| Message ID | 20260115190331.2276779-1-valentin.boudevin@gmail.com |
|---|---|
| Headers | show |
| Series | generate-cve-exclusions: Add a new bbclass | expand |
On Fri, Jan 16, 2026 at 8:03 AM vboudevin via lists.openembedded.org <valentin.boudevin=gmail.com@lists.openembedded.org> wrote: > > Changes since v3: > - Patch 2/4: > * Add variables to control offline mode, source URI and > SRCREV for deterministic testing (GENERATE_CVE_EXCLUSIONS_SRC_URI, > GENERATE_CVE_EXCLUSIONS_SRCREV, GENERATE_CVE_EXCLUSIONS_NETWORK). > * Updated generate_cve_exclusions task scheduling to be executed before > do_cve_check. > > Changes since v2: > - Patch 4/4: Inherit the new bbclass in linux-yocto.inc instead of > individual recipes. > > Changes since v1: > - Patch 2/4: Removed the mandatory execution of the > generate-cve-exclusions class on every build. It now needs to be > manually run using: > bitbake -c generate-cve-exclusions <kernel-recipe> I think it will be good to update documentation as well mentioning new variables and the step https://docs.yoctoproject.org/dev/ref-manual/variables.html https://docs.yoctoproject.org/dev/dev-manual/vulnerabilities.html > ValentinBoudevin (4): > generate-cve-exclusions: Add --output-json option > generate-cve-exclusions: Add a .bbclass > generate-cve-exclusions: Move python script > linux: Add inherit on generate-cve-exclusions > > meta/classes/generate-cve-exclusions.bbclass | 97 +++++++++++++++++++ > meta/recipes-kernel/linux/linux-yocto.inc | 3 + > .../contrib}/generate-cve-exclusions.py | 64 +++++++++--- > 3 files changed, 150 insertions(+), 14 deletions(-) > create mode 100644 meta/classes/generate-cve-exclusions.bbclass > rename {meta/recipes-kernel/linux => scripts/contrib}/generate-cve-exclusions.py (71%) > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#229427): https://lists.openembedded.org/g/openembedded-core/message/229427 > Mute This Topic: https://lists.openembedded.org/mt/117285139/3619737 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ankur.tyagi85@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Changes since v3: - Patch 2/4: * Add variables to control offline mode, source URI and SRCREV for deterministic testing (GENERATE_CVE_EXCLUSIONS_SRC_URI, GENERATE_CVE_EXCLUSIONS_SRCREV, GENERATE_CVE_EXCLUSIONS_NETWORK). * Updated generate_cve_exclusions task scheduling to be executed before do_cve_check. Changes since v2: - Patch 4/4: Inherit the new bbclass in linux-yocto.inc instead of individual recipes. Changes since v1: - Patch 2/4: Removed the mandatory execution of the generate-cve-exclusions class on every build. It now needs to be manually run using: bitbake -c generate-cve-exclusions <kernel-recipe> ValentinBoudevin (4): generate-cve-exclusions: Add --output-json option generate-cve-exclusions: Add a .bbclass generate-cve-exclusions: Move python script linux: Add inherit on generate-cve-exclusions meta/classes/generate-cve-exclusions.bbclass | 97 +++++++++++++++++++ meta/recipes-kernel/linux/linux-yocto.inc | 3 + .../contrib}/generate-cve-exclusions.py | 64 +++++++++--- 3 files changed, 150 insertions(+), 14 deletions(-) create mode 100644 meta/classes/generate-cve-exclusions.bbclass rename {meta/recipes-kernel/linux => scripts/contrib}/generate-cve-exclusions.py (71%)