diff mbox series

[[PATCH,v2] 4/4] linux: Add inherit on generate-cve-exclusions

Message ID 20260106191001.3385117-4-valentin.boudevin@gmail.com
State Changes Requested
Headers show
Series [[PATCH,v2] 4/4] linux: Add inherit on generate-cve-exclusions | expand

Commit Message

ValentinBoudevin Jan. 6, 2026, 7:10 p.m. UTC 
All kernel recipes can use generate-cve-exclusions class to perform CVE
exclusions.
---
 meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb   | 3 +++
 meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb   | 3 +++
 meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb   | 3 +++
 meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb | 3 +++
 meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb | 3 +++
 meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb | 3 +++
 meta/recipes-kernel/linux/linux-yocto_6.12.bb      | 3 +++
 meta/recipes-kernel/linux/linux-yocto_6.16.bb      | 3 +++
 meta/recipes-kernel/linux/linux-yocto_6.18.bb      | 3 +++
 9 files changed, 27 insertions(+)

Comments

Bruce Ashfield Jan. 6, 2026, 7:22 p.m. UTC | #1 
Apologies for not commenting on this in v1, I was
focused on the overhead of the task.

Rather than updating all the .bb files, why not just
have this in the linux-yocto.inc ? Otherwise, I'll surely
forget it at some point :)

Now that the task is optional, there's no risk of it
in the .inc, since other .inc users won't get overhead
that they don't expect.

Bruce

On Tue, Jan 6, 2026 at 2:10 PM vboudevin via lists.openembedded.org
<valentin.boudevin=gmail.com@lists.openembedded.org> wrote:

> All kernel recipes can use generate-cve-exclusions class to perform CVE
> exclusions.
> ---
>  meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb   | 3 +++
>  meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb   | 3 +++
>  meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb   | 3 +++
>  meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb | 3 +++
>  meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb | 3 +++
>  meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb | 3 +++
>  meta/recipes-kernel/linux/linux-yocto_6.12.bb      | 3 +++
>  meta/recipes-kernel/linux/linux-yocto_6.16.bb      | 3 +++
>  meta/recipes-kernel/linux/linux-yocto_6.18.bb      | 3 +++
>  9 files changed, 27 insertions(+)
>
> diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
> b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
> index 9ac8507f9f..5cc735ae93 100644
> --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
> @@ -5,6 +5,9 @@ require recipes-kernel/linux/linux-yocto.inc
>  # CVE exclusions
>  include recipes-kernel/linux/cve-exclusion_6.12.inc
>
> +# Generate Dynamic CVE Exclusions
> +inherit generate-cve-exclusions
> +
>  # Skip processing of this recipe if it is not explicitly specified as the
>  # PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
>  # to build multiple virtual/kernel providers, e.g. as dependency of
> diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
> b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
> index 1230e4e805..53532b4e7e 100644
> --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
> @@ -5,6 +5,9 @@ require recipes-kernel/linux/linux-yocto.inc
>  # CVE exclusions
>  include recipes-kernel/linux/cve-exclusion_6.16.inc
>
> +# Generate Dynamic CVE Exclusions
> +inherit generate-cve-exclusions
> +
>  # Skip processing of this recipe if it is not explicitly specified as the
>  # PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
>  # to build multiple virtual/kernel providers, e.g. as dependency of
> diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
> b/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
> index 32ed29f25e..e95264d99d 100644
> --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
> @@ -5,6 +5,9 @@ require recipes-kernel/linux/linux-yocto.inc
>  # CVE exclusions
>  include recipes-kernel/linux/cve-exclusion_6.18.inc
>
> +# Generate Dynamic CVE Exclusions
> +inherit generate-cve-exclusions
> +
>  # Skip processing of this recipe if it is not explicitly specified as the
>  # PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
>  # to build multiple virtual/kernel providers, e.g. as dependency of
> diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
> b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
> index 940561352c..6b17c2ff7f 100644
> --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
> @@ -8,6 +8,9 @@ require recipes-kernel/linux/linux-yocto.inc
>  # CVE exclusions
>  include recipes-kernel/linux/cve-exclusion_6.12.inc
>
> +# Generate Dynamic CVE Exclusions
> +inherit generate-cve-exclusions
> +
>  LINUX_VERSION ?= "6.12.62"
>  LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
>
> diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
> b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
> index ffa15b0c1b..02e502faed 100644
> --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
> @@ -8,6 +8,9 @@ require recipes-kernel/linux/linux-yocto.inc
>  # CVE exclusions
>  include recipes-kernel/linux/cve-exclusion_6.16.inc
>
> +# Generate Dynamic CVE Exclusions
> +inherit generate-cve-exclusions
> +
>  LINUX_VERSION ?= "6.16.11"
>  LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
>
> diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
> b/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
> index 2afdc02467..e36a7fb028 100644
> --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
> @@ -8,6 +8,9 @@ require recipes-kernel/linux/linux-yocto.inc
>  # CVE exclusions
>  include recipes-kernel/linux/cve-exclusion_6.18.inc
>
> +# Generate Dynamic CVE Exclusions
> +inherit generate-cve-exclusions
> +
>  LINUX_VERSION ?= "6.18.1"
>  LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
>
> diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
> b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
> index 84419f8c78..b6ac5f9b90 100644
> --- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
> @@ -6,6 +6,9 @@ require recipes-kernel/linux/linux-yocto.inc
>  include recipes-kernel/linux/cve-exclusion.inc
>  include recipes-kernel/linux/cve-exclusion_6.12.inc
>
> +# Generate Dynamic CVE Exclusions
> +inherit generate-cve-exclusions
> +
>  # board specific branches
>  KBRANCH:qemuarm  ?= "v6.12/standard/arm-versatile-926ejs"
>  KBRANCH:qemuarm64 ?= "v6.12/standard/base"
> diff --git a/meta/recipes-kernel/linux/linux-yocto_6.16.bb
> b/meta/recipes-kernel/linux/linux-yocto_6.16.bb
> index 408f14b451..947de4186e 100644
> --- a/meta/recipes-kernel/linux/linux-yocto_6.16.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto_6.16.bb
> @@ -6,6 +6,9 @@ require recipes-kernel/linux/linux-yocto.inc
>  include recipes-kernel/linux/cve-exclusion.inc
>  include recipes-kernel/linux/cve-exclusion_6.16.inc
>
> +# Generate Dynamic CVE Exclusions
> +inherit generate-cve-exclusions
> +
>  # board specific branches
>  KBRANCH:qemuarm  ?= "v6.16/standard/arm-versatile-926ejs"
>  KBRANCH:qemuarm64 ?= "v6.16/standard/base"
> diff --git a/meta/recipes-kernel/linux/linux-yocto_6.18.bb
> b/meta/recipes-kernel/linux/linux-yocto_6.18.bb
> index 562a997020..66320f7123 100644
> --- a/meta/recipes-kernel/linux/linux-yocto_6.18.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto_6.18.bb
> @@ -6,6 +6,9 @@ require recipes-kernel/linux/linux-yocto.inc
>  include recipes-kernel/linux/cve-exclusion.inc
>  include recipes-kernel/linux/cve-exclusion_6.18.inc
>
> +# Generate Dynamic CVE Exclusions
> +inherit generate-cve-exclusions
> +
>  # board specific branches
>  KBRANCH:qemuarm  ?= "v6.18/standard/arm-versatile-926ejs"
>  KBRANCH:qemuarm64 ?= "v6.18/standard/base"
> --
> 2.43.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#228920):
> https://lists.openembedded.org/g/openembedded-core/message/228920
> Mute This Topic: https://lists.openembedded.org/mt/117111078/1050810
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
diff mbox series

Patch

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index 9ac8507f9f..5cc735ae93 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -5,6 +5,9 @@  require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.12.inc
 
+# Generate Dynamic CVE Exclusions
+inherit generate-cve-exclusions
+
 # Skip processing of this recipe if it is not explicitly specified as the
 # PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
 # to build multiple virtual/kernel providers, e.g. as dependency of
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
index 1230e4e805..53532b4e7e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
@@ -5,6 +5,9 @@  require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.16.inc
 
+# Generate Dynamic CVE Exclusions
+inherit generate-cve-exclusions
+
 # Skip processing of this recipe if it is not explicitly specified as the
 # PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
 # to build multiple virtual/kernel providers, e.g. as dependency of
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
index 32ed29f25e..e95264d99d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
@@ -5,6 +5,9 @@  require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.18.inc
 
+# Generate Dynamic CVE Exclusions
+inherit generate-cve-exclusions
+
 # Skip processing of this recipe if it is not explicitly specified as the
 # PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
 # to build multiple virtual/kernel providers, e.g. as dependency of
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index 940561352c..6b17c2ff7f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,6 +8,9 @@  require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.12.inc
 
+# Generate Dynamic CVE Exclusions
+inherit generate-cve-exclusions
+
 LINUX_VERSION ?= "6.12.62"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
index ffa15b0c1b..02e502faed 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
@@ -8,6 +8,9 @@  require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.16.inc
 
+# Generate Dynamic CVE Exclusions
+inherit generate-cve-exclusions
+
 LINUX_VERSION ?= "6.16.11"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
index 2afdc02467..e36a7fb028 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
@@ -8,6 +8,9 @@  require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.18.inc
 
+# Generate Dynamic CVE Exclusions
+inherit generate-cve-exclusions
+
 LINUX_VERSION ?= "6.18.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index 84419f8c78..b6ac5f9b90 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -6,6 +6,9 @@  require recipes-kernel/linux/linux-yocto.inc
 include recipes-kernel/linux/cve-exclusion.inc
 include recipes-kernel/linux/cve-exclusion_6.12.inc
 
+# Generate Dynamic CVE Exclusions
+inherit generate-cve-exclusions
+
 # board specific branches
 KBRANCH:qemuarm  ?= "v6.12/standard/arm-versatile-926ejs"
 KBRANCH:qemuarm64 ?= "v6.12/standard/base"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.16.bb b/meta/recipes-kernel/linux/linux-yocto_6.16.bb
index 408f14b451..947de4186e 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.16.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.16.bb
@@ -6,6 +6,9 @@  require recipes-kernel/linux/linux-yocto.inc
 include recipes-kernel/linux/cve-exclusion.inc
 include recipes-kernel/linux/cve-exclusion_6.16.inc
 
+# Generate Dynamic CVE Exclusions
+inherit generate-cve-exclusions
+
 # board specific branches
 KBRANCH:qemuarm  ?= "v6.16/standard/arm-versatile-926ejs"
 KBRANCH:qemuarm64 ?= "v6.16/standard/base"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.18.bb b/meta/recipes-kernel/linux/linux-yocto_6.18.bb
index 562a997020..66320f7123 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.18.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.18.bb
@@ -6,6 +6,9 @@  require recipes-kernel/linux/linux-yocto.inc
 include recipes-kernel/linux/cve-exclusion.inc
 include recipes-kernel/linux/cve-exclusion_6.18.inc
 
+# Generate Dynamic CVE Exclusions
+inherit generate-cve-exclusions
+
 # board specific branches
 KBRANCH:qemuarm  ?= "v6.18/standard/arm-versatile-926ejs"
 KBRANCH:qemuarm64 ?= "v6.18/standard/base"