Le ven. 23 févr. 2024 à 22:09, Simone Weiß <simone.p.we...@posteo.com> a écrit :
> From: Simone Weiß <simone.p.we...@posteo.com> > > Log if the CVE_STATUS is set for a CVE, but the cve is not reported for a > component. This should hopefully help to clean up not needed CVE_STATUS > settings. > Thank you for taking the time to do this :-) > Signed-off-by: Simone Weiß <simone.p.we...@posteo.com> > --- > meta/classes/cve-check.bbclass | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta/classes/cve-check.bbclass > b/meta/classes/cve-check.bbclass > index 5191d04303..b82a9e89ec 100644 > --- a/meta/classes/cve-check.bbclass > +++ b/meta/classes/cve-check.bbclass > @@ -418,6 +418,9 @@ def check_cves(d, patched_cves): > cves_status.append([product, False]) > > conn.close() > + diff_ignore = list(set(cve_ignore) - set(cves_ignored)) > + if diff_ignore: > + bb.warn("Found CVE (%s) with CVE_STATUS set that is not found in > database for this component" % " ".join(diff_ignore)) > A non-optional warning might be a bit harsh (Especially one that can come up after an independent NVD database update). How about a new element in the output of cve_check (the build/tmp/log/cve/*.{txt,json} files)? That way, someone looking for this info may find it, everyone else can (safely) ignore this. Another way I see would be to make the warning optional by using QA_WARN&co but I'm not 100% sure it can be done... Regards, if not cves_in_recipe: > bb.note("No CVE records for products in recipe %s" % (pn)) > -- > 2.39.2 > > > > > -- Yoann Congal Smile ECS - Tech expert
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#196116): https://lists.openembedded.org/g/openembedded-core/message/196116 Mute This Topic: https://lists.openembedded.org/mt/104536878/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-