cve-check: Introduce CVE_CHECK_MANIFEST_JSON_SUFFIX

The variable contains the suffix of the CVE JSON manifest file. By default, this variable is set to 'json', so the current behavior is not changed, but enables developers to use some other suffix, e.g., cve.json (similar to spdx.json). (From OE-Core rev: d99eee76923659c0b95bf9ef415ae5d44f736d01) Signed-off-by: Aleksandar Nikolic <an010@live.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-21 21:32:12 +02:00 · 2024-06-09 21:56:54 +02:00
parent 44f1b2c56a
commit edba6889b4
1 changed files with 4 additions and 2 deletions
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -49,7 +49,8 @@ CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
 CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
 CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
 CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.cve"
-CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json"
+CVE_CHECK_MANIFEST_JSON_SUFFIX ?= "json"
+CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.${CVE_CHECK_MANIFEST_JSON_SUFFIX}"
 CVE_CHECK_COPY_FILES ??= "1"
 CVE_CHECK_CREATE_MANIFEST ??= "1"

@@ -278,7 +279,8 @@ python cve_check_write_rootfs_manifest () {
        bb.plain("Image CVE report stored in: %s" % manifest_name)

    if enable_json:
-        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+        manifest_name_suffix = d.getVar("CVE_CHECK_MANIFEST_JSON_SUFFIX")
+        link_path = os.path.join(deploy_dir, "%s.%s" % (link_name, manifest_name_suffix))
        manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")

        with open(manifest_name, "w") as f: