@@ -710,6 +710,7 @@ python do_create_spdx() {
oe.sbom.write_doc(d, package_doc, pkg_arch, "packages", indent=get_json_indent(d))
}
+do_create_spdx[vardeps] += "CVE_STATUS"
do_create_spdx[vardepsexclude] += "BB_NUMBER_THREADS"
# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
addtask do_create_spdx after do_package do_packagedata do_unpack do_collect_spdx_deps before do_populate_sdk do_build do_rm_work
@@ -148,6 +148,8 @@ do_create_spdx[vardeps] += "\
SPDX_PROFILES \
SPDX_NAMESPACE_PREFIX \
SPDX_UUID_NAMESPACE \
+ CVE_STATUS \
+ CVE_CHECK_STATUSMAP \
"
addtask do_create_spdx after \
@@ -187,6 +187,7 @@ python do_cve_check () {
}
addtask cve_check before do_build
+do_cve_check[vardeps] += "CVE_STATUS CVE_CHECK_STATUSMAP"
do_cve_check[depends] = "cve-update-nvd2-native:do_unpack"
do_cve_check[nostamp] = "1"
@@ -160,6 +160,7 @@ python do_generate_vex () {
cve_write_data_json(d, cve_data, cves_status)
}
+do_generate_vex[vardeps] += "CVE_STATUS CVE_CHECK_STATUSMAP"
addtask generate_vex before do_build
The proper way would be to cherry-pick the following commit: 2cc43c72ff28aa39a417dd8d57cd7c8741c0e541 But this also requires applying a patch to bitbake to handle that. So, for Scarthgap, add (manually) the variables CVE_STATUS and CVE_CHECK_STATUSMAP to the vardeps flag of all callers of the following functions: get_patched_cves() and decode_cve_status() Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> --- meta/classes/create-spdx-2.2.bbclass | 1 + meta/classes/create-spdx-3.0.bbclass | 2 ++ meta/classes/cve-check.bbclass | 1 + meta/classes/vex.bbclass | 1 + 4 files changed, 5 insertions(+)