yocto-autobuilder-helper/scripts/run-cvecheck

#!/bin/bash

SPDX-License-Identifier: GPL-2.0-only

PARENTDIR=realpath $1 TARGETDIR=realpath $2 RESULTSDIR=realpath -m $3 BUILDDIR=realpath $4 OURDIR=dirname $0

TIMESTAMP=date +"%s"

CVE Checks

if [ ! -e $PARENTDIR/yocto-metrics ]; then git clone ssh://git@push.yoctoproject.org/yocto-metrics $PARENTDIR/yocto-metrics fi

if [ ! -d $RESULTSDIR ]; then mkdir $RESULTSDIR fi

for branch in master mickledore langdale kirkstone dunfell; do mkdir -p $PARENTDIR/yocto-metrics/cve-check/$branch/ git -C $PARENTDIR reset origin/$branch --hard rm conf/local.conf rm conf/bblayers.conf rm -f conf/templateconf.cfg rm tmp/ -rf unset BB_ENV_PASSTHROUGH_ADDITIONS unset BB_ENV_EXTRAWHITE cd .. . oe-init-build-env build bitbake world --runall cve_check -R conf/distro/include/cve-extra-exclusions.inc if [ -e tmp/log/cve/cve-summary.json ]; then git -C $PARENTDIR/yocto-metrics rm cve-check/$branch/*.json mkdir -p $PARENTDIR/yocto-metrics/cve-check/$branch cp tmp/log/cve/cve-summary.json $PARENTDIR/yocto-metrics/cve-check/$branch/$TIMESTAMP.json git -C $PARENTDIR/yocto-metrics add cve-check/$branch/$TIMESTAMP.json git -C $PARENTDIR/yocto-metrics commit -asm "Autobuilder adding new CVE data for branch $branch" git -C $PARENTDIR/yocto-metrics push $OURDIR/cve-report.py tmp/log/cve/cve-summary.json > $RESULTSDIR/cve-status-$branch.txt fi done

mkdir -p $PARENTDIR/yocto-metrics/cve-check/ $OURDIR/cve-generate-chartdata --json $PARENTDIR/yocto-metrics/cve-count-byday.json --resultsdir $PARENTDIR/yocto-metrics/cve-check/ git -C $PARENTDIR/yocto-metrics add cve-count-byday.json git -C $PARENTDIR/yocto-metrics commit -asm "Autobuilder updating CVE counts" git -C $PARENTDIR/yocto-metrics push

cp $PARENTDIR/yocto-metrics/cve-count-byday.json $RESULTSDIR cp $PARENTDIR/yocto-metrics/cve-count-byday-lastyear.json $RESULTSDIR