From patchwork Thu Jan 18 17:59:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sai.Sathujoda@toshiba-tsip.com X-Patchwork-Id: 13523080 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82B45C47DB3 for ; Thu, 18 Jan 2024 17:59:56 +0000 (UTC) Received: from mo-csw.securemx.jp (mo-csw.securemx.jp [210.130.202.135]) by mx.groups.io with SMTP id smtpd.web11.20770.1705600788895109867 for ; Thu, 18 Jan 2024 09:59:49 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: toshiba-tsip.com, ip: 210.130.202.135, mailfrom: sai.sathujoda@toshiba-tsip.com) Received: by mo-csw.securemx.jp (mx-mo-csw1801) id 40IHxkSY672812; Fri, 19 Jan 2024 02:59:46 +0900 X-Iguazu-Qid: 2yAaI9nTHBGfkzB1jX X-Iguazu-QSIG: v=2; s=0; t=1705600785; q=2yAaI9nTHBGfkzB1jX; m=JCLZv73fR2LukKoKBngvG4NIuQqgNXxlaKg8H2GHES4= Received: from imx2-a.toshiba.co.jp (imx2-a.toshiba.co.jp [106.186.93.35]) by relay.securemx.jp (mx-mr1803) id 40IHxjZ13638379 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 19 Jan 2024 02:59:45 +0900 From: Sai.Sathujoda@toshiba-tsip.com To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com Cc: Sai Sathujoda , dinesh.kumar@toshiba-tsip.com, kazuhiro3.hayashi@toshiba.co.jp Subject: [isar-cip-core v2 2/3] scripts/deploy-cip-core.sh: Upload dpkg-status files to gitlab CI artifacts Date: Thu, 18 Jan 2024 23:29:41 +0530 X-TSB-HOP2: ON Message-Id: <20240118175942.1052089-3-Sai.Sathujoda@toshiba-tsip.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20240118175942.1052089-1-Sai.Sathujoda@toshiba-tsip.com> References: <20240118175942.1052089-1-Sai.Sathujoda@toshiba-tsip.com> MIME-Version: 1.0 X-OriginalArrivalTime: 18 Jan 2024 17:59:41.0867 (UTC) FILETIME=[1C8FEFB0:01DA4A38] List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Jan 2024 17:59:56 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14403 From: Sai Sathujoda dpkg-status files are also uploaded along with other artifacts during deploy stage for marked targets since packages can be added or deleted from the system in the development phase which can alter the resultant cve-reports. Signed-off-by: Sai Sathujoda --- scripts/deploy-cip-core.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/deploy-cip-core.sh b/scripts/deploy-cip-core.sh index 5855acb..d018341 100755 --- a/scripts/deploy-cip-core.sh +++ b/scripts/deploy-cip-core.sh @@ -53,3 +53,15 @@ else aws s3 cp --no-progress --acl public-read build/tmp/deploy/images/*/"$DTB" "${S3_TARGET}" fi fi + +# Deploy the dpkg status file (/var/lib/dpkg/status) to AWS for the CIP CVE checker (debian-cve-checker) +# to periodically extract and report pending CVEs. +# * CI builds will override the previous dpkg status files +# * AWS S3 bucket structure +# * download.cip-project.org/cip-core/cve-checks/ +# * dpkg-status: folder to store the dpkg status files generated by the CI and released images +# * cve-reports: folder to store the cve-reports generated from the dpkg status files +# * they can be linked from the release website +DPKG_STATUS="cip-core-image-*.dpkg_status" +DPKG_STATUS_FILENAME=${CI_JOB_NAME#build:}.dpkg_status +aws s3 cp --no-progress build/tmp/deploy/images/$TARGET/$DPKG_STATUS s3://download.cip-project.org/cip-core/cve-checks/dpkg-status/$DPKG_STATUS_FILENAME