[Fuego] add support for VULS
daniel.sangorrin at toshiba.co.jp
Thu Jan 11 04:28:17 UTC 2018
> -----Original Message-----
> From: Bird, Timothy [mailto:Tim.Bird at sony.com]
> Sent: Wednesday, January 03, 2018 7:54 AM
> To: Daniel Sangorrin; fuego at lists.linuxfoundation.org
> Subject: RE: [Fuego] add support for VULS
> > -----Original Message-----
> > From: Daniel Sangorrin on Monday, December 25, 2017 1:22 AM
> > Hi,
> > Please consider these patches that add support for VULS
> > in Fuego. VULS is a vulnerability scanner that supports
> > various Linux distributions.
> > [PATCH 1/2] functions: not all tests generate a log
> > [PATCH 2/2] vuls: add Fuego test for the vuls vulnerability scanner
> > Note that the second patch was originally written by Tuyen (see author).
> > I modified it to make use of the recently merged SSH_KEY
> > functionality, add a few more checks, add a chart_config.json,
> > and fix some minor issues.
> > VULS is written in GO, so I will send another patch for the
> > Fuego repository with instructions to install the dependencies.
> OK - this looks like a nice addition. There's an interesting feature
> with regard to specifying the DISTRO, which might be a useful
> variable to have in other tests. We'll wait and see if more uses
> of this show up, but if so, maybe the variable could move from
> the spec to the board file (or maybe we could bypass both of those
> and add some kind of auto-detection.)
I just sent a patch that does it. By default it uses auto-detection (it uses /etc/os-release
which is available at least in debian, centos and ubuntu as far as i know). If
/etc/os-release does not exist currently I ask the user to put the variables on
the board file. In the future we can try other ways to detect the distro but I think
this will work most of the time.
We'll update VULS to use those variables.
> I've accepted everything, and only made changes to one patch.
Thanks, your change worked fine.
> But I assume this won't work without the 'go' toolchain support.
> So, I'll push this master, but it will only work for you until that is
What do you mean exactly?
The installation of go and other dependencies is handled by the fuego script that I sent.
# I really don't like the way that go gets its dependencies from github, we should
provide some kind of local tarball in the future for the source code and its dependencies.
> I'm not going to ACK every patch. Instead, I'll ACK all of them here,
> and only respond by e-mail to the messages that I either changed
> or have issues I want to comment on.
> -- Tim
More information about the Fuego