subtree updates
meta-openembedded: a9e6d16e66..11df15765c:
Adrian Fiergolski (1):
python3-matplotlib: add missing dependency
Adrian Freihofer (6):
conntrack-tools: fix postinst script
networkmanager: improve dependency handling
networkmanager: simplify selective installation
networkmanager: use nftables by default
networkmanager: udpate to 1.38.0
modemmanager: update to 1.18.8
Armin Kuster (2):
mariadb: update to 10.7.4
mariadb: Fix i386 Clang builds
Bartosz Golaszewski (2):
python3-uinput: new package
python3-speedtest-cli: fix RDEPENDS
Changqing Li (1):
redis: upgrade 7.0-rc3 -> 7.0.0
Denys Dmytriyenko (1):
devmem2: the source and patches moved to github repo
Enrico Scholz (1):
nodejs-oe-cache-native: initial checkin
Jiaqing Zhao (1):
openldap: Remove unnecessary use-urandom.patch
Kai Kang (2):
libportal: add distro features check
graphviz: rrecommends on liberation-fonts
Khem Raj (5):
ubi-utils-klibc: Disable lzo compression by default
unattended-upgrades: Disable auto-detecting modules
sdbus-c++: Link with libatomic for rv32
sdbus-c++-libsystemd: Fix patch fuzz
python3-uinput: Fix build on 32bit arches using 64bit times_t
Luca Boccassi (1):
dbus-broker: update 29 -> 31
Marcel Ziswiler (1):
libavtp: add recipe for audio video transport protocol (avtp)
Markus Volk (6):
jack: allow to build native/nativesdk
pipewire: reduce native/nativesdk dependencies; add backport patch
p8platform: unbreak do_populate_sdk
pavucontrol: update; fix build for wayland only
gnome-disk-utility: fix build for wayland only
unblock some recipes for wayland
Martin Jansa (1):
mm-common: package the files from ${PN} in ${PN}-dev and use allarch
Ming Liu (1):
bluealsa: uprev to 4.0.0
Nikhil R (1):
duktape: Add ptest
Peter Marko (1):
libgpiod: move test dependencies to ptest package
Ross Burton (8):
python3-cppy: fix inherits and DEPENDS
python3-setuptools-scm-git-archive: add new recipe
python3-traitlets: upgrade to 5.2.1
python3-pathspec: add new recipe
python3-hatchling: add new recipe and build class
python3-editables: add new recipe
python3-setuptools-declarative-requirements: add new recipe
lzop: add (from oe-core)
Samuli Piippo (2):
flite: add recipe
libtomcrypt: add recipe
Thomas Perrot (1):
nbd: update 3.20 -> 3.24
Vyacheslav Yurkov (4):
packagegroup-meta-filesystems: fix build issue
overlayfs-progs: add new recipe
overlayfs-tools: add new recipe
xfstests: add new recipe
Wang Mingyu (38):
babeld: upgrade 1.12 -> 1.12.1
ctags: upgrade 5.9.20220508.0 -> 5.9.20220515.0
libbpf: upgrade 0.7.0 -> 0.8.0
evtest: upgrade 1.34 -> 1.35
nbdkit: upgrade 1.31.5 -> 1.31.7
smarty: upgrade 4.1.0 -> 4.1.1
thingsboard-gateway: upgrade 2.9 -> 3.1
opencl-headers: upgrade 2022.01.04 -> 2022.05.18
python3-robotframework: upgrade 5.0 -> 5.0.1
python3-watchdog: upgrade 2.1.7 -> 2.1.8
python3-web3: upgrade 5.29.0 -> 5.29.1
python3-xmlschema: upgrade 1.10.0 -> 1.11.0
python3-sqlalchemy: upgrade 1.4.35 -> 1.4.36
python3-yappi: upgrade 1.3.3 -> 1.3.5
apitrace: upgrade 11.0 -> 11.1
ctags: upgrade 5.9.20220515.0 -> 5.9.20220529.0
gedit: upgrade 42.0 -> 42.1
hidapi: upgrade 0.11.2 -> 0.12.0
libbytesize: upgrade 2.6 -> 2.7
libdvdread: upgrade 6.1.2 -> 6.1.3
links: upgrade 2.26 -> 2.27
libxmlb: upgrade 0.3.8 -> 0.3.9
ser2net: upgrade 4.3.5 -> 4.3.6
python3-awesomeversion: upgrade 22.5.1 -> 22.5.2
htop: upgrade 3.2.0 -> 3.2.1
hwdata: upgrade 0.359 -> 0.360
libnet-dns-perl: upgrade 1.33 -> 1.34
tinyproxy: upgrade 1.11.0 -> 1.11.1
function2: upgrade 4.2.0 -> 4.2.1
openvpn: upgrade 2.5.6 -> 2.5.7
poppler: upgrade 22.05.0 -> 22.06.0
sshfs-fuse: upgrade 3.7.2 -> 3.7.3
tgt: upgrade 1.0.82 -> 1.0.83
tracker: upgrade 3.3.0 -> 3.3.1
unbound: upgrade 1.15.0 -> 1.16.0
zabbix: upgrade 6.0.4 -> 6.0.5
botan: upgrade 2.19.1 -> 2.19.2
evolution-data-server: upgrade 3.44.1 -> 3.44.2
Wolfgang Meyer (1):
fbida: remove bash from RDEPENDS
Xu Huan (17):
python3-pint: upgrade 0.19.1 -> 0.19.2
python3-pylint: upgrade 2.13.7 -> 2.13.9
python3-redis: upgrade 4.2.2 -> 4.3.1
python3-werkzeug: upgrade 2.1.1 -> 2.1.2
python3-zeroconf: upgrade 0.38.4 -> 0.38.6
python3-sentry-sdk: upgrade 1.5.10 -> 1.5.12
python3-astroid: upgrade 2.11.3 -> 2.11.5
python3-cachetools: upgrade 5.0.0 -> 5.1.0
python3-imageio: upgrade 2.19.1 -> 2.19.2
python3-asyncinotify: upgrade 2.0.2 -> 2.0.3
python3-croniter: upgrade 1.3.4 -> 1.3.5
python3-google-api-core: upgrade 2.7.3 -> 2.8.0
python3-flask-socketio: upgrade 5.1.2 -> 5.2.0
python3-h5py: upgrade 3.6.0 -> 3.7.0
python3-lz4: upgrade 4.0.0 -> 4.0.1
python3-mypy: upgrade 0.950 -> 0.960
python3-pyscaffold: upgrade 4.2.1 -> 4.2.2
zhengrq.fnst (10):
python3-google-api-python-client: upgrade 2.45.0 -> 2.48.0
python3-grpcio-tools: upgrade 1.46.0 -> 1.46.3
python3-openpyxl: upgrade 3.0.9 -> 3.0.10
python3-paramiko: upgrade 2.10.4 -> 2.11.0
python3-humanize: upgrade 4.0.0 -> 4.1.0
python3-pychromecast: upgrade 12.1.1 -> 12.1.2
python3-cachetools: upgrade 5.1.0 -> 5.2.0
python3-google-api-python-client: upgrade 2.48.0 -> 2.49.0
python3-googleapis-common-protos: upgrade 1.56.1 -> 1.56.2
python3-imageio: upgrade 2.19.2 -> 2.19.3
zhengruoqin (6):
python3-bitarray: upgrade 2.5.0 -> 2.5.1
python3-eventlet: upgrade 0.33.0 -> 0.33.1
python3-googleapis-common-protos: upgrade 1.56.0 -> 1.56.1
python3-imageio: upgrade 2.18.0 -> 2.19.1
python3-pyjwt: upgrade 2.3.0 -> 2.4.0
python3-wrapt: upgrade 1.14.0 -> 1.14.1
poky: 13d70e57f8..ee0d001b81:
Alex Stewart (1):
opkg: upgrade to version 0.6.0
Alexander Kanavin (23):
bash: submit patch upstream
valgrind: submit arm patches upstream
apt: fix upstream version check
zip/unzip: mark all submittable patches as Inactive-Upstream
less: mark upstream version as unknown
wayland: exclude pre-releases from version check
mesa-demos: update 8.4.0 -> 8.5.0
seatd: update 0.6.4 -> 0.7.0
systemd: update 250.5 -> 251.2
btrfs-tools: update 5.16.2 -> 5.18
llvm: update 14.0.3 -> 14.0.4
python3-psutil: update 5.9.0 -> 5.9.1
tiff: update 4.3.0 -> 4.4.0
pulseaudio: update 15.0 -> 16.0
alsa-utils-scripts: merge into alsa-utils
alsa-utils: update 1.2.6 -> 1.2.7
ovmf: update 202202 -> 202205
cmake: update 3.23.1 -> 3.23.2
ltp: upgrade 20220121 -> 20220527
perl: update 5.34.1 -> 5.36.0
perl: drop perltoc regeneration
perl: clean prior to build
perl: enable _GNU_SOURCE define via d_gnulibc
Bruce Ashfield (7):
linux-yocto/5.15: bpf: explicitly disable unpriv eBPF by default
linux-yocto/5.15: update to v5.15.43
linux-yocto/5.10: update to v5.10.118
linux-yocto/5.15: Enable MDIO bus config
linux-yocto/5.15: cfg/xen: Move x86 configs to separate file
linux-yocto/5.15: update to v5.15.44
linux-yocto/5.10: update to v5.10.119
Chen Qi (1):
libsdl2: add back xvm and xinerama options
Daiane Angolini (1):
python3-pip: Fix RDEPENDS after the update
Davide Gardenal (2):
efivar: add musl libc compatibility
baremetal-image: fix broken symlink in do_rootfs
Dmitry Baryshkov (2):
go.bbclass: fix path to linker in native Go builds
linux-firmware: add support for building snapshots
Ernst Sjöstrand (2):
cve-check: Add helper for symlink handling
cve-check: Only include installed packages for rootfs manifest
He Zhe (1):
lttng-modules: Fix build failure for 5.10.119+ and 5.15.44+ kernel
Jack Mitchell (1):
meson.bbclass: add cython binary to cross/native toolchain config
Jeremy Puhlman (1):
gcc: depend on zstd-native
Jiaqing Zhao (1):
systemd: Correct 0001-pass-correct-parameters-to-getdents64.patch
Joerg Vehlow (1):
libseccomp: Add missing files for ptests
Jose Quaresma (1):
archiver: use bb.note instead of echo
Kai Kang (1):
xxhash: fix build with gcc 12
Marcel Ziswiler (2):
alsa-plugins: fix libavtp vs. avtp packageconfig
gstreamer1.0-plugins-bad: add libavtp packageconfig
Markus Volk (1):
gcr: build with gtk+3 for wayland
Marta Rybczynska (4):
cve-check: move update_symlinks to a library
cve-check: write empty fragment files in the text mode
cve-check: fix return type in check_cves
cve-update-db-native: make it possible to disable database updates
Martin Jansa (9):
makedevs: Don't use COPYING.patch just to add license file into ${S}
insane.bbclass: make sure to close .patch files
staging.bbclass: process direct dependencies in deterministic order
patch.py: make sure that patches/series file exists before quilt pop
lttng-modules: fix shell syntax
buildhistory.bbclass: fix shell syntax when using dash
rootfs.py: close kernel_abi_ver_file
ltp: use bfd even when gold is used with ld-is-gold
systemd: Fix build without utmp
Michael Opdenacker (1):
migration guides: release notes for 4.0.1
Mikko Rapeli (1):
bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit
Ming Liu (1):
udev-extraconf: let automount base directory configurable
Mingli Yu (4):
perl: Fix build with gcc-12
ccache: Fix build with gcc-12
oescripts: change compare logic in OEListPackageconfigTests
python3-cryptography: remove test_x509.py
Naveen Saini (1):
pciutils: avoid lspci conflict with busybox
Pavel Zhukov (6):
bitbake.conf: Make TCLIBC and TCMODE lazy assigned
bitbake: fetch2: Honour BB_FETCH_PREMIRRORONLY option
bitbake: Add tests to cover BB_FETCH_PREMIRRORONLY functionality
dbus: Specify runstatedir configure option
bitbake: tests/fetch: Drop unnecessary duplicated function
bitbake: tests/fetch: Add tests for premirror using real project
Peter Kjellerstedt (2):
libseccomp: Correct LIC_FILES_CHKSUM
license.bbclass: Bound beginline and endline in copy_license_files()
Quentin Schulz (2):
docs: set_versions.py: remove honister from active releases list
docs: set_versions.py: check for first latest release tag
Rasmus Villemoes (2):
vim: put xxd in its own package
e2fsprogs: add alternatives handling of lsattr as well
Ricardo Salveti (1):
gnu-efi: enable for riscv64
Richard Purdie (51):
cve-extra-exclusions: Add kernel CVEs
lzo: Add further info to a patch and mark as Inactive-Upstream
python3: Remove problematic paths from sysroot files
python3: Ensure stale empty python module directories don't break the build
Revert "qemu.inc: Remove empty egg-info directories before running meson"
Revert "meson.bblcass: Remove empty egg-info directories before running meson"
vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs
tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210
libxslt: Mark CVE-2022-29824 as not applying
oeqa/imagefeatures: Replace lzo with zst
oeqa/imagefeatures: Disable squashfs-lzo
cve-check: Allow warnings to be disabled
openssl: Backport fix for ptest cert expiry
bitbake: runqueue: Fix unihash cache mismatch issues
bitbake: cache/siggen: Add unihash cache copy function
bitbake: bitbake: Bump to version 2.0.1
populate_sdk_ext: Fix race condition on bb_unihashes.dat
gcc-cross-canadian: Add nativesdk-zstd dependency
glib-2.0: upgrade 2.72.1 -> 2.72.2
dnf: upgrade 4.12.0 -> 4.13.0
python3-dtschema: upgrade 2022.4 -> 2022.5
python3-sphinx: upgrade 4.5.0 -> 5.0.0
python3-pip: upgrade 22.1.1 -> 22.1.2
alsa-lib: upgrade 1.2.6.1 -> 1.2.7
sysklogd: upgrade 2.3.0 -> 2.4.0
libxkbcommon: upgrade 1.4.0 -> 1.4.1
piglit: upgrade to latest revision
sysstat: upgrade 12.4.5 -> 12.6.0
harfbuzz: upgrade 4.2.1 -> 4.3.0
gtk+3: upgrade 3.24.33 -> 3.24.34
xwayland: upgrade 22.1.1 -> 22.1.2
alsa-ucm-conf: upgrade 1.2.6.3 -> 1.2.7
gnutls: upgrade 3.7.5 -> 3.7.6
webkitgtk: upgrade 2.36.1 -> 2.36.3
diffoscope: upgrade 212 -> 215
populate_sdk_ext: Fix second bb_unihashes reference
sanity: Switch to make 4.0 as a minimum version
perl: Add dependency on make-native to avoid race issues
glibc: Drop make-native dependency
bitbake: fetch/wget: Move files into place atomically
bitbake: server/process: Avoid risk of exception deadlocks
bitbake: server/process: Remove daemonic thread usage
bitbake: server/process: Avoid tracebacks at exit
uboot-sign: Fix potential index error issues
selftest/multiconfig: Test that multiconfigs in separate layers works
bitbake: cooker: Drop sre_constants usage
classes/buildcfg: Move git/layer revision code into new OE module buildcfg
lib/buildcfg: Share common clean/dirty layer function
buildcfg: Drop unused svn revision function
base/buildhistory/image-buildinfo: Use common buildcfg function
image-buildinfo: Improve and extend to SDK coverage too
Robert Yang (1):
systemd: Set RebootWatchdogSec to 60s as watchdog
Ross Burton (8):
python3-pluggy: add BBCLASSEXTEND for native/nativesdk
btrfs-tools: add a PACKAGECONFIG for lzo
tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid
packagegroup-self-hosted: remove lzo
libarchive: disable LZO by default
squashfs-tools: disable LZO by default
lzop: remove recipe from oe-core
setuptools3: clean up class
Rusty Howell (1):
oe-depends-dot: Handle new format for task-depends.dot
Sean Anderson (1):
rootfs.py: find .ko.zst kernel modules
Stefan Wiehler (1):
kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task
Tobias Schmidl (2):
oeqa/selftest/wic.py: Repaired test_qemu()
wic/plugins/images/direct: Allow changes in fstab on rootfs
Vyacheslav Yurkov (2):
files: rootfs-postcommands: move helper commands to script
files: respect overlayfs owner from lower layer
Xiaobing Luo (1):
devtool: Fix _copy_file() TypeError
Zach Welch (2):
test-manual/intro: reorder bitbake-selftest steps
test-manual/intro: bitbake-selftest needs bitbake
leimaohui (1):
gnutls: Added fips option.
wangmy (30):
bind: upgrade 9.18.2 -> 9.18.3
ccache: upgrade 4.6 -> 4.6.1
init-system-helpers: upgrade 1.62 -> 1.63
ninja: upgrade 1.10.2 -> 1.11.0
python3-certifi: upgrade 2021.10.8 -> 2022.5.18.1
python3-cython: upgrade 0.29.28 -> 0.29.30
python3-hypothesis: upgrade 6.46.4 -> 6.46.7
python3-importlib-metadata: upgrade 4.11.3 -> 4.11.4
python3-magic: upgrade 0.4.25 -> 0.4.26
python3-pip: upgrade 22.1 -> 22.1.1
python3-setuptools: upgrade 62.3.1 -> 62.3.2
python3-hypothesis: upgrade 6.46.7 -> 6.46.9
python3-semantic-version: upgrade 2.9.0 -> 2.10.0
python3-webcolors: upgrade 1.11.1 -> 1.12
python3-pytest-subtests: upgrade 0.7.0 -> 0.8.0
asciidoc: upgrade 10.1.4 -> 10.2.0
cups: upgrade 2.4.1 -> 2.4.2
iproute2: upgrade 5.17.0 -> 5.18.0
iw: upgrade 5.16 -> 5.19
logrotate: upgrade 3.19.0 -> 3.20.1
dpkg: upgrade 1.21.7 -> 1.21.8
repo: upgrade 2.25 -> 2.26
iso-codes: upgrade 4.9.0 -> 4.10.0
lttng-ust: upgrade 2.13.2 -> 2.13.3
meson: upgrade 0.62.1 -> 0.62.2
mtools: upgrade 4.0.39 -> 4.0.40
nettle: upgrade 3.7.3 -> 3.8
kbd: upgrade 2.4.0 -> 2.5.0
python3-hypothesis: upgrade 6.46.9 -> 6.46.11
xkeyboard-config: upgrade 2.35.1 -> 2.36
meta-security: 7628a3e90b..8c6fe006a1:
Armin Kuster (18):
swtpm: enable seccomp if DISTRO is enabled
security-tpm2-image: add swtpm
swtpm: enable gnutls
oeqa/swtpm: add swtpm runtime
oeqa/tpm2: fix and cleanup tests
tpm2-pkcs11: we really need the symlinks
smack-test: switch to python3
oeqa/smack: consolidate classes
checksec: update 2.6.0
chkrootkit: update SRC_URI
packagegroup-core-security: add arpwatch and chkrootkit to pkg grp
layer.conf: Post release codename changes
README: Update for dynamic layers
arpwatch: riscv not supported
packagegroup-core-security: drop arpwatch for riscv from pkg grp
chkrootkit: Fix missing includes for musl
arpwatch: update to 3.3
packagegroup-core-security: don't include aprwatch for musl
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic83db16445cf0a1286685f11d378e1e3e9b794c3
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 3729d9c..1b4910f 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -48,6 +48,7 @@
CVE_CHECK_CREATE_MANIFEST ??= "1"
CVE_CHECK_REPORT_PATCHED ??= "1"
+CVE_CHECK_SHOW_WARNINGS ??= "1"
# Provide text output
CVE_CHECK_FORMAT_TEXT ??= "1"
@@ -82,7 +83,7 @@
def generate_json_report(d, out_path, link_path):
if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
import json
- from oe.cve_check import cve_check_merge_jsons
+ from oe.cve_check import cve_check_merge_jsons, update_symlinks
bb.note("Generating JSON CVE summary")
index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
@@ -98,14 +99,12 @@
with open(out_path, "w") as f:
json.dump(summary, f, indent=2)
- if link_path != out_path:
- if os.path.exists(os.path.realpath(link_path)):
- os.remove(link_path)
- os.symlink(os.path.basename(out_path), link_path)
+ update_symlinks(out_path, link_path)
python cve_save_summary_handler () {
import shutil
import datetime
+ from oe.cve_check import update_symlinks
cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
@@ -118,14 +117,9 @@
if os.path.exists(cve_tmp_file):
shutil.copyfile(cve_tmp_file, cve_summary_file)
-
- if cve_summary_file and os.path.exists(cve_summary_file):
- cvefile_link = os.path.join(cvelogpath, cve_summary_name)
- # if the paths are the same don't create the link
- if cvefile_link != cve_summary_file:
- if os.path.exists(os.path.realpath(cvefile_link)):
- os.remove(cvefile_link)
- os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+ cvefile_link = os.path.join(cvelogpath, cve_summary_name)
+ update_symlinks(cve_summary_file, cvefile_link)
+ bb.plain("Complete CVE report summary created at: %s" % cvefile_link)
if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
@@ -178,7 +172,9 @@
"""
import shutil
- from oe.cve_check import cve_check_merge_jsons
+ import json
+ from oe.rootfs import image_list_installed_packages
+ from oe.cve_check import cve_check_merge_jsons, update_symlinks
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
@@ -188,32 +184,63 @@
if os.path.exists(deploy_file_json):
bb.utils.remove(deploy_file_json)
- if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")):
- bb.note("Writing rootfs CVE manifest")
- deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
- link_name = d.getVar("IMAGE_LINK_NAME")
+ # Create a list of relevant recipies
+ recipies = set()
+ for pkg in list(image_list_installed_packages(d)):
+ pkg_info = os.path.join(d.getVar('PKGDATA_DIR'),
+ 'runtime-reverse', pkg)
+ pkg_data = oe.packagedata.read_pkgdatafile(pkg_info)
+ recipies.add(pkg_data["PN"])
+
+ bb.note("Writing rootfs CVE manifest")
+ deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
+ link_name = d.getVar("IMAGE_LINK_NAME")
+
+ json_data = {"version":"1", "package": []}
+ text_data = ""
+ enable_json = d.getVar("CVE_CHECK_FORMAT_JSON") == "1"
+ enable_text = d.getVar("CVE_CHECK_FORMAT_TEXT") == "1"
+
+ save_pn = d.getVar("PN")
+
+ for pkg in recipies:
+ # To be able to use the CVE_CHECK_RECIPE_FILE variable we have to evaluate
+ # it with the different PN names set each time.
+ d.setVar("PN", pkg)
+ if enable_text:
+ pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE")
+ if os.path.exists(pkgfilepath):
+ with open(pkgfilepath) as pfile:
+ text_data += pfile.read()
+
+ if enable_json:
+ pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE_JSON")
+ if os.path.exists(pkgfilepath):
+ with open(pkgfilepath) as j:
+ data = json.load(j)
+ cve_check_merge_jsons(json_data, data)
+
+ d.setVar("PN", save_pn)
+
+ if enable_text:
+ link_path = os.path.join(deploy_dir, "%s.cve" % link_name)
manifest_name = d.getVar("CVE_CHECK_MANIFEST")
- cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
- bb.utils.mkdirhier(os.path.dirname(manifest_name))
- shutil.copyfile(cve_tmp_file, manifest_name)
+ with open(manifest_name, "w") as f:
+ f.write(text_data)
- if manifest_name and os.path.exists(manifest_name):
- manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name)
- # if they are the same don't create the link
- if manifest_link != manifest_name:
- # If we already have another manifest, update symlinks
- if os.path.exists(os.path.realpath(manifest_link)):
- os.remove(manifest_link)
- os.symlink(os.path.basename(manifest_name), manifest_link)
- bb.plain("Image CVE report stored in: %s" % manifest_name)
+ update_symlinks(manifest_name, link_path)
+ bb.plain("Image CVE report stored in: %s" % manifest_name)
- if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
- link_path = os.path.join(deploy_dir, "%s.json" % link_name)
- manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
- bb.note("Generating JSON CVE manifest")
- generate_json_report(d, manifest_path, link_path)
- bb.plain("Image CVE JSON report stored in: %s" % link_path)
+ if enable_json:
+ link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+ manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
+
+ with open(manifest_name, "w") as f:
+ json.dump(json_data, f, indent=2)
+
+ update_symlinks(manifest_name, link_path)
+ bb.plain("Image CVE JSON report stored in: %s" % manifest_name)
}
ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
@@ -237,7 +264,7 @@
products = d.getVar("CVE_PRODUCT").split()
# If this has been unset then we're not scanning for CVEs here (for example, image recipes)
if not products:
- return ([], [], [], {})
+ return ([], [], [], [])
pv = d.getVar("CVE_VERSION").split("+git")[0]
# If the recipe has been skipped/ignored we return empty lists
@@ -405,26 +432,25 @@
write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
- if unpatched_cves:
+ if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
- if write_string:
- with open(cve_file, "w") as f:
- bb.note("Writing file %s with CVE information" % cve_file)
+ with open(cve_file, "w") as f:
+ bb.note("Writing file %s with CVE information" % cve_file)
+ f.write(write_string)
+
+ if d.getVar("CVE_CHECK_COPY_FILES") == "1":
+ deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
+ bb.utils.mkdirhier(os.path.dirname(deploy_file))
+ with open(deploy_file, "w") as f:
f.write(write_string)
- if d.getVar("CVE_CHECK_COPY_FILES") == "1":
- deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
- bb.utils.mkdirhier(os.path.dirname(deploy_file))
- with open(deploy_file, "w") as f:
- f.write(write_string)
+ if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
+ cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+ bb.utils.mkdirhier(cvelogpath)
- if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
- cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
- bb.utils.mkdirhier(cvelogpath)
-
- with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
- f.write("%s" % write_string)
+ with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
+ f.write("%s" % write_string)
def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file):
"""