@@ -159,6 +159,8 @@ set -e
image_task = d.getVar('INITRAMFS_TASK')
if image_task:
d.appendVarFlag('do_configure', 'depends', ' ${INITRAMFS_TASK}')
+ if d.getVar('CVE_CHECK_KERNEL_CONFIG') == '1':
+ bb.build.addtask('do_save_compiled_files', None, 'do_compile do_compile_kernelmodules', d)
}
# Here we pull in all various kernel image types which we support.
@@ -867,3 +869,38 @@ EXPORT_FUNCTIONS do_deploy
# Add using Device Tree support
inherit kernel-devicetree
+
+KERNEL_FILES_DIR ?= "${LOG_DIR}/cve/kernel_files"
+KERNEL_SRC_FILES ?= "${KERNEL_FILES_DIR}/compile_commands.json"
+
+do_save_compiled_files() {
+ bbdebug 1 "Saving compiled files in ${KERNEL_SRC_FILES}"
+ mkdir -p ${KERNEL_FILES_DIR}
+ ${S}/scripts/clang-tools/gen_compile_commands.py -o ${KERNEL_SRC_FILES} -d ${B}
+}
+
+# Helper functions for spdx and cve-check
+# Check if the file, is a kernel compiled file
+def is_compiled_source(d, filename, kernel_sources):
+ import os
+
+ _, extension = os.path.splitext(filename)
+ # Special case, that we need to ignore, since this is not a source file
+ # We filter .c files
+ if filename.rfind(".mod.c") > 0 or extension != ".c":
+ return True
+ # Check that the c file is in the list
+ if filename in kernel_sources:
+ return True
+ return False
+
+# Get results from the save_compiled files and include also header files, extracting path
+def get_compiled_sources(d):
+ import json
+ import os
+ kfiles = []
+ with open(d.getVar('KERNEL_SRC_FILES'), 'r') as f:
+ for item in json.load(f):
+ kfile = os.path.basename(item['file'])
+ kfiles.append(kfile)
+ return kfiles