in freertos builds .cve, .manifest and .testdata.json files are not created and are just broken links-to-self

Value

in freertos builds .cve, .manifest and .testdata.json files are not created and are just broken links-to-self

so our compliance pipelines are not able to collect and parse build metadata

Acceptance Criteria

FreeRTOS builds should generate .cve, .manifest and .testdata.json files and not links-to-self

Applicable Personas

• Software Quality Auditor
• License Compliance Auditor

assigned to @tony3oo3

added teamsecurity label

added IssueBug label

I assume this is because of missing CVE_PRODUCT in meta-freertos, as the v5.json file isn't empty. Investigation in progress

added Doing label

added to epic &125

I think the problem is that in CI IMAGE_NAME and IMAGE_LINK_NAME are the same so creating a symlink is pointless but to test the changes I made it would be very useful to replicate your environment, could you please help?

changed iteration to Oniro Core Iterations May 1, 2022 - May 31, 2022

changed milestone to %goofy alpha

Ciao Davide, nice to meet you! This is what I'm currently doing.

Basically, I'm just using the docker image used in build pipelines (registry.ostc-eu.org/ostc/oniro/bitbake-builder:latest) and adding to local.conf the following parameters (they should be the same parameters used in build pipelines):

CONNECTIVITY_CHECK_URIS = "https://example.net/"
IMAGE_VERSION_SUFFIX = ""
CVE_CHECK_DB_DIR = "${TMPDIR}/CVE_CHECK/"
INHERIT += "cve-check"
USER_CLASSES += "buildstats buildstats-summary"
BB_GENERATE_MIRROR_TARBALLS = "1"
INHERIT += "rm_work"

I confirm that the issue is caused by the fact that in CI IMAGE_NAME == IMAGE_LINK_NAME. To solve the issue I need to send couple of patches to oe-core so it could take long until we get them in Oniro. I will create a MR to fix the .cve link other than sending the patch. Further investigation shall be done to understand why we have this problem in the first place.

marked this issue as related to #540 (closed)

marked this issue as related to #541 (closed)

@alpianon can you test if the issue is still present now that all the upstream patches have been finally backported?

@tony3oo3 almost fixed, but there is still a broken link-to-self for the manifest (which is what breaks things on our side, since our software composition tool looks for .manifest files to parse)

changed iteration to Oniro Core Iterations Jun 1, 2022 - Jun 30, 2022

changed epic to &126

marked this issue as related to #614 (closed)

added SeverityNormal label

marked this issue as related to #633 (closed)

removed the relation with #633 (closed)

added ValidationReady label

marked this issue as related to #633 (closed)

@lucafavaretto @tony3oo3 I re-tested it now, and I can confirm that also the last problem (link-to-self for the manifest) is solved:

Now there is an empty manifest file and I don't know if this is expected/intended; anyway, for us it's not a bug any more

closed

added ValidationPassed label and removed ValidationReady label

removed Doing label

changed milestone to %goofy beta