Message ID | 20230216003023.4153138-1-saul.wold@windriver.com |
---|---|
State | New |
Headers | show |
Series | create-spdx: Add check for variable contents along with quotes | expand |
On Wed, Feb 15, 2023 at 6:31 PM Saul Wold <saul.wold@windriver.com> wrote: > > This adds a check to ensure we that if a variable is > empty it gets an empty string, this also adds quotes > to indicate the variable contents. > > "comment": "CUSTOM_SPECIAL=''" > or > "comment": "CUSTOM_SPECIAL= 'variable contents'" > > Signed-off-by: Saul Wold <saul.wold@windriver.com> > --- > meta/classes/create-spdx-2.2.bbclass | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass > index 28a42e009f6..8b18ada40a4 100644 > --- a/meta/classes/create-spdx-2.2.bbclass > +++ b/meta/classes/create-spdx-2.2.bbclass > @@ -484,7 +484,10 @@ python do_create_spdx() { > > if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"): > for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split(): > - recipe.annotations.append(create_annotation(d, var + "=" + d.getVar(var))) > + if d.getVar(var): > + recipe.annotations.append(create_annotation(d, var + "= '" + d.getVar(var) + "'")) Why the extra space after the = ? Does the variable need some escaping in case it already has a single quote in it? > + else: > + recipe.annotations.append(create_annotation(d, var + "=''")) > > # Some CVEs may be patched during the build process without incrementing the version number, > # so querying for CVEs based on the CPE id can lead to false positives. To account for this, > -- > 2.25.1 >
On 2/16/23 07:25, Joshua Watt wrote: > On Wed, Feb 15, 2023 at 6:31 PM Saul Wold <saul.wold@windriver.com> wrote: >> >> This adds a check to ensure we that if a variable is >> empty it gets an empty string, this also adds quotes >> to indicate the variable contents. >> >> "comment": "CUSTOM_SPECIAL=''" >> or >> "comment": "CUSTOM_SPECIAL= 'variable contents'" >> >> Signed-off-by: Saul Wold <saul.wold@windriver.com> >> --- >> meta/classes/create-spdx-2.2.bbclass | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass >> index 28a42e009f6..8b18ada40a4 100644 >> --- a/meta/classes/create-spdx-2.2.bbclass >> +++ b/meta/classes/create-spdx-2.2.bbclass >> @@ -484,7 +484,10 @@ python do_create_spdx() { >> >> if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"): >> for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split(): >> - recipe.annotations.append(create_annotation(d, var + "=" + d.getVar(var))) >> + if d.getVar(var): >> + recipe.annotations.append(create_annotation(d, var + "= '" + d.getVar(var) + "'")) > > Why the extra space after the = ? > Right, probably should remove that. > Does the variable need some escaping in case it already has a single > quote in it? > Was thinking about consistency with the empty case below, but I guess we need to think not just of a "stray" single quote in the string, but also a stray double quote ("). I guess we can just remove the single quotes completely for both cases. Sau! >> + else: >> + recipe.annotations.append(create_annotation(d, var + "=''")) >> >> # Some CVEs may be patched during the build process without incrementing the version number, >> # so querying for CVEs based on the CPE id can lead to false positives. To account for this, >> -- >> 2.25.1 >>
diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass index 28a42e009f6..8b18ada40a4 100644 --- a/meta/classes/create-spdx-2.2.bbclass +++ b/meta/classes/create-spdx-2.2.bbclass @@ -484,7 +484,10 @@ python do_create_spdx() { if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"): for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split(): - recipe.annotations.append(create_annotation(d, var + "=" + d.getVar(var))) + if d.getVar(var): + recipe.annotations.append(create_annotation(d, var + "= '" + d.getVar(var) + "'")) + else: + recipe.annotations.append(create_annotation(d, var + "=''")) # Some CVEs may be patched during the build process without incrementing the version number, # so querying for CVEs based on the CPE id can lead to false positives. To account for this,
This adds a check to ensure we that if a variable is empty it gets an empty string, this also adds quotes to indicate the variable contents. "comment": "CUSTOM_SPECIAL=''" or "comment": "CUSTOM_SPECIAL= 'variable contents'" Signed-off-by: Saul Wold <saul.wold@windriver.com> --- meta/classes/create-spdx-2.2.bbclass | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)