[Fuego] add support for VULS

Daniel Sangorrin daniel.sangorrin at toshiba.co.jp
Thu Jan 11 04:28:17 UTC 2018


Hi Tim,

> -----Original Message-----
> From: Bird, Timothy [mailto:Tim.Bird at sony.com]
> Sent: Wednesday, January 03, 2018 7:54 AM
> To: Daniel Sangorrin; fuego at lists.linuxfoundation.org
> Subject: RE: [Fuego] add support for VULS
> 
> 
> 
> > -----Original Message-----
> > From:  Daniel Sangorrin on Monday, December 25, 2017 1:22 AM
> > Hi,
> >
> > Please consider these patches that add support for VULS
> > in Fuego. VULS is a vulnerability scanner that supports
> > various Linux distributions.
> >
> > [PATCH 1/2] functions: not all tests generate a log
> > [PATCH 2/2] vuls: add Fuego test for the vuls vulnerability scanner
> >
> > Note that the second patch was originally written by Tuyen (see author).
> > I modified it to make use of the recently merged SSH_KEY
> > functionality, add a few more checks, add a chart_config.json,
> > and fix some minor issues.
> >
> > VULS is written in GO, so I will send another patch for the
> > Fuego repository with instructions to install the dependencies.
> 
> OK - this looks like a nice addition.  There's an interesting feature
> with regard to specifying the DISTRO, which might be a useful
> variable to have in other tests.  We'll wait and see if more uses
> of this show up, but if so, maybe the variable could move from
> the spec to the board file (or maybe we could bypass both of those
> and add some kind of auto-detection.)

I just sent a patch that does it. By default it uses auto-detection (it uses /etc/os-release
which is available at least in debian, centos and ubuntu as far as i know). If
/etc/os-release does not exist currently I ask the user to put the variables on
the board file. In the future we can try other ways to detect the distro but I think
this will work most of the time.

We'll update VULS to use those variables.
 
> I've accepted everything, and only made changes to one patch.

Thanks, your change worked fine.

> But I assume this won't work without the 'go' toolchain support.
> So, I'll push this master, but it will only work for you until that is
> provided.

What do you mean exactly?
The installation of go and other dependencies is handled by the fuego script that I sent.
# I really don't like the way that go gets its dependencies from github, we should 
provide some kind of local tarball in the future for the source code and its dependencies.

> I'm not going to ACK every patch.  Instead, I'll ACK all of them here,
> and only respond by e-mail to the messages that I either changed
> or have issues I want to comment on.
> 
> Thanks!
>  -- Tim

Thanks,
Daniel




More information about the Fuego mailing list