Changes since v5:
- Add a new commit to add a new receipe cvelistv5-native to clone the
cvelistv5 repository.
- Update the script generate-cve-exclusions.py to use provide the JSON
format output with the INC output at the same time using --output-json-file
and
--output-inc-file options.
- Update the .bbclass to use the new cvelistv5-native recipe.
- Remove tasks and variables from the .bbclass to simplify the code:
* Remove the do_clone_cvelistV5 task.
* Remove __anonymous function to setup SRC_URI and SRCREV.
* Remove the variables GENERATE_CVE_EXCLUSIONS_SRC_URI,
GENERATE_CVE_EXCLUSIONS_SRCREV, GENERATE_CVE_EXCLUSIONS_NETWORK,
GENERATE_CVE_EXCLUSIONS_WORKDIR,
GENERATE_CVE_EXCLUSIONS_DESTSUFFIX, and GENERATE_CVE_EXCLUSIONS_UNPACK_DIR
since they are not needed anymore.
- Remove direct inclusion in linux-yocto.inc and let the user include the
bbclass in their kernel recipe if they want to use it.
Using ENABLE_KERNEL_CVE_EXCLUSIONS variable to enable/disable the feature is
not needed anymore. Including the bbclass is a cleaner implementation compare
to set a variable
to enable/disable the feature.
- Add the variables:
*GENERATE_CVE_EXCLUSIONS_OUTPUT_JSON
*GENERATE_CVE_EXCLUSIONS_OUTPUT_INC
to customize the output paths of the generated files.
Changes since v4:
- Patch 2/4:
* Renamed the bbclass to kernel-generate-cve-exclusions.bbclass to better
reflect its purpose.
* Add new variable ENABLE_KERNEL_CVE_EXCLUSIONS to enable/disable the
feature.
By default, the feature is disabled to avoid unexpected behavior on
existing builds with linux-yocto.
* Add new "__anonymous" python function to setup the variables SRC_URI and
SRCREV only if
this feature is enabled with ENABLE_KERNEL_CVE_EXCLUSIONS.
Also prevent from modifying SRC_URI and SRCREV variables in the default
linux-yocto usecase.
Now, the recipe does not have any impact on the basic "linux-yocto" recipe if
the feature is disabled.
* Add new variables GENERATE_CVE_EXCLUSIONS_DESTSUFFIX and
GENERATE_CVE_EXCLUSIONS_UNPACK_DIR to customize the working directory path of
the
class.
- Patch 4/4:
* Update the inherit statement in linux-yocto.inc to reflect the new name of
the bbclass with
"kernel-generate-cve-exclusions".
Changes since v3:
- Patch 2/4:
* Add variables to control offline mode, source URI and
SRCREV for deterministic testing (GENERATE_CVE_EXCLUSIONS_SRC_URI,
GENERATE_CVE_EXCLUSIONS_SRCREV, GENERATE_CVE_EXCLUSIONS_NETWORK).
* Updated generate_cve_exclusions task scheduling to be executed before
do_cve_check.
Changes since v2:
- Patch 4/4: Inherit the new bbclass in linux-yocto.inc instead of
individual recipes.
Changes since v1:
- Patch 2/4: Removed the mandatory execution of the
generate-cve-exclusions class on every build. It now needs to be
manually run using:
bitbake -c generate-cve-exclusions <kernel-recipe>
ValentinBoudevin (4):
generate-cve-exclusions: Add output format option
cvelistv5: add a new recipe
kernel-generate-cve-exclusions: Add a .bbclass
generate-cve-exclusions: Move python script
.../kernel-generate-cve-exclusions.bbclass | 46 ++++++++
.../cvelistv5-native/cvelistv5-native_git.bb | 24 ++++
.../contrib}/generate-cve-exclusions.py | 107 +++++++++++++++---
3 files changed, 160 insertions(+), 17 deletions(-)
create mode 100644 meta/classes/kernel-generate-cve-exclusions.bbclass
create mode 100644 meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb
rename {meta/recipes-kernel/linux =>
scripts/contrib}/generate-cve-exclusions.py (55%)
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#230159):
https://lists.openembedded.org/g/openembedded-core/message/230159
Mute This Topic: https://lists.openembedded.org/mt/117534179/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
