[Fuego] add support for VULS

Bird, Timothy Tim.Bird at sony.com
Thu Jan 11 19:36:53 UTC 2018



> -----Original Message-----
> From: Daniel Sangorrin 
> > -----Original Message-----
> > From: Bird, Timothy on  Wednesday, January 03, 2018 7:54 AM
> > To: Daniel Sangorrin; fuego at lists.linuxfoundation.org
> > > -----Original Message-----
> > > From:  Daniel Sangorrin on Monday, December 25, 2017 1:22 AM
> > > Hi,
> > >
> > > Please consider these patches that add support for VULS
> > > in Fuego. VULS is a vulnerability scanner that supports
> > > various Linux distributions.
> > >
> > > [PATCH 1/2] functions: not all tests generate a log
> > > [PATCH 2/2] vuls: add Fuego test for the vuls vulnerability scanner
> > >
> > > Note that the second patch was originally written by Tuyen (see author).
> > > I modified it to make use of the recently merged SSH_KEY
> > > functionality, add a few more checks, add a chart_config.json,
> > > and fix some minor issues.
> > >
> > > VULS is written in GO, so I will send another patch for the
> > > Fuego repository with instructions to install the dependencies.
> >
> > OK - this looks like a nice addition.  There's an interesting feature
> > with regard to specifying the DISTRO, which might be a useful
> > variable to have in other tests.  We'll wait and see if more uses
> > of this show up, but if so, maybe the variable could move from
> > the spec to the board file (or maybe we could bypass both of those
> > and add some kind of auto-detection.)
> 
> I just sent a patch that does it. By default it uses auto-detection (it uses
> /etc/os-release
> which is available at least in debian, centos and ubuntu as far as i know). If
> /etc/os-release does not exist currently I ask the user to put the variables on
> the board file. In the future we can try other ways to detect the distro but I
> think
> this will work most of the time.
> 
> We'll update VULS to use those variables.

OK - sounds good.

> 
> > I've accepted everything, and only made changes to one patch.
> 
> Thanks, your change worked fine.
> 
> > But I assume this won't work without the 'go' toolchain support.
> > So, I'll push this master, but it will only work for you until that is
> > provided.
> 
> What do you mean exactly?
> The installation of go and other dependencies is handled by the fuego script
> that I sent.
> # I really don't like the way that go gets its dependencies from github, we
> should
> provide some kind of local tarball in the future for the source code and its
> dependencies.
Ignore this feedback.  I missed the other patch until after I wrote and sent this.

Thanks.
 -- Tim



More information about the Fuego mailing list