| Message ID | 20240714093628.10082-1-peter.marko@siemens.com |
|---|---|
| State | Accepted |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [master,scarthgap] libstd-rs,rust-cross-canadian: set CVE_PRODUCT to rust | expand |
Gentle ping for scrathgap > -----Original Message----- > From: Marko, Peter (ADV D EU SK BFS1) <Peter.Marko@siemens.com> > Sent: Sunday, July 14, 2024 11:36 > To: openembedded-core@lists.openembedded.org > Cc: Marko, Peter (ADV D EU SK BFS1) <Peter.Marko@siemens.com> > Subject: [OE-core][master][scarthgap][PATCH] libstd-rs,rust-cross-canadian: > set CVE_PRODUCT to rust > > From: Peter Marko <peter.marko@siemens.com> > > These recipes come from rust sources and CVEs are reported for them under > rust-lang:rust vendor:product touple. > Especially libstd-rs needs correct CVE_PRODUCT as is it installed on target > devices (being statically linked to rust compiled binaries). > > before: > cargo: CVE_PRODUCT="cargo" > cargo-c-native: CVE_PRODUCT="cargo-c" > libstd-rs: CVE_PRODUCT="libstd-rs" > rust: CVE_PRODUCT="rust" > rust-cross-canadian: CVE_PRODUCT="rust-cross-canadian-<arch>" > rust-llvm: CVE_PRODUCT="rust-llvm" > > after: > cargo: CVE_PRODUCT="cargo" > cargo-c-native: CVE_PRODUCT="cargo-c" > libstd-rs: CVE_PRODUCT="rust" > rust: CVE_PRODUCT="rust" > rust-cross-canadian-x86-64: CVE_PRODUCT="rust" > rust-llvm: CVE_PRODUCT="rust-llvm" > > Product for rust-llvm is uncertain and, should be handled in another commit if > it is desired to align it, too. > > sqlite> select vendor, product, count(product) from products where > sqlite> vendor="rust-lang" group by product; > rust-lang|async-h1|2 > rust-lang|cargo|5 > rust-lang|future-utils|2 > rust-lang|futures-task|2 > rust-lang|mdbook|1 > rust-lang|regex|2 > rust-lang|rsa|2 > rust-lang|rust|45 > rust-lang|socket2|1 > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > meta/recipes-devtools/rust/libstd-rs_1.75.0.bb | 2 ++ > meta/recipes-devtools/rust/rust-cross-canadian.inc | 1 + > 2 files changed, 3 insertions(+) > > diff --git a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb b/meta/recipes- > devtools/rust/libstd-rs_1.75.0.bb > index 5fc6fb97bb..14161714f2 100644 > --- a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb > +++ b/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb > @@ -15,6 +15,8 @@ S = "${RUSTSRC}/library/sysroot" > RUSTLIB_DEP = "" > inherit cargo > > +CVE_PRODUCT = "rust" > + > DEPENDS:append:libc-musl = " libunwind" > # rv32 does not have libunwind ported yet > DEPENDS:remove:riscv32 = "libunwind" > diff --git a/meta/recipes-devtools/rust/rust-cross-canadian.inc > b/meta/recipes-devtools/rust/rust-cross-canadian.inc > index f962437d6b..c34b839d15 100644 > --- a/meta/recipes-devtools/rust/rust-cross-canadian.inc > +++ b/meta/recipes-devtools/rust/rust-cross-canadian.inc > @@ -1,5 +1,6 @@ > SUMMARY = "Rust compiler and runtime libaries (cross-canadian for > ${TARGET_ARCH} target)" > PN = "rust-cross-canadian-${TRANSLATED_TARGET_ARCH}" > +CVE_PRODUCT = "rust" > > inherit rust-target-config > inherit rust-common > -- > 2.30.2
diff --git a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb b/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb index 5fc6fb97bb..14161714f2 100644 --- a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb +++ b/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb @@ -15,6 +15,8 @@ S = "${RUSTSRC}/library/sysroot" RUSTLIB_DEP = "" inherit cargo +CVE_PRODUCT = "rust" + DEPENDS:append:libc-musl = " libunwind" # rv32 does not have libunwind ported yet DEPENDS:remove:riscv32 = "libunwind" diff --git a/meta/recipes-devtools/rust/rust-cross-canadian.inc b/meta/recipes-devtools/rust/rust-cross-canadian.inc index f962437d6b..c34b839d15 100644 --- a/meta/recipes-devtools/rust/rust-cross-canadian.inc +++ b/meta/recipes-devtools/rust/rust-cross-canadian.inc @@ -1,5 +1,6 @@ SUMMARY = "Rust compiler and runtime libaries (cross-canadian for ${TARGET_ARCH} target)" PN = "rust-cross-canadian-${TRANSLATED_TARGET_ARCH}" +CVE_PRODUCT = "rust" inherit rust-target-config inherit rust-common