cve-check: Introduce CVE_CHECK_MANIFEST_JSON_SUFFIX

The variable contains the suffix of the CVE JSON manifest file. By default, this variable is set to 'json', so the current behavior is not changed, but enables developers to use some other suffix, e.g., cve.json (similar to spdx.json). (From OE-Core rev: 0cb103430d0505a3cd135e727379489bc3fe6e46) Signed-off-by: Aleksandar Nikolic <an010@live.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d99eee76923659c0b95bf9ef415ae5d44f736d01) Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-01-04 16:10:04 +00:00 · 2024-06-09 21:56:54 +02:00 · 2024-06-09 21:56:54 +02:00 · 19f249c4f1
commit 19f249c4f1
parent f999c32c8b
1 changed files with 4 additions and 2 deletions
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@ -49,7 +49,8 @@ CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
 CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
 CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
 CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.cve"
-CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json"
+CVE_CHECK_MANIFEST_JSON_SUFFIX ?= "json"
+CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.${CVE_CHECK_MANIFEST_JSON_SUFFIX}"
 CVE_CHECK_COPY_FILES ??= "1"
 CVE_CHECK_CREATE_MANIFEST ??= "1"

@ -278,7 +279,8 @@ python cve_check_write_rootfs_manifest () {
        bb.plain("Image CVE report stored in: %s" % manifest_name)

    if enable_json:
-        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+        manifest_name_suffix = d.getVar("CVE_CHECK_MANIFEST_JSON_SUFFIX")
+        link_path = os.path.join(deploy_dir, "%s.%s" % (link_name, manifest_name_suffix))
        manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")

        with open(manifest_name, "w") as f: