diff mbox series

[v6,1/2] vulns: add a new recipe

Message ID 20260202210811.2136027-2-valentin.boudevin@gmail.com
State New
Headers show
Series improve_kernel_cve_report: Add a bbclass support | expand

Commit Message

ValentinBoudevin Feb. 2, 2026, 9:08 p.m. UTC 
This recipe is in charge of cloning and setting the Linux repository:
https://git.kernel.org/pub/scm/linux/security/vulns.git/

If the build is online, it is recommanded to use SRCREV set to AUTOREV
to use the latest available commit on the remote repository and stay
up-to-date with the latest CVE information available.

AUTOREV would make the build non-deterministic which would break
offline, turned off by default.

Signed-off-by: ValentinBoudevin <valentin.boudevin@gmail.com>
---
 meta/conf/distro/include/maintainers.inc      |  1 +
 .../vulns-native/vulns-native_git.bb          | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 meta/recipes-kernel/vulns-native/vulns-native_git.bb
diff mbox series

Patch

diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 550ef0e0e7..f21a00749a 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -875,6 +875,7 @@  RECIPE_MAINTAINER:pn-vulkan-tools = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-vulkan-utility-libraries = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-vulkan-validation-layers = "Vincent Davis Jr <vince@underview.tech>"
 RECIPE_MAINTAINER:pn-vulkan-volk = "Unassigned <unassigned@yoctoproject.org>"
+RECIPE_MAINTAINER:pn-vulns-native = "Valentin Boudevin <valentin.boudevin@savoirfairelinux.com>"
 RECIPE_MAINTAINER:pn-waffle = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-watchdog = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-watchdog-config = "Unassigned <unassigned@yoctoproject.org>"
diff --git a/meta/recipes-kernel/vulns-native/vulns-native_git.bb b/meta/recipes-kernel/vulns-native/vulns-native_git.bb
new file mode 100644
index 0000000000..7ea3f743d5
--- /dev/null
+++ b/meta/recipes-kernel/vulns-native/vulns-native_git.bb
@@ -0,0 +1,19 @@ 
+SUMMARY = "Linux Security Vulns Repo"
+DESCRIPTION = "Repo for tracking and maintaining the CVE identifiers reserved and assigned to \
+the Linux kernel project."
+HOMEPAGE = "https://git.kernel.org/pub/scm/linux/security/vulns.git/"
+LICENSE = "cve-tou"
+LIC_FILES_CHKSUM = "file://LICENSES/cve-tou.txt;md5=0d1f8ff7666c210e0b0404fd9d7e6703"
+
+inherit allarch native
+
+SRC_URI = "git://git.kernel.org/pub/scm/linux/security/vulns.git;branch=master;protocol=https"
+
+# SRCREV is pinned to a fixed commit to ensure reproducible builds
+# To get the latest commit available and stay up-to-date, set AUTOREV as SRCREV with SRCREV:pn-vulns-native = "${AUTOREV}"
+SRCREV ?= "2c9b20d7a0699222b58c4824560b716b6096637b"
+
+do_install(){
+	install -d ${D}${datadir}/vulns-native
+	cp -r ${UNPACKDIR}/vulns-git/* ${D}${datadir}/vulns-native/
+}