@@ -33,7 +33,7 @@ CVE_CHECK_SUMMARY_INDEX_PATH = "${CVE_CHECK_SUMMARY_DIR}/cve-summary-index.txt"
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
-CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json"
+CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.vex.json"
# Skip CVE Check for packages (PN)
CVE_CHECK_SKIP_RECIPE ?= ""
@@ -201,7 +201,7 @@ python vex_write_rootfs_manifest () {
d.setVar("PN", save_pn)
- link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+ link_path = os.path.join(deploy_dir, "%s.vex.json" % link_name)
manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
with open(manifest_name, "w") as f:
Rename the rootfs CVE manifest output file and its deploy directory symlink from ${IMAGE_NAME}.json to ${IMAGE_NAME}.vex.json, and from ${IMAGE_LINK_NAME}.json to ${IMAGE_LINK_NAME}.vex.json. This avoids ambiguity in the image deploy directory where other rootfs JSON files exist (e.g. SPDX/SBOM output), making the VEX origin and purpose explicit in the filename. Signed-off-by: Tim Orling <tim.orling@konsulko.com> --- meta/classes/vex.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)