Rename the rootfs CVE manifest output file and its deploy
directory symlink from ${IMAGE_NAME}.json to
${IMAGE_NAME}.vex.json, and from ${IMAGE_LINK_NAME}.json
to ${IMAGE_LINK_NAME}.vex.json.
This avoids ambiguity in the image deploy directory where
other rootfs JSON files exist (e.g. SPDX/SBOM output), making
the VEX origin and purpose explicit in the filename.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
-CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json"
+CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.vex.json"
# Skip CVE Check for packages (PN)
CVE_CHECK_SKIP_RECIPE ?= ""
d.setVar("PN", save_pn)
- link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+ link_path = os.path.join(deploy_dir, "%s.vex.json" % link_name)
manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
with open(manifest_name, "w") as f:
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
