| Message ID | 20240821051721.70558-1-marta.rybczynska@ygreky.com |
|---|---|
| State | New |
| Headers | show |
| Series | cve-check: disable the text format by default | expand |
On Wed, 2024-08-21 at 07:17 +0200, Marta Rybczynska via lists.openembedded.org wrote: > The cve-check JSON format has been present for a long time now, > and this is a moment to disable the TEXT output. > > The JSON format is easier to parse by automatic tools, so users > should have migrated already. > > Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> > --- > meta/classes/cve-check.bbclass | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass > index 0d7c8a5835..41f2b8304f 100644 > --- a/meta/classes/cve-check.bbclass > +++ b/meta/classes/cve-check.bbclass > @@ -61,7 +61,7 @@ CVE_CHECK_REPORT_PATCHED ??= "1" > CVE_CHECK_SHOW_WARNINGS ??= "1" > > # Provide text output > -CVE_CHECK_FORMAT_TEXT ??= "1" > +CVE_CHECK_FORMAT_TEXT ??= "0" > > # Provide JSON output > CVE_CHECK_FORMAT_JSON ??= "1" I'm wondering if we should remove this at this point? I'd prefer the build generated machine readable data and then external tools can be used to create text based reports of that if/as/where needed rather than complicate the code class code with potentially many different report formats... Do we have a tool which can generate a text report from the json? Cheers, Richard
On Wed, Aug 21, 2024 at 10:58 AM Richard Purdie < richard.purdie@linuxfoundation.org> wrote: > On Wed, 2024-08-21 at 07:17 +0200, Marta Rybczynska via > lists.openembedded.org wrote: > > The cve-check JSON format has been present for a long time now, > > and this is a moment to disable the TEXT output. > > > > The JSON format is easier to parse by automatic tools, so users > > should have migrated already. > > > > Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> > > --- > > meta/classes/cve-check.bbclass | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/meta/classes/cve-check.bbclass > b/meta/classes/cve-check.bbclass > > index 0d7c8a5835..41f2b8304f 100644 > > --- a/meta/classes/cve-check.bbclass > > +++ b/meta/classes/cve-check.bbclass > > @@ -61,7 +61,7 @@ CVE_CHECK_REPORT_PATCHED ??= "1" > > CVE_CHECK_SHOW_WARNINGS ??= "1" > > > > # Provide text output > > -CVE_CHECK_FORMAT_TEXT ??= "1" > > +CVE_CHECK_FORMAT_TEXT ??= "0" > > > > # Provide JSON output > > CVE_CHECK_FORMAT_JSON ??= "1" > > I'm wondering if we should remove this at this point? I'd prefer the > build generated machine readable data and then external tools can be > used to create text based reports of that if/as/where needed rather > than complicate the code class code with potentially many different > report formats... > > Do we have a tool which can generate a text report from the json? > > I want to remove it :) But I also adhere to good practices of deprecating first, removing later. I do have a conversion script, so we can ask people to use it if they want the old format. The question is if people really still use it. The removal is a little more complex, because there are some dependencies between variables. We did it in the yocto-vex-tool code, and it took a little time. There will also be a bigger cleanup in the docs when the removal happens... So, no strong opinion from my side. However, given that the freeze is really soon, deprecation looks like a minimum target. Regards, Marta
On Wed, 2024-08-21 at 11:43 +0200, Marta Rybczynska wrote: > > > On Wed, Aug 21, 2024 at 10:58 AM Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > > On Wed, 2024-08-21 at 07:17 +0200, Marta Rybczynska via lists.openembedded.org wrote: > > > The cve-check JSON format has been present for a long time now, > > > and this is a moment to disable the TEXT output. > > > > > > The JSON format is easier to parse by automatic tools, so users > > > should have migrated already. > > > > > > Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> > > > --- > > > meta/classes/cve-check.bbclass | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass > > > index 0d7c8a5835..41f2b8304f 100644 > > > --- a/meta/classes/cve-check.bbclass > > > +++ b/meta/classes/cve-check.bbclass > > > @@ -61,7 +61,7 @@ CVE_CHECK_REPORT_PATCHED ??= "1" > > > CVE_CHECK_SHOW_WARNINGS ??= "1" > > > > > > # Provide text output > > > -CVE_CHECK_FORMAT_TEXT ??= "1" > > > +CVE_CHECK_FORMAT_TEXT ??= "0" > > > > > > # Provide JSON output > > > CVE_CHECK_FORMAT_JSON ??= "1" > > > > I'm wondering if we should remove this at this point? I'd prefer the > > build generated machine readable data and then external tools can be > > used to create text based reports of that if/as/where needed rather > > than complicate the code class code with potentially many different > > report formats... > > > > Do we have a tool which can generate a text report from the json? > > I want to remove it :) > > But I also adhere to good practices of deprecating first, removing later. > > I do have a conversion script, so we can ask people to use it if they want > the old format. The question is if people really still use it. > > The removal is a little more complex, because there are some dependencies > between variables. We did it in the yocto-vex-tool code, and it took a little time. > > There will also be a bigger cleanup in the docs when the removal happens... > > So, no strong opinion from my side. However, given that the freeze is really soon, > deprecation looks like a minimum target. Deprecation is definitely an option. Given where we are with releases (just had an LTS and are in a position to break things a bit more), if we could get this sorted before next week (and feature freeze), I'd take something removing this. The timing seems appropriate from the perspective that we're about to change the tooling around this all quite a bit so we may as well given people a clear path in the direction we're going. Cheers, Richard
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 0d7c8a5835..41f2b8304f 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -61,7 +61,7 @@ CVE_CHECK_REPORT_PATCHED ??= "1" CVE_CHECK_SHOW_WARNINGS ??= "1" # Provide text output -CVE_CHECK_FORMAT_TEXT ??= "1" +CVE_CHECK_FORMAT_TEXT ??= "0" # Provide JSON output CVE_CHECK_FORMAT_JSON ??= "1"
The cve-check JSON format has been present for a long time now, and this is a moment to disable the TEXT output. The JSON format is easier to parse by automatic tools, so users should have migrated already. Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> --- meta/classes/cve-check.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)