Re: [PATCH 0/3] Add initial capability to check CVEs for recipes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: <Mikko.Rapeli@bmw.de>
To: <mariano.lopez@linux.intel.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 0/3] Add initial capability to check CVEs for recipes
Date: Thu, 25 Feb 2016 13:27:48 +0000	[thread overview]
Message-ID: <20160225132748.GD6210@loska> (raw)
In-Reply-To: <20160225122912.GC6210@loska>

On Thu, Feb 25, 2016 at 01:29:13PM +0100, Mikko Rapeli wrote:
> On Thu, Feb 25, 2016 at 01:14:21PM +0100, Mikko Rapeli wrote:
> > On Wed, Feb 24, 2016 at 03:27:05PM +0000, mariano.lopez@linux.intel.com wrote:
> > > From: Mariano Lopez <mariano.lopez@linux.intel.com>
> > > 
> > > This series add the cve-check-tool recipe, a tool used to identify
> > > potentially vulnerable software through version matching. It will
> > > check if a vulnerability has been addressed by a patch.
> > > 
> > > Also add the new cve-check class that will add a task for all recipes
> > > to check for CVEs using cve-check-tool. This tool can be used by recipe,
> > > image (will generate an image report in deploy dir), and with "world"
> > > and "universe"
> > > 
> > > To run it just inherit the class and enter:
> > > 
> > > bitbake -c cve_check <recipe>
> > 
> > I tried these on yocto/dizzy but:

Full changes needed in dizzy are:

diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py
index 670e592..f24a584 100644
--- a/bitbake/lib/bb/utils.py
+++ b/bitbake/lib/bb/utils.py
@@ -893,3 +893,21 @@ def multiprocessingpool(*args, **kwargs):
 
     return multiprocessing.Pool(*args, **kwargs)
 
+# export common proxies variables from datastore to environment
+def export_proxies(d):
+    import os
+
+    variables = ['http_proxy', 'HTTP_PROXY', 'https_proxy', 'HTTPS_PROXY',
+                    'ftp_proxy', 'FTP_PROXY', 'no_proxy', 'NO_PROXY']
+    exported = False
+
+    for v in variables:
+        if v in os.environ.keys():
+            exported = True
+        else:
+            v_proxy = d.getVar(v, True)
+            if v_proxy is not None:
+                os.environ[v] = v_proxy
+                exported = True
+
+    return exported
diff --git a/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.13.bb b/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.13.bb
index 9df81cb..b98d991 100644
--- a/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.13.bb
+++ b/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.13.bb
@@ -21,3 +21,5 @@ FILES_${PN} += "${datadir}/icons"
 do_install_append () {
 	install -m 0644 ${WORKDIR}/index.theme ${D}/${datadir}/icons/hicolor
 }
+
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-gnome/json-glib/json-glib_1.0.0.bb b/meta/recipes-gnome/json-glib/json-glib_1.0.0.bb
index ce00709..26f8f7f 100644
--- a/meta/recipes-gnome/json-glib/json-glib_1.0.0.bb
+++ b/meta/recipes-gnome/json-glib/json-glib_1.0.0.bb
@@ -18,3 +18,5 @@ SRC_URI[archive.sha256sum] = "dbf558d2da989ab84a27e4e13daa51ceaa97eb959c2c2f8097
 inherit gnome gettext lib_package
 
 EXTRA_OECONF = "--disable-introspection"
+
+BBCLASSEXTEND = "native"

And with this I get nice reports with "bitbake -c cve_check openssl" to
tmp/deploy/cve/openssl.

I'll try with a full image build next, but I really, really like this stuff.

Thanks!

-Mikko

next prev parent reply	other threads:[~2016-02-25 13:27 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-24 15:27 [PATCH 0/3] Add initial capability to check CVEs for recipes mariano.lopez
2016-02-24 15:27 ` [PATCH 1/3] cve-check-tool: Add recipe mariano.lopez
2016-02-25  0:44   ` Burton, Ross
2016-02-24 15:27 ` [PATCH 2/3] cve-check-tool patch to allow select dir for the db mariano.lopez
2016-02-25 13:33   ` Burton, Ross
2016-02-25 14:46     ` Mariano Lopez
2016-02-24 15:27 ` [PATCH 3/3] cve-check.bbclass: Add class mariano.lopez
2016-02-29 14:50   ` Burton, Ross
2016-02-29 20:06     ` Mariano Lopez
2016-02-25 12:14 ` [PATCH 0/3] Add initial capability to check CVEs for recipes Mikko.Rapeli
2016-02-25 12:29   ` Mikko.Rapeli
2016-02-25 13:27     ` Mikko.Rapeli [this message]
2016-02-25 14:09       ` Mikko.Rapeli
2016-02-26  8:14         ` Mikko.Rapeli
2016-02-26 14:48           ` Mariano Lopez
2016-02-26 14:56             ` Mikko.Rapeli
2016-02-26 14:57               ` Mikko.Rapeli
2016-02-26 15:38                 ` Mariano Lopez
2016-02-29 14:17           ` Burton, Ross
2016-02-29 14:19             ` Mikko.Rapeli
2016-03-01 15:15               ` Mariano Lopez
2016-03-02  6:32                 ` Mikko.Rapeli
     [not found] ` <56CF2B81.4080500@mvista.com>
2016-02-25 17:22   ` Mariano Lopez

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:670e592 dfblob:f24a584 dfblob:9df81cb dfblob:b98d991
dfblob:ce00709 dfblob:26f8f7f )
 OR (
bs:"Re: [PATCH 0/3] Add initial capability to check CVEs for recipes" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160225132748.GD6210@loska \
    --to=mikko.rapeli@bmw.de \
    --cc=mariano.lopez@linux.intel.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.