[yocto] [meta-security][PATCH 1/2] oe-selftest: add running cve checker

Armin Kuster akuster808 at gmail.com
Thu May 9 20:09:56 PDT 2019


Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 lib/oeqa/selftest/cases/cvechecker.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 lib/oeqa/selftest/cases/cvechecker.py

diff --git a/lib/oeqa/selftest/cases/cvechecker.py b/lib/oeqa/selftest/cases/cvechecker.py
new file mode 100644
index 0000000..23ca7d2
--- /dev/null
+++ b/lib/oeqa/selftest/cases/cvechecker.py
@@ -0,0 +1,27 @@
+import os
+import re
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake, get_bb_var
+
+class CveCheckerTests(OESelftestTestCase):
+    def test_cve_checker(self):
+        image = "core-image-sato"
+
+        deploy_dir = get_bb_var("DEPLOY_DIR_IMAGE")
+        image_link_name = get_bb_var('IMAGE_LINK_NAME', image)
+
+        manifest_link = os.path.join(deploy_dir, "%s.cve" % image_link_name)
+
+        self.logger.info('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
+        if (not 'cve-check' in get_bb_var('INHERIT')):
+            add_cve_check_config = 'INHERIT += "cve-check"'
+            self.append_config(add_cve_check_config)
+        self.append_config('CVE_CHECK_MANIFEST = "%s"' % manifest_link)
+        result = bitbake("-k -c cve_check %s" % image, ignore_status=True)
+        if (not 'cve-check' in get_bb_var('INHERIT')):
+            self.remove_config(add_cve_check_config)
+
+        isfile = os.path.isfile(manifest_link)
+        self.assertEqual(True, isfile, 'Failed to create cve data file : %s' % manifest_link)
+
-- 
2.17.1



More information about the yocto mailing list