From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6878513829999804416
X-Received: by 2002:aa7:c30e:: with SMTP id l14mr3401221edq.315.1606411105916;
        Thu, 26 Nov 2020 09:18:25 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a17:906:cb9a:: with SMTP id mf26ls1139682ejb.8.gmail; Thu,
 26 Nov 2020 09:18:25 -0800 (PST)
X-Google-Smtp-Source: ABdhPJy5p2dg5k9bo+Tcbm3WSyvfaNUyBdjkDyLKO1JNsoUR16X0boqvi4CVwJ92WDmmUK4/fCmj
X-Received: by 2002:a17:906:6713:: with SMTP id a19mr3828919ejp.468.1606411105017;
        Thu, 26 Nov 2020 09:18:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606411105; cv=none;
        d=google.com; s=arc-20160816;
        b=x4aaxMjoAsh2UTc56LL+ofyJyGnYe8Lf5cJvc+gcyQeefecnnOz9fk7qQIyGwVb+fV
         0LzPuFPgPRjgZwFdy4Lt/hlaihZ1Yszx8JiH8DlPnL3ACeDT04MKnWUpuOXsMhntVqo0
         zdUUc9GbIfmTPvR0XNsbIxAX0clVErR78j9Q68FMCZNaXEqPaGMPygc37U892EFqUO+w
         ssLwHRqHslja0qxMTvZk1PLTv10Az7DXwKM+8GQ2XDTQcRNojyhj1sClFTsEH+eGKCyT
         suwBig4Es8IQyuhxUVZ00IldiVxLKagS3dHYGkQRcvoT+k4JmixRxUWFBHQSU+seyKKf
         0WIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-language:content-transfer-encoding:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:to:subject;
        bh=TJrgcBuhu6Zoj/vCkCkATOypR/xbz7Iy48zvtpdTYbY=;
        b=WD6BjDl5or1+y2p439dAbVcXoaboRCc6xTOCQwcFo668vIDs4i+YJ9HiV6q4Nxq2zE
         qfmU6Mx/gcQxyBltd6ZBn8EC7OXHYdFiCVh7q+rgalo3BAX9ZscgNuSkIqJNjM1hXEwC
         UlHR/eFqzZwY9u+6HyuFOFSLU6cAL46S/qespvlpi61XGtT5dXpbeYhEdW6V5N3tJuBc
         HmEA1XKkdlbm16QzilkrZgae6D+uwt3y9XWq2B2SbMHLU7k5Qcili1IRw8adbJX7bRbP
         wtP8/eg6gK0YeHat8rQPFi9afTNp0a8uXJRrOnCRPix7KIQRrDOWEOzReqM1MxzvLY5Z
         KI2g==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de
Return-Path: <amikan@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id a11si142173edq.1.2020.11.26.09.18.24
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 26 Nov 2020 09:18:24 -0800 (PST)
Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de
Received: from [192.168.67.164] (mm-201-79-121-178.mgts.dynamic.pppoe.byfly.by [178.121.79.201] (may be forged))
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id 0AQHIK9N030845
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <isar-users@googlegroups.com>; Thu, 26 Nov 2020 18:18:21 +0100
Subject: Re: [debsecan] meta/classes: export dpkg status file for debsecan
To: isar-users@googlegroups.com
References: <20201001050635.2880259-1-daniel.sangorrin@toshiba.co.jp>
 <20201001050635.2880259-2-daniel.sangorrin@toshiba.co.jp>
From: Anton Mikanovich <amikan@ilbers.de>
Message-ID: <3686debe-7493-be43-2a5c-1ca3cf444a83@ilbers.de>
Date: Thu, 26 Nov 2020 20:18:12 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20201001050635.2880259-2-daniel.sangorrin@toshiba.co.jp>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,URIBL_BLOCKED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: uCdElqpWqOe+

01.10.2020 08:06, Daniel Sangorrin wrote:
> Although the currently exported manifest has enough
> information for scanning vulnerabilities, the tool
> debsecan depends on the /var/lib/dpkg/status file
> format. This patch adds a feature to export such file.
>
> All rootfs'es export the file by default and with
> the same file name syntax as the manifests, except
> for the file extension which is ".dpkg_status"
> instead of ".manifest".
>
> Remove the feature with:
>    ROOTFS_FEATURES_remove = "export-dpkg-status"
>
> Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>

Rebased and applied on next, thanks.
Result is below.

 From d3914aeebc5dcd020b85898ffde8f0b7abf2ccaa Mon Sep 17 00:00:00 2001
From: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>
Date: Thu, 1 Oct 2020 14:06:35 +0900
Subject: [debsecan] meta/classes: export dpkg status file for debsecan

Although the currently exported manifest has enough
information for scanning vulnerabilities, the tool
debsecan depends on the /var/lib/dpkg/status file
format. This patch adds a feature to export such file.

All rootfs'es export the file by default and with
the same file name syntax as the manifests, except
for the file extension which is ".dpkg_status"
instead of ".manifest".

Remove the feature with:
   ROOTFS_FEATURES_remove = "export-dpkg-status"

Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>
---
  meta/classes/image.bbclass                        | 3 ++-
  meta/classes/rootfs.bbclass                       | 8 ++++++++
  meta/recipes-devtools/buildchroot/buildchroot.inc | 3 ++-
  meta/recipes-devtools/sdkchroot/sdkchroot.bb      | 3 ++-
  4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index a296cc0..8e350a3 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -63,9 +63,10 @@ image_do_mounts() {
  }

  ROOTFSDIR = "${IMAGE_ROOTFS}"
-ROOTFS_FEATURES += "clean-package-cache finalize-rootfs generate-manifest"
+ROOTFS_FEATURES += "clean-package-cache finalize-rootfs 
generate-manifest export-dpkg-status"
  ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${IMAGE_INSTALL}"
  ROOTFS_MANIFEST_DEPLOY_DIR ?= "${DEPLOY_DIR_IMAGE}"
+ROOTFS_DPKGSTATUS_DEPLOY_DIR ?= "${DEPLOY_DIR_IMAGE}"

  inherit rootfs
  inherit image-sdk-extension
diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass
index 44b78a9..5b63ae7 100644
--- a/meta/classes/rootfs.bbclass
+++ b/meta/classes/rootfs.bbclass
@@ -11,6 +11,7 @@ ROOTFS_PACKAGES ?= ""
  # available features are:
  # 'clean-package-cache' - delete package cache from rootfs
  # 'generate-manifest' - generate a package manifest of the rootfs into 
${ROOTFS_MANIFEST_DEPLOY_DIR}
+# 'export-dpkg-status' - exports /var/lib/dpkg/status file to 
${ROOTFS_DPKGSTATUS_DEPLOY_DIR}
  # 'finalize-rootfs' - delete files needed to chroot into the rootfs
  ROOTFS_FEATURES ?= ""

@@ -201,6 +202,13 @@ rootfs_generate_manifest () {
          ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".manifest
  }

+ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 
'export-dpkg-status', 'rootfs_export_dpkg_status', '', d)}"
+rootfs_export_dpkg_status() {
+    mkdir -p ${ROOTFS_DPKGSTATUS_DEPLOY_DIR}
+    cp '${ROOTFSDIR}'/var/lib/dpkg/status \
+       '${ROOTFS_DPKGSTATUS_DEPLOY_DIR}'/'${PF}'.dpkg_status
+}
+
  ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 
'finalize-rootfs', 'rootfs_postprocess_finalize', '', d)}"
  rootfs_postprocess_finalize() {
      sudo -s <<'EOSUDO'
diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc 
b/meta/recipes-devtools/buildchroot/buildchroot.inc
index 835968d..5a2befb 100644
--- a/meta/recipes-devtools/buildchroot/buildchroot.inc
+++ b/meta/recipes-devtools/buildchroot/buildchroot.inc
@@ -20,7 +20,8 @@ ROOTFSDIR = "${BUILDCHROOT_DIR}"
  ROOTFS_PACKAGES = "${BUILDCHROOT_PREINSTALL}"
  ROOTFS_CLEAN_FILES = ""
  ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_BUILDCHROOT}"
-ROOTFS_FEATURES += "generate-manifest"
+ROOTFS_DPKGSTATUS_DEPLOY_DIR = "${DEPLOY_DIR_BUILDCHROOT}"
+ROOTFS_FEATURES += "generate-manifest export-dpkg-status"

  BUILDCHROOT_COMPAT_PREINSTALL_compat-arch = " \
      libc6:${COMPAT_DISTRO_ARCH} \
diff --git a/meta/recipes-devtools/sdkchroot/sdkchroot.bb 
b/meta/recipes-devtools/sdkchroot/sdkchroot.bb
index 893b287..d7a848e 100644
--- a/meta/recipes-devtools/sdkchroot/sdkchroot.bb
+++ b/meta/recipes-devtools/sdkchroot/sdkchroot.bb
@@ -31,8 +31,9 @@ ROOTFS_ARCH = "${HOST_ARCH}"
  ROOTFS_DISTRO = "${HOST_DISTRO}"
  ROOTFSDIR = "${S}"
  ROOTFS_PACKAGES = "${SDK_PREINSTALL} ${SDK_INSTALL} ${TOOLCHAIN}"
-ROOTFS_FEATURES += "clean-package-cache generate-manifest"
+ROOTFS_FEATURES += "clean-package-cache generate-manifest 
export-dpkg-status"
  ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_SDKCHROOT}"
+ROOTFS_DPKGSTATUS_DEPLOY_DIR = "${DEPLOY_DIR_SDKCHROOT}"

  python() {
      if d.getVar("HOST_ARCH") not in ['i386', 'amd64']:
--
2.20.1


-- 
Anton Mikanovich
Promwad Ltd.
External service provider of ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn, Germany
+49 (89) 122 67 24-0
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov