From: "Marta Rybczynska" <rybczynska@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: alex.kiernan@gmail.com, Marta Rybczynska <rybczynska@gmail.com>,
Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH] cve-check: Fix report generation
Date: Tue, 17 May 2022 08:01:15 +0200 [thread overview]
Message-ID: <20220517060115.1913044-1-rybczynska@gmail.com> (raw)
The addition of summary output caused two issues: error when building
an image and the fact that JSON output was generated even when
CVE_CHECK_FORMAT_JSON.
When generating an image it caused an error like:
ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:cve_check_write_rootfs_manifest(d)
0003:
File: '/home/alexk/poky/meta/classes/cve-check.bbclass', lineno: 213, function: cve_check_write_rootfs_manifest
0209:
0210: link_path = os.path.join(deploy_dir, "%s.json" % link_name)
0211: manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
0212: bb.note("Generating JSON CVE manifest")
*** 0213: generate_json_report(json_summary_name, json_summary_link_name)
0214: bb.plain("Image CVE JSON report stored in: %s" % link_path)
0215:}
0216:
0217:ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
Exception: NameError: name 'json_summary_name' is not defined
The fix is to pass the d variable to the pure python function generate_json_report
to get correct values of variables and add conditions for the JSON
output where needed.
In addition clarify the message presenting the summary JSON file,
which isn't related to an image.
Uses partial fixes from Alex Kiernan, Ernst Sjöstrand (ernstp),
and Davide Gardenal.
Fixes: f2987891d315 ("cve-check: add JSON format to summary output")
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
meta/classes/cve-check.bbclass | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 24ddb865ea..7cd98ae462 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -79,7 +79,7 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
# set to "alphabetical" for version using single alphabetical character as increment release
CVE_VERSION_SUFFIX ??= ""
-def generate_json_report(out_path, link_path):
+def generate_json_report(d, out_path, link_path):
if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
import json
from oe.cve_check import cve_check_merge_jsons
@@ -127,10 +127,11 @@ python cve_save_summary_handler () {
os.remove(cvefile_link)
os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+ if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp))
- generate_json_report(json_summary_name, json_summary_link_name)
- bb.plain("CVE report summary created at: %s" % json_summary_link_name)
+ generate_json_report(d, json_summary_name, json_summary_link_name)
+ bb.plain("Complete CVE JSON report summary created at: %s" % json_summary_link_name)
}
addhandler cve_save_summary_handler
@@ -207,11 +208,12 @@ python cve_check_write_rootfs_manifest () {
os.symlink(os.path.basename(manifest_name), manifest_link)
bb.plain("Image CVE report stored in: %s" % manifest_name)
- link_path = os.path.join(deploy_dir, "%s.json" % link_name)
- manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
- bb.note("Generating JSON CVE manifest")
- generate_json_report(json_summary_name, json_summary_link_name)
- bb.plain("Image CVE JSON report stored in: %s" % link_path)
+ if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
+ link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+ manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
+ bb.note("Generating JSON CVE manifest")
+ generate_json_report(d, manifest_path, link_path)
+ bb.plain("Image CVE JSON report stored in: %s" % link_path)
}
ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
--
2.33.0
next reply other threads:[~2022-05-17 6:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-17 6:01 Marta Rybczynska [this message]
2022-05-17 7:55 ` [OE-core] [PATCH] cve-check: Fix report generation Ernst Sjöstrand
2022-05-17 8:26 ` Alex Kiernan
2022-05-18 15:33 ` Marta Rybczynska
2022-05-18 15:43 ` Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220517060115.1913044-1-rybczynska@gmail.com \
--to=rybczynska@gmail.com \
--cc=alex.kiernan@gmail.com \
--cc=marta.rybczynska@huawei.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox