| Message ID | 20240609192711.413867-1-an010@live.com |
|---|---|
| State | New |
| Headers | show |
| Series | cve-check: Introduce CVE_CHECK_MANIFEST_JSON_SUFFIX | expand |
On Sun, Jun 9, 2024 at 9:27 PM Aleksandar Nikolic via lists.openembedded.org <aleksandar.nikolic010=gmail.com@lists.openembedded.org> wrote: > The variable contains the suffix of the CVE JSON manifest file. > By default, this variable is set to 'json', so the current behavior > is not changed, but enables developers to use some other suffix, > e.g., cve.json (similar to spdx.json). > Hello Aleksandar, Thank you for the patch. Could you please explain what is your use case? This isn't to reject your patch - we're moving this whole code base, so I'd like to understand how to take your use-case into account. Kind regards, Marta
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 56ba8bceef..201bdb796b 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -49,7 +49,8 @@ CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}" CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json" CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.cve" -CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json" +CVE_CHECK_MANIFEST_JSON_SUFFIX ?= "json" +CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${CVE_CHECK_MANIFEST_JSON_SUFFIX}" CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" @@ -278,7 +279,8 @@ python cve_check_write_rootfs_manifest () { bb.plain("Image CVE report stored in: %s" % manifest_name) if enable_json: - link_path = os.path.join(deploy_dir, "%s.json" % link_name) + manifest_name_suffix = d.getVar("CVE_CHECK_MANIFEST_JSON_SUFFIX") + link_path = os.path.join(deploy_dir, "%s.%s" % (link_name, manifest_name_suffix)) manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") with open(manifest_name, "w") as f:
The variable contains the suffix of the CVE JSON manifest file. By default, this variable is set to 'json', so the current behavior is not changed, but enables developers to use some other suffix, e.g., cve.json (similar to spdx.json). Signed-off-by: Aleksandar Nikolic <an010@live.com> --- meta/classes/cve-check.bbclass | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)