[bbclass] Add support for new backend features

* Add ability to override the manifest and report name.

  This adds a new configuration variable 'VIGILES_MANIFEST_NAME' (default:
  the value of 'IMAGE_BASENAME') that is used to set the file names
  for the Vigiles Manifest and CVE Check Report.

  This can be set to a custom value in local.conf, e.g.:

  VIGILES_MANIFEST_NAME = "Custom-Build-Name"

  .. which would result in the files:

  ./vigiles
  ├── Custom-Build-Name
  ├── Custom-Build-Name-cve.json -> Custom-Build-Name/Custom-Build-Name-2020-11-25_20.28.09-cve.json
  └── Custom-Build-Name-report.txt -> Custom-Build-Name/Custom-Build-Name-2020-11-25_20.28.09-report.txt

* Allow environment overrides of LinuxLink credentials

  This adds support for forwarding Vigiles / LinuxLink credentials that have
  been overriden in the user's environment to the CheckCVEs script.

  No change in behavior is required by users, but they may now optionally set
  VIGILES_KEY_FILE and VIGILES_DASHBOARD_CONFIG in their shell environment to
  override the values that are set in local.conf for a build.

  This is intended to allow developers to share a common local.conf for a board,
  with default credentials for e.g. an official build server, but use their own
  private/local credentials without having to manually modify the board config
  for each build.

  The variables may be set either before OR after the BitBake build environment
  have been set (i.e. running '. sources/poky/oe-init-build-env').

  In addition -- for testing only -- this also adds the ability to override the
  location of the LinuxLink server from the environment.

* Add support to only upload the Manifest without waiting for CVE Report

  This adds a new boolean variable VIGILES_UPLOAD_ONLY that can be set to e.g.
  '1' or 'True' to enable this behavior. This can speed up build times and
  ease reporting of automated bulk builds.

  Instead of a text report and a link to the online report, a link to the
  Vigiles Dashboard Product Workspace (as specified with
  VIGILES_DASHBOARD_CONFIG) will be displayed.

  Note that the CVE Check will still be run in the background and an
  online report should be immediately available via the displayed link.

README.md

@@ -218,6 +218,34 @@ It's important to include this file with any support request.
 Advanced Usage
 ==============
 
+### Custom Manifest and Report Names
+
+By default, the Vigiles Manifest and CVE Report files are named after the base
+image that is built (from the Yocto variable "IMAGE_BASENAME"). This can be
+overridden with by setting the configuration variable "VIGILES_MANIFEST_NAME" in _conf/local.conf_:
+
+```
+VIGILES_MANIFEST_NAME = "Custom-Build-Name"
+```
+
+Instead of e.g.
+
+```
+./vigiles
+├── core-image-minimal/
+├── core-image-minimal-cve.json
+└── core-image-minimal-report.txt
+```
+
+.. this will be the result:
+
+```
+./vigiles
+├── Custom-Build-Name/
+├── Custom-Build-Name-cve.json -> Custom-Build-Name/Custom-Build-Name-2020-11-25_20.28.09-cve.json
+└── Custom-Build-Name-report.txt -> Custom-Build-Name/Custom-Build-Name-2020-11-25_20.28.09-report.txt
+```
+
 
 ### Vigiles Whitelist
 
@@ -266,10 +294,20 @@ To use an alternate key, or a key in a non-default location, you can specify the
 VIGILES_KEY_FILE = "/tools/timesys/linuxlink_key"
 ```
 
+If set, this option can be overridden on the command line by setting the
+environment variable VIGILES_KEY_FILE to the location of an alternate Key
+File. This feature can be used by developers to use a personal/local key
+without having to change a shared local.conf for a board.
+
+
 ### Specifying a Product or Manifest
 
 By default your manifest will be uploaded to the top-level folder of your "Private Workspace" Product on the Vigiles Dashboard. This can be changed by downloading the "Dashboard Config" for an alternative Product and/or Folder and specifying it in your local.conf file.
 
+If set, this option can be overridden on the command line by setting the
+environment variable VIGILES_DASHBOARD_CONFIG to the location of an alternate
+Dashboard Config file. This feature can be used by developers to use a
+personal/local key without having to change a shared local.conf for a board.
 
 >New Products can be defined by clicking on the "New Product" product link and specifying a name. To download the Dashboard Config for the top-level folder of that Product, click on the "Product Settings" link and then the "Download Dashboard Config" button.
 
@@ -356,6 +394,27 @@ packagegroup-core-boot
 >the manifest, after any additional packages are included.
 
 
+### Uploading the Manifest (Only)
+
+In some cases, it may be desired to upload the Vigiles Manifest for a build
+without generating a CVE Report. This can speed up build times and ease
+reporting of automated bulk builds.
+
+This behavior can be enabled by setting the boolean variable
+```VIGILES_UPLOAD_ONLY``` to '1' or 'True' in ```conf/local.conf```
+
+
+>```
+>VIGILES_UPLOAD_ONLY = "1"
+>```
+
+Instead of a text report and a link to the online report, a link to the
+Vigiles Dashboard Product Workspace (as specified with
+VIGILES_DASHBOARD_CONFIG) will be displayed, from where it can be then be
+scanned by the Vigiles Service.
+
+
+
 Maintenance
 ===========
 

classes/vigiles.bbclass

@@ -363,6 +363,7 @@ def vigiles_image_collect(d):
             layers           = sys_dict["layers"],
             machine          = sys_dict["machine"]["title"],
             manifest_version = d.getVar('VIGILES_MANIFEST_VERSION'),
+            manifest_name    = d.getVar('VIGILES_MANIFEST_NAME'),
             packages         = tsmeta_read_dictdir_files(d, "cve", pn_list),
             whitelist        = sorted(list(vigiles_ignored))
         )
@@ -656,6 +657,32 @@ python do_vigiles_check() {
 
         vigiles_env = os.environ.copy()
 
+        #
+        # The following logic allows the Key File and Dashboard Config to be
+        # overridden by the user's environment -- if a build system sets a
+        # generic key in local.conf (e.g. for automated builds), but a
+        # developer wants/needs to use their own private credentials, those can
+        # set in the shell environment.
+        # They are handled in following way -- forwarding the values from the
+        # original shell environment, but still passing the local.conf values on
+        # the command line -- for compatibility with other Vigiles implementations.
+        _orig_env = d.getVar('BB_ORIGENV', False)
+        vigiles_env['VIGILES_KEY_FILE'] = _orig_env.getVar('VIGILES_KEY_FILE') or ''
+        vigiles_env['VIGILES_DASHBOARD_CONFIG'] = _orig_env.getVar('VIGILES_DASHBOARD_CONFIG') or ''
+
+        conf_key = d.getVar('VIGILES_KEY_FILE')
+        if conf_key:
+            args = args + ['-K', conf_key]
+        conf_dashboard = d.getVar('VIGILES_DASHBOARD_CONFIG')
+        if conf_dashboard:
+            args = args + ['-C', conf_dashboard]
+
+        vigiles_env['LINUXLINK_SERVER'] = _orig_env.getVar('LINUXLINK_SERVER') or ''
+
+        _upload_only = bb.utils.to_boolean(d.getVar('VIGILES_UPLOAD_ONLY'), False)
+        if _upload_only:
+            args = args + ['-U']
+
         #
         # Vigiles uses python3, and needs to use the Host-installed instance
         #  to avoid racing against the removal of the Yocto-built native
@@ -670,9 +697,6 @@ python do_vigiles_check() {
         env_path.insert(0, hosttools_dir)
         vigiles_env['PATH'] = os.path.pathsep.join(env_path)
 
-        vigiles_env['VIGILES_KEY_FILE'] = d.getVar('VIGILES_KEY_FILE')
-        vigiles_env['VIGILES_DASHBOARD_CONFIG'] = d.getVar('VIGILES_DASHBOARD_CONFIG')
-
         layerdir = d.getVar('VIGILES_LAYERDIR')
         path = os.path.join(layerdir, "scripts", cmd)
 
@@ -684,7 +708,7 @@ python do_vigiles_check() {
 
     _check_disabled = bb.utils.to_boolean(d.getVar('VIGILES_DISABLE_CHECK'), False)
     if _check_disabled:
-        bb.plain("Vigiles: Skipping Check for %s" % d.getVar('IMAGE_BASENAME'))
+        bb.plain("Vigiles: Skipping Check for %s" % d.getVar('VIGILES_MANIFEST_NAME'))
         return
 
     bb.utils.mkdirhier(os.path.dirname(vigiles_out))
@@ -713,3 +737,4 @@ python do_vigiles_check() {
 
 addtask do_vigiles_check after do_image before do_image_complete
 do_vigiles_check[nostamp] = "1"
+do_vigiles_check[vardepsexclude] = "BB_ORIGENV"

conf/vigiles.conf

@@ -14,19 +14,20 @@ VIGILES_MANIFEST_VERSION = "1.15"
 VIGILES_TIMESTAMP = "${@time.strftime('%Y-%m-%d_%H.%M.%S', time.strptime(d.getVar('DATETIME', True), '%Y%m%d%H%M%S') ) }"
 VIGILES_TIMESTAMP[vardepsexclude] += "DATETIME"
 
-VIGILES_IMAGE = "${IMAGE_BASENAME}-${VIGILES_TIMESTAMP}"
+VIGILES_MANIFEST_NAME ??= "${IMAGE_BASENAME}" 
+VIGILES_IMAGE = "${VIGILES_MANIFEST_NAME}-${VIGILES_TIMESTAMP}"
 VIGILES_MANIFEST = "${VIGILES_DIR_IMAGE}/${VIGILES_IMAGE}-cve.json"
 VIGILES_REPORT = "${VIGILES_DIR_IMAGE}/${VIGILES_IMAGE}-report.txt"
 
 VIGILES_BSPDIR = "${@os.path.abspath(os.path.dirname(d.getVar("TOPDIR")))}"
 VIGILES_DIR ?= "${TOPDIR}/vigiles"
 VIGILES_DIR_KCONFIG = "${VIGILES_DIR}/kconfig"
-VIGILES_DIR_IMAGE = "${VIGILES_DIR}/${IMAGE_BASENAME}"
-VIGILES_MANIFEST_LINK = "${VIGILES_DIR}/${IMAGE_BASENAME}-cve.json"
-VIGILES_REPORT_LINK = "${VIGILES_DIR}/${IMAGE_BASENAME}-report.txt"
+VIGILES_DIR_IMAGE = "${VIGILES_DIR}/${VIGILES_MANIFEST_NAME}"
+VIGILES_MANIFEST_LINK = "${VIGILES_DIR}/${VIGILES_MANIFEST_NAME}-cve.json"
+VIGILES_REPORT_LINK = "${VIGILES_DIR}/${VIGILES_MANIFEST_NAME}-report.txt"
 
-VIGILES_KEY_FILE ?= "${HOME}/timesys/linuxlink_key"
-VIGILES_DASHBOARD_CONFIG ?= "${HOME}/timesys/dashboard_config"
+VIGILES_KEY_FILE ??= ""
+VIGILES_DASHBOARD_CONFIG ??= ""
 
 VIGILES_KERNEL_CONFIG ??= "auto"
 VIGILES_UBOOT_CONFIG ??= "auto"