From patchwork Wed Sep 30 21:06:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Sangorrin X-Patchwork-Id: 105 Return-Path: Delivered-To: ilbers.mnt@gmail.com Received: by 2002:a4a:eb04:0:0:0:0:0 with SMTP id f4csp248799ooj; Wed, 30 Sep 2020 22:06:42 -0700 (PDT) X-Received: by 2002:a17:90b:1806:: with SMTP id lw6mr5651145pjb.85.1601528802695; Wed, 30 Sep 2020 22:06:42 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1601528802; cv=pass; d=google.com; s=arc-20160816; b=FZsPurp5d09dftzzXIBcYHAcMNgYPcmHNLaJgWwFTlLBC0g6I1ez2xn3+26g/O8kSi /Myy7jaDp1MS1w+zDUfBGkPg8ZkIbAGSSZFWePfyHUXEoHktKwnf9gTmS7e1A/2yr0gE AoUUmdvBNFIr5O7kI3ACs8be7LRLtZJvHvMnd07ycZZTUSaoDpIm5rFQyd8nx8yD/2DN 71RjKijgLo3zXt5L7OIf9BikhE1Wx5HcFJX4iDg6dwMG5AgYw+p1L2u69nDfxMBxpuJj /vhA8V+Rso1DjA5miBglWEcvG/quHlt9F00aJV88ENotPF9YM/b0upSbRNnQhKe/EOvC IflQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature; bh=GwGpShUkr4JYl3cBQKRcjsgdXv8P0jBVcPOqk7oxXOc=; b=tlAL49bIrlU0jEGC9onC/Qu8jx200q6/M0G3hw9PMHNPoRp/MRJ+TLaEg1+OhC4RBJ G7YmcQZQ1mIVDfxvkzb+ck7hjiHLRFb2hOmwmxZHr8GpmOJz/WAulEkPmcrxhVWR0SL6 4EZrY5DkUHgZx0Em6c+3b72bZ1RjfFNPTFWISpNl0TrsppUb/f25uF8okyHIowQBlyIt 7Dto7wBqfbO9Pso9uW9edg1YciknDPCWrX9VpjsnYKPqXgeN5++3ym3nstnWY2StAIh6 rPUZISwaxANUEJwUBWZBL14ZIbH57l6iYsr61j+4dgKcM2d9dTwI5mj0g3WCXEvMkIJJ +xkQ== ARC-Authentication-Results: i=3; mx.google.com; dkim=pass header.i=@googlegroups.com header.s=20161025 header.b=lBwopmpb; arc=pass (i=2 spf=pass spfdomain=toshiba.co.jp dmarc=pass fromdomain=toshiba.co.jp); spf=pass (google.com: domain of isar-users+bncbdxin2x4yyjbbyoh2x5qkgqekchjbga@googlegroups.com designates 209.85.220.55 as permitted sender) smtp.mailfrom=isar-users+bncBDXIN2X4YYJBBYOH2X5QKGQEKCHJBGA@googlegroups.com; dmarc=fail (p=NONE sp=NONE dis=NONE arc=pass) header.from=toshiba.co.jp Received: from mail-sor-f55.google.com (mail-sor-f55.google.com. [209.85.220.55]) by mx.google.com with SMTPS id w22sor2382803pll.21.2020.09.30.22.06.42 (Google Transport Security); Wed, 30 Sep 2020 22:06:42 -0700 (PDT) Received-SPF: pass (google.com: domain of isar-users+bncbdxin2x4yyjbbyoh2x5qkgqekchjbga@googlegroups.com designates 209.85.220.55 as permitted sender) client-ip=209.85.220.55; Authentication-Results: mx.google.com; dkim=pass header.i=@googlegroups.com header.s=20161025 header.b=lBwopmpb; arc=pass (i=2 spf=pass spfdomain=toshiba.co.jp dmarc=pass fromdomain=toshiba.co.jp); spf=pass (google.com: domain of isar-users+bncbdxin2x4yyjbbyoh2x5qkgqekchjbga@googlegroups.com designates 209.85.220.55 as permitted sender) smtp.mailfrom=isar-users+bncBDXIN2X4YYJBBYOH2X5QKGQEKCHJBGA@googlegroups.com; dmarc=fail (p=NONE sp=NONE dis=NONE arc=pass) header.from=toshiba.co.jp ARC-Seal: i=2; a=rsa-sha256; t=1601528802; cv=pass; d=google.com; s=arc-20160816; b=bIBC+8qxSkyt9IkeyD4F5CGWm/st0iLZNQHXhZ9MMZ29Vm64GZmisrB+3vtmeh2/9s yxixUs2l6PAZmazOfzzsV4Llbfb3Dad0VDlVtm7PhaH20BC3nNslvbZ0C20oNqRCWVcM IWNxb5BhBBm4u1nBzr3H4kT0qZLPR91s7koxWo9xTjpd0DZyWpFrHnX6u5xYUVzArCLy 7eHw7kOH4iAhcOl2aR6CAzy4RSXjqQM7uFj7gm0GZAa5/nlZdLjnTVUWu9E4PybvSQ/W Bd4x0jSEgA1kxJnvEcCfvhwhQJIty/l/iCrtObLNv6UFrMl4lspVC6dz4VfBKXuPhCy3 yRXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature; bh=GwGpShUkr4JYl3cBQKRcjsgdXv8P0jBVcPOqk7oxXOc=; b=oJ8sQIXT9evmhFUe6aSwetwYJ/YMuscyX1aHUgNNP47hwsnum4HUKLO0Btkhkn0NzH 46RTm5pZknZn8k3fP8Ih6Y4pXHuKwVVcWIvgzx/3twFEo4gnqJnFK2GdAeCsmEysyxly d6jGhooljNv0fX6MtT5lElo/GevZmsQNQeDwGTPxbNVYeJQmSZ07LSdBFgBAeBMBbI7S Ci2zi+gvPPjq1yVrO+GjHysw2T2GHwHsZO99nMg8BS2rtsvYSHLCPx+lnlT+Om7jjtSe +PK+GrCTN6zwjJSIlaeNefq6he7eRJhdfV2rJmloTaB3nlNeOCDH4HVR0vhEQ+EprzyH 7kRw== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of daniel.sangorrin@toshiba.co.jp designates 210.130.202.157 as permitted sender) smtp.mailfrom=daniel.sangorrin@toshiba.co.jp; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=toshiba.co.jp DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=GwGpShUkr4JYl3cBQKRcjsgdXv8P0jBVcPOqk7oxXOc=; b=lBwopmpbMJ7HY9lrvRpqwvbTDCGyHh/V2KE/Uy2is49L1G8xQzyS8FettrSKYrJpfj 2Vv2p+x/Ar3WzVeRosv0usaFMYFJIA642PnA4/e3JrEG1gH4BR91h1ivorMNPC3vdlZ0 Mxykird3QE7kp/emnoJNLeQNGv6o0UIx0cWTFjA6w1o6v0fFXoaEImTblakjcaZwD8X7 X7qSM3xMjVVpwuk9cU8gSWXnyc25PmUNA46jtyFpcOjf3ZMZiJUjVp/c8TPlw3CSvSSz DqkHGrXU9E5DegommkSb8bGbqLNZ9RFX7d54bU+WNEOpfa69WLjmZvnb8MwUZ1oDQsUf cb0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=GwGpShUkr4JYl3cBQKRcjsgdXv8P0jBVcPOqk7oxXOc=; b=FT7+uwhSR9usyFRnrqOJ8ADK/qUSUNE3FOJwyBGnC45joeujThN/TFmCY5i5BjwaZK msHmV8hfLfvZrakpzUX8o0YWDCHQ4+JgCVEnZ8tu00wpAS3s+0N54SiwIfmeNHbV48Ak 0z3HuItC0/7Tog9NlAC9b1YDiFUptB/J94snm4fcIddVSSnYujbuYytOsAlLWFbU4BSd CCf1wvIaegLoC7I7+dIgiFWDGX+6SSVmY1BIveTZ/7z3k5EYch5Ut3seuOlwfvFT3hJn GtBrXyCHYKQzlkEgB+iQkcDhfr7JYKA5zc5ZXFhiQhsXUifJoXVf4+5hdrFp4HrnjTJf 7LxQ== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM5323SRSEsCqAJHrg8PgXohzNWqMBqENB3WaglQPon50GPXDKmBX1 D5wHTg7NCXew8fIKVaSxPMM= X-Google-Smtp-Source: ABdhPJxfjzUjQcRLJyvYt+VHUgcYTHMG7OP3v1Wdd89tnsNKxuMNBtz/xwNBFxfEBOEPj6YIu2C5lg== X-Received: by 2002:a17:902:bd8e:b029:d2:ad1a:f477 with SMTP id q14-20020a170902bd8eb02900d2ad1af477mr5652634pls.40.1601528802053; Wed, 30 Sep 2020 22:06:42 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:90b:2154:: with SMTP id kt20ls1814992pjb.1.gmail; Wed, 30 Sep 2020 22:06:41 -0700 (PDT) X-Received: by 2002:a17:902:c393:b029:d0:89f4:6228 with SMTP id g19-20020a170902c393b02900d089f46228mr5769460plg.16.1601528801377; Wed, 30 Sep 2020 22:06:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601528801; cv=none; d=google.com; s=arc-20160816; b=hXEeEZdJaJLYTe8gTCDmz37GxEvDos7VJKsmmCdSqTh7XHxXVjUsBelF46b1KrG6X+ x8rEIRgREVTEkzF1hAZ9rZhP3wnAJFruvCNRxi91z5EyeV6HjeDC92JGeMFX29ESLc0q Spm9tELvB3M4nXHqWx3Gv3VO6EO2a9b2ferame7IFKvoLefdzHXfT1WwvRjME09sFIvh Jah8c3Fuh6yFFtlvPWFP6Bk8LH0yOUEHEH0BDFvoKAAe/4Fcyd32lb0QAxo/HubpJVcg onmYFpfzEIt1HcJIOm1pDzn03J4xvdWsMAEBoSFPgedDCIex8ftXsjdcHYXHDZsgviWE /FkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=cFKxLYsP5x2F112orolDRVmyAkVgJoiyCdAgIfKyqJ8=; b=lo7Hg/vaADNZ+TfpAMundR/0Yl1yPLnM6NpB8D8zJgFAhx0grzfVM9qP4ez+dxAk9S rJK5LbJQ5kF2tKVDGkQtPCJRpmk6v+BY/FcbrDYOaaeRWyR7XjIh4rlwEutU5FqI/Ee8 AH7B/CI5x7y5dA/s4OjmBe8MqaCMq1ngwUJvE7u88e7x95srpnoGbV8BJSw5e4vf4ZDo weEOSbIauKPvp0MMJCyHuRc4g3Rg7TAXHsaJtpudMnf9+EuszuJ940mhd7maoKop39ft EhAW9R73xrTLnFprevLKxF7dIapWoauuYfBt+/Qhzd+WRkuAmVREdTd5lMUkKwUyW9jG cH3w== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of daniel.sangorrin@toshiba.co.jp designates 210.130.202.157 as permitted sender) smtp.mailfrom=daniel.sangorrin@toshiba.co.jp; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=toshiba.co.jp Received: from mo-csw.securemx.jp (mo-csw1115.securemx.jp. [210.130.202.157]) by gmr-mx.google.com with ESMTPS id r23si67141pje.0.2020.09.30.22.06.40 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Sep 2020 22:06:41 -0700 (PDT) Received-SPF: pass (google.com: domain of daniel.sangorrin@toshiba.co.jp designates 210.130.202.157 as permitted sender) client-ip=210.130.202.157; Received: by mo-csw.securemx.jp (mx-mo-csw1115) id 09156djl008835; Thu, 1 Oct 2020 14:06:39 +0900 X-Iguazu-Qid: 2wHHzZilbQsEjc1NxY X-Iguazu-QSIG: v=2; s=0; t=1601528799; q=2wHHzZilbQsEjc1NxY; m=XIEJMNn6zya19Y8FNOaR8nKKysdl95tN60a8ahFe3OE= Received: from imx12.toshiba.co.jp (imx12.toshiba.co.jp [61.202.160.132]) by relay.securemx.jp (mx-mr1113) id 09156cuf004498; Thu, 1 Oct 2020 14:06:38 +0900 Received: from enc02.toshiba.co.jp ([61.202.160.51]) by imx12.toshiba.co.jp with ESMTP id 09156ccF024584; Thu, 1 Oct 2020 14:06:38 +0900 (JST) Received: from hop101.toshiba.co.jp ([133.199.85.107]) by enc02.toshiba.co.jp with ESMTP id 09156cPI026439; Thu, 1 Oct 2020 14:06:38 +0900 From: Daniel Sangorrin To: jan.kiszka@siemens.com Cc: isar-users@googlegroups.com Subject: [debsecan] meta/classes: export dpkg status file for debsecan Date: Thu, 1 Oct 2020 14:06:35 +0900 X-TSB-HOP: ON Message-Id: <20201001050635.2880259-2-daniel.sangorrin@toshiba.co.jp> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201001050635.2880259-1-daniel.sangorrin@toshiba.co.jp> References: <20201001050635.2880259-1-daniel.sangorrin@toshiba.co.jp> MIME-Version: 1.0 X-Original-Sender: daniel.sangorrin@toshiba.co.jp X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of daniel.sangorrin@toshiba.co.jp designates 210.130.202.157 as permitted sender) smtp.mailfrom=daniel.sangorrin@toshiba.co.jp; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=toshiba.co.jp Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1679324665813717812?= X-GMAIL-MSGID: =?utf-8?q?1679324665813717812?= Although the currently exported manifest has enough information for scanning vulnerabilities, the tool debsecan depends on the /var/lib/dpkg/status file format. This patch adds a feature to export such file. All rootfs'es export the file by default and with the same file name syntax as the manifests, except for the file extension which is ".dpkg_status" instead of ".manifest". Remove the feature with: ROOTFS_FEATURES_remove = "export-dpkg-status" Signed-off-by: Daniel Sangorrin Signed-off-by: Daniel Sangorrin --- meta/classes/image.bbclass | 3 ++- meta/classes/rootfs.bbclass | 8 ++++++++ meta/recipes-devtools/buildchroot/buildchroot.inc | 3 ++- meta/recipes-devtools/sdkchroot/sdkchroot.bb | 3 ++- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index a296cc0..8e350a3 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -63,9 +63,10 @@ image_do_mounts() { } ROOTFSDIR = "${IMAGE_ROOTFS}" -ROOTFS_FEATURES += "clean-package-cache finalize-rootfs generate-manifest" +ROOTFS_FEATURES += "clean-package-cache finalize-rootfs generate-manifest export-dpkg-status" ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${IMAGE_INSTALL}" ROOTFS_MANIFEST_DEPLOY_DIR ?= "${DEPLOY_DIR_IMAGE}" +ROOTFS_DPKGSTATUS_DEPLOY_DIR ?= "${DEPLOY_DIR_IMAGE}" inherit rootfs inherit image-sdk-extension diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index afec1cb..bd73ee6 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -11,6 +11,7 @@ ROOTFS_PACKAGES ?= "" # available features are: # 'clean-package-cache' - delete package cache from rootfs # 'generate-manifest' - generate a package manifest of the rootfs into ${ROOTFS_MANIFEST_DEPLOY_DIR} +# 'export-dpkg-status' - exports /var/lib/dpkg/status file to ${ROOTFS_DPKGSTATUS_DEPLOY_DIR} # 'finalize-rootfs' - delete files needed to chroot into the rootfs ROOTFS_FEATURES ?= "" @@ -201,6 +202,13 @@ rootfs_generate_manifest () { ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".manifest } +ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'export-dpkg-status', 'rootfs_export_dpkg_status', '', d)}" +rootfs_export_dpkg_status() { + mkdir -p ${ROOTFS_DPKGSTATUS_DEPLOY_DIR} + cp '${ROOTFSDIR}'/var/lib/dpkg/status \ + '${ROOTFS_DPKGSTATUS_DEPLOY_DIR}'/'${PF}'.dpkg_status +} + ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'finalize-rootfs', 'rootfs_postprocess_finalize', '', d)}" rootfs_postprocess_finalize() { sudo -s <<'EOSUDO' diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc b/meta/recipes-devtools/buildchroot/buildchroot.inc index b4d7b76..e9c2cfe 100644 --- a/meta/recipes-devtools/buildchroot/buildchroot.inc +++ b/meta/recipes-devtools/buildchroot/buildchroot.inc @@ -20,7 +20,8 @@ ROOTFSDIR = "${BUILDCHROOT_DIR}" ROOTFS_PACKAGES = "${BUILDCHROOT_PREINSTALL}" ROOTFS_CLEAN_FILES = "" ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_BUILDCHROOT}" -ROOTFS_FEATURES += "generate-manifest" +ROOTFS_DPKGSTATUS_DEPLOY_DIR = "${DEPLOY_DIR_BUILDCHROOT}" +ROOTFS_FEATURES += "generate-manifest export-dpkg-status" BUILDCHROOT_PREINSTALL_COMMON = " \ make \ diff --git a/meta/recipes-devtools/sdkchroot/sdkchroot.bb b/meta/recipes-devtools/sdkchroot/sdkchroot.bb index 467e682..796fefa 100644 --- a/meta/recipes-devtools/sdkchroot/sdkchroot.bb +++ b/meta/recipes-devtools/sdkchroot/sdkchroot.bb @@ -22,8 +22,9 @@ ROOTFS_ARCH = "${HOST_ARCH}" ROOTFS_DISTRO = "${HOST_DISTRO}" ROOTFSDIR = "${S}" ROOTFS_PACKAGES = "${SDKCHROOT_PREINSTALL} ${TOOLCHAIN}" -ROOTFS_FEATURES += "clean-package-cache generate-manifest" +ROOTFS_FEATURES += "clean-package-cache generate-manifest export-dpkg-status" ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_SDKCHROOT}" +ROOTFS_DPKGSTATUS_DEPLOY_DIR = "${DEPLOY_DIR_SDKCHROOT}" python() { if d.getVar("HOST_ARCH") not in ['i386', 'amd64']: