timesysgit / meta-timesys Goto Github PK
View Code? Open in Web Editor NEWVulnerability management tool that provides Yocto SBOM generation and CVE Analysis of target images.
Home Page: https://www.timesys.com/vigiles/
Vulnerability management tool that provides Yocto SBOM generation and CVE Analysis of target images.
Home Page: https://www.timesys.com/vigiles/
Stop your automation publishing several hundreds of release per day, like:
https://github.com/TimesysGit/meta-timesys/releases/tag/v1.14.0%2Bhonister
For people following the project, this result in hundreds of notification. I had to unsubscribe from all notification from your project.
Hi,
I am unable to find documented expected behavior for whitelisted CVEs. When I print the local report I see that the CVE Whitelist variable has been populated:
-- Vigiles CVE Whitelist --
* CVE-2011-xxxxx
* CVE-2011-xxxxx
* CVE-2011-xxxxx
* CVE-2013-xxxxx
* CVE-2014-xxxxx
* CVE-2015-xxxxx
* CVE-2016-xxxxx
* CVE-2018-xxxxx
* CVE-2018-xxxxx
* CVE-2018-xxxxx
* CVE-2019-xxxxx
* CVE-2019-xxxxx
* CVE-2019-xxxxx
* CVE-2019-xxxxx
* CVE-2019-xxxxx
* CVE-2019-xxxxx
* CVE-2019-xxxxx
* CVE-2019-xxxxx
* CVE-2020-xxxxx
* CVE-2020-xxxxx
* CVE-2020-xxxxx
* CVE-2020-xxxxx
* CVE-2020-xxxxx
* CVE-2020-xxxxx
* CVE-2020-xxxxx
* CVE-2020-xxxxx
* CVE-2021-xxxxx
* CVE-2021-xxxxx
* CVE-2021-xxxxx
* CVE-2022-xxxxx
* CVE-2022-xxxxx
I am not explicitly adding these CVEs via VIGILES_WHITELIST
so I assume they are being pulled in from recipes declaring CVE_CHECK_WHITELIST
?
When I explicitly declare a package or CVE into VIGILES_WHITELIST
, they show up in the local report whitelisted CVEs, but the online report still lists them as 'unfixed'
Is this expected behavior? Should I be manually whitelisting CVEs in the report web interface? I thought I had a configuration before that was not displaying whitelisted CVEs/packages in the online report, but I can't reproduce that behavior at the moment.
I am using Dunfell branch.
Line 22 in 801a256
When inheriting "vigiles" in a Yocto 4.0 (kirkstone) project, the build fails with a multiubi-related error, even if your build isn't using multiubi. I've attached the error output in a file, since it contains characters that mess with github's markup:
vigiles_multiubi_error.txt
This is due to commit 32dd3d59c250f916115b339c29aa4dbfe50a3235 in poky, which was introduced in March 28th 2023. As expected, reverting this commit fixes the issue, but a better workaround for the moment is to include a "dummy" default value for MULTIUBI_BUILD in your build's platform. The error does not happen if you don't inherit "vigiles".
Is there a way to fix this error within meta-timesys?
Hello,
Vigiles does not seem to work when trying to build a hardware from meta-freescale layer:
Parsing recipes: 100% |#################################################################################| Time: 0:00:12
Parsing of 907 .bb files complete (0 cached, 907 parsed). 1467 targets, 164 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies
ERROR: Nothing PROVIDES 'linux-fslc-imx'
linux-fslc-imx was skipped: incompatible with machine imx7dsabresd (not in COMPATIBLE_MACHINE)
ERROR: Required build target 'core-image-minimal' has no buildable providers.
Missing or unbuildable dependency chain was: ['core-image-minimal', 'linux-fslc-imx']
Summary: There were 2 ERROR messages shown, returning a non-zero exit code.
I found that getting rid of INHERIT += "vigiles"
in local.conf seems to make builds working again.
My entire test script is below. If the second to last line is uncommented the build will break. Comment it again and build will proceed normally.
#!/bin/bash
set -xe
THIS_SCRIPT_DIR=$(dirname "$(realpath -s $0)")
# Get layers
if [ -d poky ]; then
pushd poky
git pull
popd
else
git clone -b dunfell --depth 1 git://git.yoctoproject.org/poky.git
fi
if [ -d meta-freescale ]; then
pushd meta-freescale
git pull
popd
else
git clone -b dunfell --depth 1 https://github.com/Freescale/meta-freescale.git
fi
if [ -d meta-timesys ]; then
pushd meta-timesys
git pull
popd
else
git clone -b dunfell --depth 1 https://github.com/TimeSysGit/meta-timesys.git
fi
# Clean previous local.conf modifications
rm -f "$THIS_SCRIPT_DIR/build/conf/local.conf"
# Source bitbake setup script (should regenerate local.conf)
source "poky/oe-init-build-env"
# Add extra layers
bitbake-layers add-layer "$THIS_SCRIPT_DIR/meta-freescale"
bitbake-layers add-layer "$THIS_SCRIPT_DIR/meta-timesys"
# Modify local.conf
echo '' >> "$THIS_SCRIPT_DIR/build/conf/local.conf"
echo 'MACHINE = "imx7dsabresd"' >> "$THIS_SCRIPT_DIR/build/conf/local.conf"
# Uncommenting this will break build
#echo 'INHERIT += "vigiles" ' >> "$THIS_SCRIPT_DIR/build/conf/local.conf"
bitbake core-image-minimal
Please add support for Hardknott in this layer.
I happen to use the Ubuntu 20.04
as my Host machine to build the core-image-sato
and ofcourse I get a Warning that says:
WARNING: Host distribution "ubuntu-20.04" has not been validated with this version of the build system; you may possibly experience unexpected failures. It is recommended that you use a tested distribution.
But, still all the packages were built and even few tsmeta
json files were created during this process. However there are few issues noticed after the core-image-sato-1.0-r0 do_rootfs
with do_vigiles_pkg
certain packages for example:
ERROR: libinput-1.12.6-r0 do_vigiles_pkg: Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_tsmeta_pkgvars(d)
0003:
File: '/home/poky/meta-timesys/classes/tsmeta.bbclass', lineno: 466, function: do_tsmeta_pkgvars
0462:
0463:
0464:python do_tsmeta_pkgvars() {
0465: tsmeta_get_pn(d)
*** 0466: tsmeta_get_src(d)
0467: tsmeta_get_pkg(d)
0468: tsmeta_get_packageconfig(d)
0469:}
0470:
File: '/home/poky/meta-timesys/classes/tsmeta.bbclass', lineno: 302, function: tsmeta_get_src
0298: return cve_v
0299:
0300:
0301:def tsmeta_get_src(d):
*** 0302: import oe.recipeutils as oe
0303:
0304: tsm_type = "src"
0305: src_dict = dict()
0306:
File: '/home/poky/meta/lib/oe/recipeutils.py', lineno: 21, function: <module>
0017:import shutil
0018:import re
0019:import fnmatch
0020:import glob
*** 0021:import bb.tinfoil
0022:
0023:from collections import OrderedDict, defaultdict
0024:from bb.utils import vercmp_string
0025:
File: '/home/poky/bitbake/lib/bb/tinfoil.py', lineno: 18, function: <module>
0014:import re
0015:from collections import OrderedDict, defaultdict
0016:
0017:import bb.cache
*** 0018:import bb.cooker
0019:import bb.providers
0020:import bb.taskdata
0021:import bb.utils
0022:import bb.command
File: '/home/poky/bitbake/lib/bb/cooker.py', lineno: 32, function: <module>
0028:import queue
0029:import signal
0030:import subprocess
0031:import errno
*** 0032:import prserv.serv
0033:import pyinotify
0034:import json
0035:import pickle
0036:import codecs
File: '/home/poky/bitbake/lib/prserv/serv.py', lineno: 7, function: <module>
0003:#
0004:
0005:import os,sys,logging
0006:import signal, time
*** 0007:from xmlrpc.server import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
0008:import threading
0009:import queue
0010:import socket
0011:import io
File: '/usr/lib/python3.8/xmlrpc/server.py', lineno: 117, function: <module>
0113:import socketserver
0114:import sys
0115:import os
0116:import re
*** 0117:import pydoc
0118:import traceback
0119:try:
0120: import fcntl
0121:except ImportError:
File: '/usr/lib/python3.8/pydoc.py', lineno: 370, function: <module>
0366: return module
0367:
0368:# ---------------------------------------------------- formatter base class
0369:
*** 0370:class Doc:
0371:
0372: PYTHONDOCS = os.environ.get("PYTHONDOCS",
0373: "https://docs.python.org/%d.%d/library"
0374: % sys.version_info[:2])
File: '/usr/lib/python3.8/pydoc.py', lineno: 400, function: Doc
0396: raise TypeError(message)
0397:
0398: docmodule = docclass = docroutine = docother = docproperty = docdata = fail
0399:
*** 0400: def getdocloc(self, object, basedir=sysconfig.get_path('stdlib')):
0401: """Return the location of module docs or None"""
0402:
0403: try:
0404: file = inspect.getabsfile(object)
File: '/usr/lib/python3.8/sysconfig.py', lineno: 512, function: get_path
0508: """Return a path corresponding to the scheme.
0509:
0510: ``scheme`` is the install scheme name.
0511: """
*** 0512: return get_paths(scheme, vars, expand)[name]
0513:
0514:
0515:def get_config_vars(*args):
0516: """With no arguments, return a dictionary of all configuration
File: '/usr/lib/python3.8/sysconfig.py', lineno: 502, function: get_paths
0498: ``scheme`` is the install scheme name. If not provided, it will
0499: return the default scheme for the current platform.
0500: """
0501: if expand:
*** 0502: return _expand_vars(scheme, vars)
0503: else:
0504: return _INSTALL_SCHEMES[scheme]
0505:
0506:
File: '/usr/lib/python3.8/sysconfig.py', lineno: 172, function: _expand_vars
0168:def _expand_vars(scheme, vars):
0169: res = {}
0170: if vars is None:
0171: vars = {}
*** 0172: _extend_dict(vars, get_config_vars())
0173:
0174: for key, value in _INSTALL_SCHEMES[scheme].items():
0175: if os.name in ('posix', 'nt'):
0176: value = os.path.expanduser(value)
File: '/usr/lib/python3.8/sysconfig.py', lineno: 550, function: get_config_vars
0546:
0547: if os.name == 'nt':
0548: _init_non_posix(_CONFIG_VARS)
0549: if os.name == 'posix':
*** 0550: _init_posix(_CONFIG_VARS)
0551: # For backward compatibility, see issue19555
0552: SO = _CONFIG_VARS.get('EXT_SUFFIX')
0553: if SO is not None:
0554: _CONFIG_VARS['SO'] = SO
File: '/usr/lib/python3.8/sysconfig.py', lineno: 421, function: _init_posix
0417:def _init_posix(vars):
0418: """Initialize the module as appropriate for POSIX systems."""
0419: # _sysconfigdata is generated at build time, see _generate_posix_vars()
0420: name = _get_sysconfigdata_name()
*** 0421: _temp = __import__(name, globals(), locals(), ['build_time_vars'], 0)
0422: build_time_vars = _temp.build_time_vars
0423: vars.update(build_time_vars)
0424:
0425:def _init_non_posix(vars):
Exception: ModuleNotFoundError: No module named '_sysconfigdata'
ERROR: libinput-1.12.6-r0 do_vigiles_pkg: No module named '_sysconfigdata'
ERROR: libinput-1.12.6-r0 do_vigiles_pkg: Function failed: do_tsmeta_pkgvars
ERROR: Logfile of failure stored in: /home/build/tmp/work/armv7vet2hf-neon-poky-linux-gnueabi/libinput/1.12.6-r0/temp/log.do_vigiles_pkg.13128
ERROR: Task (/home/poky/meta/recipes-graphics/wayland/libinput_1.12.6.bb:do_vigiles_pkg) failed with exit code '1'
ERROR: libpsl-0.20.2-r0 do_vigiles_pkg: Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_tsmeta_pkgvars(d)
0003:
File: '/home/poky/meta-timesys/classes/tsmeta.bbclass', lineno: 466, function: do_tsmeta_pkgvars
0462:
0463:
0464:python do_tsmeta_pkgvars() {
0465: tsmeta_get_pn(d)
*** 0466: tsmeta_get_src(d)
0467: tsmeta_get_pkg(d)
0468: tsmeta_get_packageconfig(d)
0469:}
0470:
File: '/home/poky/meta-timesys/classes/tsmeta.bbclass', lineno: 302, function: tsmeta_get_src
0298: return cve_v
0299:
0300:
0301:def tsmeta_get_src(d):
*** 0302: import oe.recipeutils as oe
0303:
0304: tsm_type = "src"
0305: src_dict = dict()
0306:
File: '/home/poky/meta/lib/oe/recipeutils.py', lineno: 21, function: <module>
0017:import shutil
0018:import re
0019:import fnmatch
0020:import glob
*** 0021:import bb.tinfoil
0022:
0023:from collections import OrderedDict, defaultdict
0024:from bb.utils import vercmp_string
0025:
File: '/home/poky/bitbake/lib/bb/tinfoil.py', lineno: 18, function: <module>
0014:import re
0015:from collections import OrderedDict, defaultdict
0016:
0017:import bb.cache
*** 0018:import bb.cooker
0019:import bb.providers
0020:import bb.taskdata
0021:import bb.utils
0022:import bb.command
File: '/home/poky/bitbake/lib/bb/cooker.py', lineno: 32, function: <module>
0028:import queue
0029:import signal
0030:import subprocess
0031:import errno
*** 0032:import prserv.serv
0033:import pyinotify
0034:import json
0035:import pickle
0036:import codecs
File: '/home/poky/bitbake/lib/prserv/serv.py', lineno: 7, function: <module>
0003:#
0004:
0005:import os,sys,logging
0006:import signal, time
*** 0007:from xmlrpc.server import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
0008:import threading
0009:import queue
0010:import socket
0011:import io
File: '/usr/lib/python3.8/xmlrpc/server.py', lineno: 117, function: <module>
0113:import socketserver
0114:import sys
0115:import os
0116:import re
*** 0117:import pydoc
0118:import traceback
0119:try:
0120: import fcntl
0121:except ImportError:
File: '/usr/lib/python3.8/pydoc.py', lineno: 370, function: <module>
0366: return module
0367:
0368:# ---------------------------------------------------- formatter base class
0369:
*** 0370:class Doc:
0371:
0372: PYTHONDOCS = os.environ.get("PYTHONDOCS",
0373: "https://docs.python.org/%d.%d/library"
0374: % sys.version_info[:2])
File: '/usr/lib/python3.8/pydoc.py', lineno: 400, function: Doc
0396: raise TypeError(message)
0397:
0398: docmodule = docclass = docroutine = docother = docproperty = docdata = fail
0399:
*** 0400: def getdocloc(self, object, basedir=sysconfig.get_path('stdlib')):
0401: """Return the location of module docs or None"""
0402:
0403: try:
0404: file = inspect.getabsfile(object)
File: '/usr/lib/python3.8/sysconfig.py', lineno: 512, function: get_path
0508: """Return a path corresponding to the scheme.
0509:
0510: ``scheme`` is the install scheme name.
0511: """
*** 0512: return get_paths(scheme, vars, expand)[name]
0513:
0514:
0515:def get_config_vars(*args):
0516: """With no arguments, return a dictionary of all configuration
File: '/usr/lib/python3.8/sysconfig.py', lineno: 502, function: get_paths
0498: ``scheme`` is the install scheme name. If not provided, it will
0499: return the default scheme for the current platform.
0500: """
0501: if expand:
*** 0502: return _expand_vars(scheme, vars)
0503: else:
0504: return _INSTALL_SCHEMES[scheme]
0505:
0506:
File: '/usr/lib/python3.8/sysconfig.py', lineno: 172, function: _expand_vars
0168:def _expand_vars(scheme, vars):
0169: res = {}
0170: if vars is None:
0171: vars = {}
*** 0172: _extend_dict(vars, get_config_vars())
0173:
0174: for key, value in _INSTALL_SCHEMES[scheme].items():
0175: if os.name in ('posix', 'nt'):
0176: value = os.path.expanduser(value)
File: '/usr/lib/python3.8/sysconfig.py', lineno: 550, function: get_config_vars
0546:
0547: if os.name == 'nt':
0548: _init_non_posix(_CONFIG_VARS)
0549: if os.name == 'posix':
*** 0550: _init_posix(_CONFIG_VARS)
0551: # For backward compatibility, see issue19555
0552: SO = _CONFIG_VARS.get('EXT_SUFFIX')
0553: if SO is not None:
0554: _CONFIG_VARS['SO'] = SO
File: '/usr/lib/python3.8/sysconfig.py', lineno: 421, function: _init_posix
0417:def _init_posix(vars):
0418: """Initialize the module as appropriate for POSIX systems."""
0419: # _sysconfigdata is generated at build time, see _generate_posix_vars()
0420: name = _get_sysconfigdata_name()
*** 0421: _temp = __import__(name, globals(), locals(), ['build_time_vars'], 0)
0422: build_time_vars = _temp.build_time_vars
0423: vars.update(build_time_vars)
0424:
0425:def _init_non_posix(vars):
Exception: ModuleNotFoundError: No module named '_sysconfigdata'
ERROR: libpsl-0.20.2-r0 do_vigiles_pkg: No module named '_sysconfigdata'
ERROR: libpsl-0.20.2-r0 do_vigiles_pkg: Function failed: do_tsmeta_pkgvars
ERROR: Logfile of failure stored in: /home/build/tmp/work/armv7vet2hf-neon-poky-linux-gnueabi/libpsl/0.20.2-r0/temp/log.do_vigiles_pkg.13129
ERROR: Task (/home/poky/meta/recipes-support/libpsl/libpsl_0.20.2.bb:do_vigiles_pkg) failed with exit code '1'
I have installed Python 3.6.9
and set that as my default Python3 version, that resolved the all issues and the Vigiles Manifest got generated.
Even though am aware that it could be due to the fact that am using a Host distro that was not validated by Yocto. I thought of raising this issue, since all other packages were built fine and if there is something that you can patch in this layer to avoid this error.
If it is already in your radar, and is being addressed. Please close this post. Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.