79,29 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
> # set to "alphabetical" for version using single alphabetical character
> as increment release
> CVE_VERSION_SUFFIX ??= ""
>
> +def generate_json_report(out_path, link_path):
> + if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
> + import json
> + from oe.cve_check import cve_check_merge_jsons
> +
> + bb.note("Generating JSON CVE summary")
> + index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
> + summary = {"version":"1", "package": []}
> + with open(index_file) as f:
> + filename = f.readline()
> + while filename:
> + with open(filename.rstrip()) as j:
> + data = json.load(j)
> + cve_check_merge_jsons(summary, data)
> + filename = f.readline()
> +
> + with open(out_path, "w") as f:
> + json.dump(summary, f, indent=2)
> +
> + if os.path.exists(os.path.realpath(link_path)):
> + os.remove(link_path)
> + os.symlink(os.path.basename(out_path), link_path)
> +
> python cve_save_summary_handler () {
> import shutil
> import datetime
> @@ -101,6 +124,11 @@ python cve_save_summary_handler () {
> if os.path.exists(os.path.realpath(cvefile_link)):
> os.remove(cvefile_link)
> os.symlink(os.path.basename(cve_summary_file), cvefile_link)
> +
> + json_summary_link_name = os.path.join(cvelogpath,
> d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
> + json_summary_name = os.path.join(cvelogpath, "%s-%s.json" %
> (cve_summary_name, timestamp))
> + generate_json_report(json_summary_name, json_summary_link_name)
> + bb.plain("CVE report summary created at: %s" %
> json_summary_link_name)
> }
>
> addhandler cve_save_summary_handler
> @@ -175,25 +203,11 @@ python cve_check_write_rootfs_manifest () {
> os.symlink(os.path.basename(manifest_name), manifest_link)
> bb.plain("Image CVE report stored in: %s" % manifest_name)
>
> - if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
> - import json
> + link_path = os.path.join(deploy_dir, "%s.json" % link_name)
> + manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
> bb.note("Generating JSON CVE manifest")
> - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
> - link_name = d.getVar("IMAGE_LINK_NAME")
> - manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
> - index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
> - manifest = {"version":"1", "package": []}
> - with open(index_file) as f:
> - filename = f.readline()
> - while filename:
> - with open(filename.rstrip()) as j:
> - data = json.load(j)
> - cve_check_merge_jsons(manifest, data)
> - filename = f.readline()
> -
> - with open(manifest_name, "w") as f:
> - json.dump(manifest, f, indent=2)
> - bb.plain("Image CVE report stored in: %s" % manifest_name)
> + generate_json_report(json_summary_name, json_summary_link_name)
> + bb.plain("Image CVE JSON report stored in: %s" % link_path)
> }
>
> ROOTFS_POSTPROCESS_COMMAND:prepend =
> "${@'cve_check_write_rootfs_manifest; ' if
> d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
> --
> 2.32.0
>
>
>
>
>
--
Best regards,
José Quaresma
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165162):
https://lists.openembedded.org/g/openembedded-core/message/165162
Mute This Topic: https://lists.openembedded.org/mt/90830880/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
