[feature] Add support for excluding packages via CSV files.

This adds support for purging packages from the manifest before
it is submitted for the report.

VIGILES_EXCLUDE can be set to a space-separated list of files
that contain a list of packages to exclude, which is done as
the final step when constructing the manifest.

See the README for more information.

README.md

@@ -323,6 +323,34 @@ udev,,"GPLv2.0+, LGPL-2.1+"
 ```
 
 
+### Excluding Packages From the CVE Check
+
+In some cases, a BSP may want to _exclude_ packages from the Vigiles Report;
+for instance to condense the output by removing packages that are 'installed'
+but have no files (e.g. packagegroups or those that only install data files).
+
+This can be done by setting ```VIGILES_EXCLUDE``` to a space-separated list
+of one or more CSV files that contain a list of packages to drop from the
+generated manifest before it is submitted for the CVE check.
+
+For example, in ```conf/local.conf```:
+
+```
+VIGILES_EXCLUDE = "${TOPDIR}/vigiles-exclude.csv"
+```
+
+And in ```${TOPDIR}/vigiles-exclude.csv```:
+
+
+```
+linux-libc-headers
+opkg-utils
+packagegroup-core-boot
+```
+
+>Note: filtering of packages is performed as the final step in constructing
+>the manifest, after any additional packages are included.
+
 
 Maintenance
 ===========

classes/vigiles.bbclass

@@ -269,6 +269,55 @@ def _get_extra_packages(d):
     return additional
 
 
+##
+#   Packages can be excluded from the manifest by setting
+#    'VIGILES_EXCLUDE' in local.conf, which is expected to be a list of
+#    .csv files in the format of
+#       <product>
+##
+def _filter_excluded_packages(d, vgls_pkgs):
+    import csv
+
+    vgls_excld_files = d.getVar('VIGILES_EXCLUDE') or ''
+    excld_files = oe.utils.squashspaces(vgls_excld_files).split(' ')
+    if not excld_files:
+        return {}
+
+    excld_pkgs = set()
+
+    for excld_csv in excld_files:
+        if not os.path.exists(excld_csv):
+            bb.info("Vigiles: Skipping Non-Existent exclude-package File: %s" % excld_csv)
+            continue
+        bb.debug(1, "Vigiles: Importing Excluded Packages from %s" % excld_files)
+        try:
+            with open(excld_csv) as csv_in:
+                reader = csv.reader(csv_in)
+                for row in reader:
+                    if not len(row):
+                        continue
+                    if row[0].startswith('#'):
+                        continue
+
+                    pkg = row[0].strip().lower()
+                    excld_pkgs.add(pkg.replace(' ', '-'))
+        except Exception as e:
+            bb.warn("Vigiles: exclude-packages: %s" % e)
+            return {}
+
+    bb.debug(2, "Vigiles: Requested packages to exclude: %s" % list(excld_pkgs))
+
+    pkg_matches = list(set([
+        k
+        for k, v in vgls_pkgs.items()
+        if v['name'] in excld_pkgs
+    ]))
+
+    bb.debug(1, "Vigiles: Excluding Packages: %s" % sorted(pkg_matches))
+    for pkg_key in pkg_matches:
+        vgls_pkgs.pop(pkg_key)
+
+
 def vigiles_image_collect(d):
     from datetime import datetime
 
@@ -293,6 +342,7 @@ def vigiles_image_collect(d):
             whitelist        = (d.getVar('VIGILES_WHITELIST') or "").split(),
         )
     dict_out.update(_get_extra_packages(d))
+    _filter_excluded_packages(d, dict_out['packages'])
     return dict_out
 
 python do_vigiles_image() {