<!-- Managed by Jenkins Job Builder --> Schneider OpenEmbedded (warrior 4.19) RFS 30 30 -1 1 false hudson.model.Item.Build:ralph.siemsen@linaro.org hudson.model.Item.Build:ryan.harkin@linaro.org hudson.model.Item.Build:schneider-linaro-git@linaro.org hudson.model.Item.Cancel:ralph.siemsen@linaro.org hudson.model.Item.Cancel:ryan.harkin@linaro.org hudson.model.Item.Cancel:schneider-linaro-git@linaro.org hudson.model.Item.ExtendedRead:anonymous hudson.model.Item.ExtendedRead:ralph.siemsen@linaro.org hudson.model.Item.ExtendedRead:ryan.harkin@linaro.org hudson.model.Item.ExtendedRead:schneider-linaro-git@linaro.org hudson.model.Item.Read:anonymous hudson.model.Item.Read:ralph.siemsen@linaro.org hudson.model.Item.Read:ryan.harkin@linaro.org hudson.model.Item.Read:schneider-linaro-git@linaro.org hudson.model.Item.Workspace:anonymous IMAGES dip-image dip-image-dev dip-image-edge false SUBMODULES all false IMAGES_RPB false IMAGES_RPB_WAYLAND false DISTRO_URL_BASE ssh://git@dev-private-git.linaro.org/schneider false DISTRO_DIR DIP-Yocto-Linux-Distro false MANIFEST_BRANCH linaro-warrior false BASE_URL https://snapshots.linaro.org/ false LAVA_SERVER https://validation.linaro.org/RPC2/ false STAGING_LAVA_SERVER https://staging.validation.linaro.org/RPC2/ false QA_SERVER https://qa-reports.linaro.org false QA_SERVER_TEAM schneider false QA_SERVER_PROJECT warrior-4.19 false AUTH_GROUPS linaro, sse-team, schneider-team, schneider-linaro-git false KERNEL_VERSION 4.19 false TEST_LEVEL normal false master false false false false false MACHINE rzn1d soca9 DISTRO dip label docker-stretch-amd64 #!/bin/bash echo "PUB_DEST=openembedded/schneider/${MANIFEST_BRANCH}-${KERNEL_VERSION}/${MACHINE}/${BUILD_NUMBER}/${DISTRO}" > pub_dest_parameters pub_dest_parameters #!/bin/bash set -e # workaround EDK2 is confused by the long path used during the build # and truncate files name expected by VfrCompile sudo mkdir -p /srv/oe sudo chown buildslave:buildslave /srv/oe cd /srv/oe trap cleanup_exit INT TERM EXIT cleanup_exit() { echo "Running cleanup_exit..." } if ! sudo DEBIAN_FRONTEND=noninteractive apt-get -q=2 update; then echo "INFO: apt update error - try again in a moment" sleep 15 sudo DEBIAN_FRONTEND=noninteractive apt-get -q=2 update || true fi pkg_list="python-pip android-tools-fsutils chrpath cpio diffstat gawk libmagickwand-dev libmath-prime-util-perl libsdl1.2-dev libssl-dev python-requests texinfo vim-tiny whiptail" if ! sudo DEBIAN_FRONTEND=noninteractive apt-get -q=2 install -y ${pkg_list}; then echo "INFO: apt install error - try again in a moment" sleep 15 sudo DEBIAN_FRONTEND=noninteractive apt-get -q=2 install -y ${pkg_list} fi # Install ruamel.yaml pip install --user --force-reinstall ruamel.yaml set -ex #DEL mkdir -p ${HOME}/bin #DEL curl https://storage.googleapis.com/git-repo-downloads/repo > ${HOME}/bin/repo #DEL chmod a+x ${HOME}/bin/repo #DEL export PATH=${HOME}/bin:${PATH} # initialize repo if not done already if [ ! -e ".repo/manifest.xml" ]; then #DEL repo init -u ${MANIFEST_URL} -b ${MANIFEST_BRANCH_PREFIX}${MANIFEST_BRANCH} # link to shared downloads on persistent disk # our builds config is expecting downloads and sstate-cache, here. # DL_DIR = "${OEROOT}/sources/downloads" # SSTATE_DIR = "${OEROOT}/build/sstate-cache" sstatecache=${HOME}/srv/oe/sstate-cache-${DISTRO}-${MACHINE}-${MANIFEST_BRANCH}-${KERNEL_VERSION} mkdir -p ${HOME}/srv/oe/downloads ${sstatecache} #DEL mkdir -p build #DEL ln -s ${HOME}/srv/oe/downloads #DEL ln -s ${HOME}/srv/oe/sstate-cache-${DISTRO}-${MANIFEST_BRANCH} sstate-cache fi #DEL if [ "${ghprbPullId}" ]; then #DEL echo "Applying Github pull-request #${ghprbPullId} from ${ghprbGhRepository}" #DEL sed -i -e "s|name=\"${ghprbGhRepository}\"|name=\"${ghprbGhRepository}\" revision=\"refs/pull/${ghprbPullId}/head\"|" .repo/manifest.xml #DEL fi #DEL repo sync #DEL cp .repo/manifest.xml source-manifest.xml #DEL repo manifest -r -o pinned-manifest.xml #DEL MANIFEST_COMMIT=$(cd .repo/manifests && git rev-parse --short HEAD) #DEL record changes since last build, if available #DEL if wget -q ${BASE_URL}${PUB_DEST/\/${BUILD_NUMBER}\//\/latest\/}/pinned-manifest.xml -O pinned-manifest-latest.xml; then #DEL repo diffmanifests ${PWD}/pinned-manifest-latest.xml ${PWD}/pinned-manifest.xml > manifest-changes.txt #DEL else #DEL echo "latest build published does not have pinned-manifest.xml, skipping diff report" #DEL fi #DEL if [ -n "$GERRIT_PROJECT" ] && [ $GERRIT_EVENT_TYPE == "patchset-created" ]; then #DEL GERRIT_URL="http://${GERRIT_HOST}/${GERRIT_PROJECT}" #DEL cd `grep -rni $GERRIT_PROJECT\" .repo/manifest.xml | grep -Po 'path="\K[^"]*'` #DEL if git pull ${GERRIT_URL} ${GERRIT_REFSPEC} | grep -q "Automatic merge failed"; then #DEL git reset --hard #DEL echo "Error: *** Error patch merge failed" #DEL exit 1 #DEL fi #DEL cd - #DEL fi git clone ${DISTRO_URL_BASE}/${DISTRO_DIR} -b ${MANIFEST_BRANCH} cd ${DISTRO_DIR} git log -1 git submodule init git submodule update # the setup-environment will create auto.conf and site.conf # make sure we get rid of old config. # let's remove the previous TMPDIR as well. # we want to preserve build/buildhistory though. #DEL rm -rf conf build/conf build/tmp/ # Accept EULA if/when needed #DEL export EULA_dragonboard410c=1 #DEL export EULA_stih410b2260=1 #DEL source setup-environment build # Set the machine to the value expected by the Yocto environment # We set it back again later machine_orig=${MACHINE} case "${MACHINE}" in *rzn1*) MACHINE=rzn1-snarc ;; *soca9*) MACHINE=snarc-soca9 ;; esac # SUBMODULES is set to: # none no update # '' update default set in setup-env... # all tell setup-env... to update all submodules # '<something>' pass the variable to submodule update if [[ ${MANIFEST_BRANCH} == linaro-* ]]; then if [[ "${SUBMODULES}" != "none" ]]; then ./setup-environment -s build-${machine_orig}/ fi fi source ./setup-environment build-${machine_orig}/ ln -s ${HOME}/srv/oe/downloads ln -s ${sstatecache} sstate-cache # Add job BUILD_NUMBER to output files names cat << EOF >> conf/auto.conf IMAGE_NAME_append = "-${BUILD_NUMBER}" KERNEL_IMAGE_BASE_NAME_append = "-${BUILD_NUMBER}" MODULE_IMAGE_BASE_NAME_append = "-${BUILD_NUMBER}" DT_IMAGE_BASE_NAME_append = "-${BUILD_NUMBER}" BOOT_IMAGE_BASE_NAME_append = "-${BUILD_NUMBER}" EOF # get build stats to make sure that we use sstate properly cat << EOF >> conf/auto.conf INHERIT += "buildstats buildstats-summary" EOF # allow the top level job to append to auto.conf if [ -f ${WORKSPACE}/auto.conf ]; then cat ${WORKSPACE}/auto.conf >> conf/auto.conf fi # add useful debug info cat conf/auto.conf [ "${DISTRO}" = "rpb" ] && IMAGES+=" ${IMAGES_RPB}" [ "${DISTRO}" = "rpb-wayland" ] && IMAGES+=" ${IMAGES_RPB_WAYLAND}" # These machines only build the basic rpb-console-image case "${MACHINE}" in am57xx-evm|intel-core2-32|intel-corei7-64) IMAGES="rpb-console-image" ;; *rzn1*) # Temporary sstate cleanup to force binaries to be re-generated each time set +e clean_packages="\ base-files \ fsbl \ optee-os \ optee-test \ u-boot-rzn1 \ u-boot-rzn1-spkg \ linux-rzn1 \ mbedtls \ " set -e ;; *soca9*) clean_packages="\ base-files \ u-boot-socfpga \ linux-socfpga \ " IMAGES="$(echo $IMAGES | sed -e 's/dip-image-edge//')" ;; esac postfile=$(mktemp /tmp/postfile.XXXXX.conf) echo PREFERRED_VERSION_linux-rzn1 = \"${KERNEL_VERSION}.%\" > ${postfile} echo PREFERRED_VERSION_linux-socfpga = \"${KERNEL_VERSION}.%\" >> ${postfile} cat ${postfile} bbopt="-R ${postfile}" #if [ "${clean_packages}" != "" ]; then # bitbake ${bbopt} -c cleansstate ${clean_packages} # bitbake ${bbopt} ${clean_packages} #fi #time bitbake ${bbopt} ${IMAGES} #time bitbake ${bbopt} dip-sdk # Generate "pn-buildlist" which names all targets time bitbake ${bbopt} -g ${IMAGES} # Update NVD data for each of those targets time bitbake ${bbopt} -c cve_check `cat pn-buildlist` # combine all the cve.log into one single file... sorted alphabetically by package find -name cve.log | sort | xargs cat > cve-${MACHINE}.new # Fetch previous CVE report LATEST_DEST=$(echo $PUB_DEST | sed -e "s#/$BUILD_NUMBER/#/latest/#") wget -nv -O cve-${MACHINE}.old ${BASE_URL}/${LATEST_DEST}/dip-image-${MACHINE}.rootfs.cve # Do diffs between old and current CVE report. wget -nv -O diff-cve https://git.linaro.org/ci/job/configs.git/plain/schneider-openembedded/diff-cve gawk -f diff-cve cve-${MACHINE}.old cve-${MACHINE}.new | tee ${WORKSPACE}/cve-${MACHINE}.txt # Same thing, but against arbitrary (but fixed) baseline case "${MACHINE}" in *rzn1*) wget -nv -O cve-${MACHINE}.base https://releases.linaro.org/members/schneider/openembedded/2019.09-warrior.2/rzn1d-4.19/dip-image-rzn1-snarc-linaro-rel-2019.09-warrior.2-internal-70.rootfs.cve ;; *soca9*) wget -nv -O cve-${MACHINE}.base https://releases.linaro.org/members/schneider/openembedded/2019.09-warrior.2/soca9-4.19/dip-image-snarc-soca9-linaro-rel-2019.09-warrior.2-internal-70.rootfs.cve ;; esac gawk -f diff-cve cve-${MACHINE}.base cve-${MACHINE}.new > ${WORKSPACE}/base-cve-${MACHINE}.txt exit 0 ################## ### SKIP THE REST! ################## DEPLOY_DIR_IMAGE=$(bitbake -e | grep "^DEPLOY_DIR_IMAGE="| cut -d'=' -f2 | tr -d '"') DEPLOY_DIR_SDK=$(bitbake -e | grep "^DEPLOY_DIR="| cut -d'=' -f2 | tr -d '"')/sdk cp -aR ${DEPLOY_DIR_SDK} ${DEPLOY_DIR_IMAGE} ls -al ${DEPLOY_DIR_IMAGE}/* # Prepare files to publish rm -f ${DEPLOY_DIR_IMAGE}/*.txt find ${DEPLOY_DIR_IMAGE} -type l -delete #DEL mv /srv/oe/{source,pinned}-manifest.xml ${DEPLOY_DIR_IMAGE} #DEL cat ${DEPLOY_DIR_IMAGE}/pinned-manifest.xml # Generate CVE listing with a fixed filename, so it can be retrieved # from snapshots.linaro.org by subsequent builds using a known URL. cp ${DEPLOY_DIR_IMAGE}/dip-image-${MACHINE}-*.rootfs.cve ${DEPLOY_DIR_IMAGE}/dip-image-${MACHINE}.rootfs.cve # FIXME: IMAGE_FSTYPES_remove doesn't work rm -f ${DEPLOY_DIR_IMAGE}/*.rootfs.ext4 \ ${DEPLOY_DIR_IMAGE}/*.rootfs.iso \ ${DEPLOY_DIR_IMAGE}/*.iso \ ${DEPLOY_DIR_IMAGE}/*.jffs* \ ${DEPLOY_DIR_IMAGE}/*.cpio.gz \ ${DEPLOY_DIR_IMAGE}/*.squashfs-lzo \ ${DEPLOY_DIR_IMAGE}/*.stimg # FIXME: Sparse images here, until it gets done by OE case "${MACHINE}" in *rzn1*) pushd ${DEPLOY_DIR_IMAGE} rm -f uImage* popd ;; *soca9*) # re-create the SoCA9 DTB with a shorter filename pushd ${DEPLOY_DIR_IMAGE} mv zImage-*soca9*_bestla_512m*.dtb zImage-soca9_qspi_micronN25Q_bestla_512m.dtb || true mv zImage-*soca9*.dtb zImage-soca9_qspi_micronN25Q_bestla_512m.dtb || true rm -f *[12]G*.dtb || true rm -f *freja*.dtb || true rm -f *socfpga_cyclone5_socdk*.dtb || true popd ;; juno|stih410-b2260|orangepi-i96) ;; *) for rootfs in $(find ${DEPLOY_DIR_IMAGE} -type f -name *.rootfs.ext4.gz); do gunzip -k ${rootfs} sudo ext2simg -v ${rootfs%.gz} ${rootfs%.ext4.gz}.img rm -f ${rootfs%.gz} gzip -9 ${rootfs%.ext4.gz}.img done ;; esac ls -al ${DEPLOY_DIR_IMAGE}/* # Create MD5SUMS file find ${DEPLOY_DIR_IMAGE} -type f | xargs md5sum > MD5SUMS.txt sed -i "s|${DEPLOY_DIR_IMAGE}/||" MD5SUMS.txt mv MD5SUMS.txt ${DEPLOY_DIR_IMAGE} # Build information cat > ${DEPLOY_DIR_IMAGE}/HEADER.textile << EOF h4. Reference Platform Build - CE OpenEmbedded Build description: * Build URL: "$BUILD_URL":$BUILD_URL * Manifest URL: "${MANIFEST_URL}":${MANIFEST_URL} * Manifest branch: ${MANIFEST_BRANCH_PREFIX}${MANIFEST_BRANCH} * Manifest commit: "${MANIFEST_COMMIT}":${MANIFEST_URL/.git/\/commit}/${MANIFEST_COMMIT} EOF if [ -e "/srv/oe/manifest-changes.txt" ]; then # the space after pre.. tag is on purpose cat > ${DEPLOY_DIR_IMAGE}/README.textile << EOF h4. Manifest changes pre.. EOF cat /srv/oe/manifest-changes.txt >> ${DEPLOY_DIR_IMAGE}/README.textile mv /srv/oe/manifest-changes.txt ${DEPLOY_DIR_IMAGE} fi # Need different files for each machine ROOTFS_EXT4_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "rpb-console-image-test-*rzn1*-*-${BUILD_NUMBER}.rootfs.ext4.gz" | xargs -r basename) ROOTFS_TARXZ_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "rpb-console-image-test-*rzn1*-*-${BUILD_NUMBER}.rootfs.tar.xz" | xargs -r basename) ROOTFS_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "rpb-console-image-test-*rzn1*-*-${BUILD_NUMBER}.rootfs.img.gz" | xargs -r basename) ROOTFS_DESKTOP_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "rpb-desktop-image-test-*rzn1*-*-${BUILD_NUMBER}.rootfs.img.gz" | xargs -r basename) KERNEL_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "zImage-*-*rzn1*-*-${BUILD_NUMBER}.bin" | xargs -r basename) case "${MACHINE}" in am57xx-evm) # LAVA image is too big for am57xx-evm ROOTFS_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "rpb-console-image-${MACHINE}-*-${BUILD_NUMBER}.rootfs.img.gz" | xargs -r basename) # FIXME: several dtb files case ;; intel-core2-32|intel-corei7-64) # No LAVA testing on intel-core* machines ROOTFS_TARXZ_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "rpb-console-image-${MACHINE}-*-${BUILD_NUMBER}.rootfs.tar.xz" | xargs -r basename) ;; juno) # FIXME: several dtb files case ;; *rzn1*) ROOTFS_TAR_BZ2=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-rzn1*-*-${BUILD_NUMBER}.rootfs.tar.bz2" | xargs -r basename) ROOTFS_DEV_TAR_BZ2=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-dev-rzn1*-*-${BUILD_NUMBER}.rootfs.tar.bz2" | xargs -r basename) ROOTFS_EDGE_TAR_BZ2=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-edge-rzn1*-*-${BUILD_NUMBER}.rootfs.tar.bz2" | xargs -r basename) WIC_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-rzn1*-${BUILD_NUMBER}.rootfs.wic.bz2" | xargs -r basename) WIC_BMAP=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-rzn1*-${BUILD_NUMBER}.rootfs.wic.bmap" | xargs -r basename) WIC_DEV_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-dev-rzn1*-${BUILD_NUMBER}.rootfs.wic.bz2" | xargs -r basename) WIC_DEV_BMAP=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-dev-rzn1*-${BUILD_NUMBER}.rootfs.wic.bmap" | xargs -r basename) WIC_EDGE_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-edge-rzn1*-${BUILD_NUMBER}.rootfs.wic.bz2" | xargs -r basename) WIC_EDGE_BMAP=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-edge-rzn1*-${BUILD_NUMBER}.rootfs.wic.bmap" | xargs -r basename) UBI_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-rzn1-snarc-*-${BUILD_NUMBER}.rootfs.ubi" | xargs -r basename) UBI_DEV_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-dev-rzn1-snarc-*-${BUILD_NUMBER}.rootfs.ubi" | xargs -r basename) UBI_EDGE_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-edge-rzn1-snarc-*-${BUILD_NUMBER}.rootfs.ubi" | xargs -r basename) DTB_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "*rzn1*bestla*.dtb" | xargs -r basename) KERNEL_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "zImage--*rzn1*.bin" | xargs -r basename) KERNEL_FIT_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "fitImage*.itb" | xargs -r basename) UBOOT_FIT_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "ubootfitImage*.itb" | xargs -r basename) OPTEE_FIT_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "optee-os*.itb" | xargs -r basename) FSBL_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "rzn1d-snarc-fsbl-fip*.spkg" | xargs -r basename) ;; *soca9*) ROOTFS_TAR_BZ2=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-snarc-soca9-*-${BUILD_NUMBER}.rootfs.tar.bz2" | xargs -r basename) ROOTFS_DEV_TAR_BZ2=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-dev-snarc-soca9*-${BUILD_NUMBER}.rootfs.tar.bz2" | xargs -r basename) WIC_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-snarc-soca9-*-${BUILD_NUMBER}.rootfs.wic.bz2" | xargs -r basename) WIC_BMAP=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-snarc-soca9-*-${BUILD_NUMBER}.rootfs.wic.bmap" | xargs -r basename) WIC_DEV_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-dev-snarc-soca9-*-${BUILD_NUMBER}.rootfs.wic.bz2" | xargs -r basename) WIC_DEV_BMAP=$(find ${DEPLOY_DIR_IMAGE} -type f -name "dip-image-dev-snarc-soca9-*-${BUILD_NUMBER}.rootfs.wic.bmap" | xargs -r basename) DTB_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "*soca9*_qspi_micronN25Q_bestla_512m.dtb" | xargs -r basename) KERNEL_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "zImage--*soca9*.bin" | xargs -r basename) ;; *) DTB_IMG=$(find ${DEPLOY_DIR_IMAGE} -type f -name "*-${MACHINE}-*-${BUILD_NUMBER}.dtb" | xargs -r basename) ;; esac # Set MACHINE back to the origin value MACHINE=${machine_orig} # Note: the main job script allows to override the default value for # BASE_URL and PUB_DEST, typically used for OE RPB builds cat << EOF > ${WORKSPACE}/post_build_lava_parameters DEPLOY_DIR_IMAGE=${DEPLOY_DIR_IMAGE} MANIFEST_COMMIT=${BUILD_NUMBER} ROOTFS_BUILD_URL=${BASE_URL}${PUB_DEST}/${ROOTFS_EXT4_IMG} ROOTFS_SPARSE_BUILD_URL=${BASE_URL}${PUB_DEST}/${ROOTFS_IMG} ROOTFS_DESKTOP_SPARSE_BUILD_URL=${BASE_URL}${PUB_DEST}/${ROOTFS_DESKTOP_IMG} SYSTEM_URL=${BASE_URL}${PUB_DEST}/${ROOTFS_EXT4_IMG} OPTEE_ITB_URL=${BASE_URL}${PUB_DEST}/optee/${OPTEE_FIT_IMG} FSBL_URL=${BASE_URL}${PUB_DEST}/${FSBL_IMG} UBOOT_ITB_URL=${BASE_URL}${PUB_DEST}/${UBOOT_FIT_IMG} KERNEL_FIT_URL=${BASE_URL}${PUB_DEST}/${KERNEL_FIT_IMG} KERNEL_ZIMAGE_URL=${BASE_URL}${PUB_DEST}/${KERNEL_IMG} WIC_IMAGE_URL=${BASE_URL}${PUB_DEST}/${WIC_IMG} WIC_BMAP_URL=${BASE_URL}${PUB_DEST}/${WIC_BMAP} WIC_DEV_IMAGE_URL=${BASE_URL}${PUB_DEST}/${WIC_DEV_IMG} WIC_DEV_BMAP_URL=${BASE_URL}${PUB_DEST}/${WIC_DEV_BMAP} WIC_EDGE_IMAGE_URL=${BASE_URL}${PUB_DEST}/${WIC_EDGE_IMG} WIC_EDGE_BMAP_URL=${BASE_URL}${PUB_DEST}/${WIC_EDGE_BMAP} UBI_IMAGE_URL=${BASE_URL}${PUB_DEST}/${UBI_IMG} UBI_DEV_IMAGE_URL=${BASE_URL}${PUB_DEST}/${UBI_DEV_IMG} UBI_EDGE_IMAGE_URL=${BASE_URL}${PUB_DEST}/${UBI_EDGE_IMG} DTB_URL=${BASE_URL}${PUB_DEST}/${DTB_IMG} NFSROOTFS_URL=${BASE_URL}${PUB_DEST}/${ROOTFS_TAR_BZ2} NFSROOTFS_DEV_URL=${BASE_URL}${PUB_DEST}/${ROOTFS_DEV_TAR_BZ2} NFSROOTFS_EDGE_URL=${BASE_URL}${PUB_DEST}/${ROOTFS_EDGE_TAR_BZ2} RECOVERY_IMAGE_URL=${BASE_URL}${PUB_DEST}/juno-oe-uboot.zip LXC_ROOTFS_IMG=$(basename ${ROOTFS_IMG} .gz) DEVICE_TYPE=${MACHINE} EOF cve-*.txt, base-cve-*.txt false false false true true true SUCCESS NOT_BUILT ABORTED FAILURE UNSTABLE MASTER BOTH #!/bin/sh # # Combine CVE reports for rzn1 and soca9 # set -e # # Did the build succeed? Check for logfiles: # axis-MACHINE: rzn1d, soca9 # files: cve-rzn1-snarc.txt, cve-snarc-soca9.txt # if ! test \ -e $JENKINS_HOME/jobs/$JOB_NAME/configurations/axis-DISTRO/dip/axis-MACHINE/rzn1d/axis-label/docker-stretch-amd64/builds/$BUILD_NUMBER/archive/cve-rzn1-snarc.txt -a \ -e $JENKINS_HOME/jobs/$JOB_NAME/configurations/axis-DISTRO/dip/axis-MACHINE/soca9/axis-label/docker-stretch-amd64/builds/$BUILD_NUMBER/archive/cve-snarc-soca9.txt then echo '<h1>Build failed, no CVE check done</h1>' > cve.html echo 'Build failed, no CVE check done' > cve.sum exit fi # # Combine the reports using sort/uniq. # Note the wildcard for MACHINE (rzn1/soca9). # ARCHIVE="$JENKINS_HOME/jobs/$JOB_NAME/configurations/axis-DISTRO/dip/axis-MACHINE/*/axis-label/docker-stretch-amd64/builds/$BUILD_NUMBER/archive" sort -uV $ARCHIVE/cve-*.txt > cve.txt sort -uV $ARCHIVE/base-cve-*.txt > base-cve.txt # # Detailed report in HTML format. Will be attached to email. # Perl helper converts tab-delimited text to nested <ul> elements. # htmlify() { perl -F'\t' -lane ' my ($type, $cve, $pkg, $url, @rest) = @F; sub list { return @_ ? join("", "<ul>\n", map("<li>$_</li>\n", @_), "</ul>") : "" }; push @{$line{$type}}, ("<a href=\"$url\">$cve</a> $pkg" . list(@rest)); END { foreach (reverse sort keys %line) { print "<b>$_ CVEs</b>", list(@{$line{$_}}) if @{$line{$_}} }}' $1 } ( echo "<h1>CVE changes</h1>" echo "<p>Submodule update strategy: <code>$SUBMODULES</code>.</p>" echo "<h2>Since last build</h2>" htmlify cve.txt echo "<h2>Since baseline</h2>" htmlify base-cve.txt ) > cve.html # # Summary report in plain text, gets embedded in the email. # This just prints a count of each type of CVE. # summary() { # local NEW=`grep -c ^NEW $1` local CHANGED=`grep -c ^CHANGED $1` local FIXED=`grep -c ^FIXED $1` printf "%2d NEW, %2d CHANGED, %2d FIXED\n" $NEW $CHANGED $FIXED } ( echo -n " - since last build: " summary cve.txt echo -n " - since baseline: " summary base-cve.txt echo " - submodule update strategy was $SUBMODULES" echo " - see attached report for details" ) > cve.sum # Clean up rm -f cve.txt base-cve.txt false false 0 false ralph.siemsen@linaro.org $PROJECT_DEFAULT_SUBJECT $PROJECT_DEFAULT_CONTENT false false default $DEFAULT_SUBJECT $DEFAULT_CONTENT CVE summary: ${FILE,path="cve.sum"} cve.html false false $DEFAULT_REPLYTO false false ONLY_PARENT 768c1ba1-6052-4b97-a531-7e4fabda6979 false QA_REPORTS_TOKEN QA_REPORTS_TOKEN false