Hi,
I can see duplicated code. Try to split it into smaller functions and put it
into a common file, in a similar way how spdx or cve classes are implemented.
If I do a diff between both file are almost identical. Did you commit all the
changes?
diff meta/classes/improve_kernel_cve_report-spdx-2.2.bbclass
meta/classes/improve_kernel_cve_report-spdx.bbclass
22,24c22,24
< # Check if the system is using SPDX 2.2
< if "create-spdx-2.2" not in check_spdx:
< bb.warn(f"improve_kernel_cve_report-spdx-2.2: Requires SPDX 2.2
enable.")
---
> # Check if the system is using SPDX 3.0
> if "create-spdx" not in check_spdx:
> bb.warn(f"improve_kernel_cve_report-spdx: Requires SPDX 3.0 enable.")
82c82
< spdx_file=${DEPLOY_DIR}/spdx/2.2/${@d.getVar('MACHINE').replace('-',
'_')}/recipes/recipe-${PREFERRED_PROVIDER_virtual/kernel}.spdx.json<mailto:$%7bDEPLOY_DIR%7d/spdx/2.2/$%[email protected]('MACHINE').replace('-',%20'_')%7d/recipes/recipe-$%7bPREFERRED_PROVIDER_virtual/kernel%7d.spdx.json>
---
> spdx_file="${SPDXIMAGEDEPLOYDIR}/${IMAGE_LINK_NAME}.spdx.json"
86c86
< bbwarn "improve_kernel_cve_report-spdx-2.2: No SPDX 2.2 file found in
${spdx_file}."
---
> bbwarn "improve_kernel_cve_report-spdx: No SPDX3.0 file found in
> ${spdx_file}."
90c90
< bbwarn "improve_kernel_cve_report-spdx-2.2: CVE_CHECK file not found:
${original_cve_check_file}. Skipping extra kernel vulnerabilities scouting."
---
> bbwarn "improve_kernel_cve_report-spdx: CVE_CHECK file not found:
> ${original_cve_check_file}. Skipping extra kernel vulnerabilities scouting."
94c94
< bbwarn "improve_kernel_cve_report-spdx-2.2:
improve_kernel_cve_report.py not found in ${COREBASE}."
---
> bbwarn "improve_kernel_cve_report-spdx: improve_kernel_cve_report.py
> not found in ${COREBASE}."
98c98
< bbwarn "improve_kernel_cve_report-spdx-2.2: Vulnerabilities data not
found in ${WORKDIR}/vulns."
---
> bbwarn "improve_kernel_cve_report-spdx: Vulnerabilities data not
> found in ${WORKDIR}/vulns."
103c103
< bbplain "improve_kernel_cve_report-spdx-2.2: Using SPDX file for extra
kernel vulnerabilities scouting: ${spdx_file}"
---
> bbplain "improve_kernel_cve_report-spdx: Using SPDX file for extra kernel
> vulnerabilities scouting: ${spdx_file}"
116c116
Best regards,
Daniel
From: [email protected]
<[email protected]> On Behalf Of vboudevin via
lists.openembedded.org
Sent: Thursday, 15 January 2026 20:13
To: [email protected]
Subject: Re: [OE-core] [PATCH] improve_kerne_cve_report: Add a bbclass support
[Edited Message Follows]
Hi Daniel,
I just pushed a V2 of my patch here:
https://lists.openembedded.org/g/openembedded-core/message/229434.
I added variables to add a deterministic entry if wanted, an offline mode based
on DL_DIR, and a second .bbclass for SPDX2.2.
I can't put SPDX 2.2 and SPDX3.0 in the same class as the task scheduling is
very different and a single task won't be able to handle both.
I want to add a third class for debug-source scenario but it is going to take
me some time.
Do you see any other issue to solve for the current two bbclass?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#229527):
https://lists.openembedded.org/g/openembedded-core/message/229527
Mute This Topic: https://lists.openembedded.org/mt/117149340/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
