| Message ID | 20250529105808.1943410-1-ross.burton@arm.com |
|---|---|
| State | Accepted, archived |
| Commit | 5e66e2b79faec2285d249b16457ecc63c4042444 |
| Headers | show |
| Series | [1/2] linux/generate-cve-exclusions: show the name and version of the data source | expand |
Hi, On Thu, May 29, 2025 at 11:58:07AM +0100, Ross Burton via lists.openembedded.org wrote: > Add another comment to state what the data source for the CVE data was, > specifically the basename of the repository and the "git describe" output > of HEAD. > > Signed-off-by: Ross Burton <ross.burton@arm.com> > --- > meta/recipes-kernel/linux/generate-cve-exclusions.py | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py > index b45c2d5702a..dfc16663a58 100755 > --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py > +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py > @@ -11,6 +11,7 @@ import json > import pathlib > import os > import glob > +import subprocess > > from packaging.version import Version > > @@ -92,13 +93,16 @@ def main(argp=None): > parser.add_argument("version", type=Version, help="Kernel version number to generate data for, such as 6.1.38") > > args = parser.parse_args(argp) > - datadir = args.datadir > + datadir = args.datadir.resolve() > version = args.version > base_version = Version(f"{version.major}.{version.minor}") > > + data_version = subprocess.check_output(("git", "describe", "--tags", "HEAD"), cwd=datadir, text=True) It's good to add "--always" if the repo, or clone/cached one, does not include tags for what ever reason. Cheers, -Mikko
diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index b45c2d5702a..dfc16663a58 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py @@ -11,6 +11,7 @@ import json import pathlib import os import glob +import subprocess from packaging.version import Version @@ -92,13 +93,16 @@ def main(argp=None): parser.add_argument("version", type=Version, help="Kernel version number to generate data for, such as 6.1.38") args = parser.parse_args(argp) - datadir = args.datadir + datadir = args.datadir.resolve() version = args.version base_version = Version(f"{version.major}.{version.minor}") + data_version = subprocess.check_output(("git", "describe", "--tags", "HEAD"), cwd=datadir, text=True) + print(f""" # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at {datetime.datetime.now(datetime.timezone.utc)} for version {version} +# Generated at {datetime.datetime.now(datetime.timezone.utc)} for kernel version {version} +# From {datadir.name} {data_version} python check_kernel_cve_status_version() {{ this_version = "{version}"
Add another comment to state what the data source for the CVE data was, specifically the basename of the repository and the "git describe" output of HEAD. Signed-off-by: Ross Burton <ross.burton@arm.com> --- meta/recipes-kernel/linux/generate-cve-exclusions.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)