summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2016-12-07 11:25:53 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-12-13 22:55:19 +0000
commit058891183e7669ce5c939c2c9a4b5422d5fa2956 (patch)
tree88c2cd7183b529362261d303c61d4c39661e0d16
parent2b0fc91f408d83f11f18f5d193baaaa35ff298db (diff)
downloadpoky-058891183e7669ce5c939c2c9a4b5422d5fa2956.tar.gz
cve-check: allow recipes to override the product name
Add a new variable CVE_PRODUCT for the product name to look up in the NVD database. Default this to BPN, but allow recipes such as tiff (which is libtiff in NVD) to override it. (From OE-Core rev: ba330051570a4c991885ee726cb187e0c911bd4f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/cve-check.bbclass6
1 files changed, 5 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b0febfb2e5..75b8fa9ab9 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -20,6 +20,10 @@
20# the only method to check against CVEs. Running this tool 20# the only method to check against CVEs. Running this tool
21# doesn't guarantee your packages are free of CVEs. 21# doesn't guarantee your packages are free of CVEs.
22 22
23# The product name that the CVE database uses. Defaults to BPN, but may need to
24# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
25CVE_PRODUCT ?= "${BPN}"
26
23CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" 27CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
24CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db" 28CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db"
25 29
@@ -144,7 +148,7 @@ def check_cves(d, patched_cves):
144 148
145 cves_patched = [] 149 cves_patched = []
146 cves_unpatched = [] 150 cves_unpatched = []
147 bpn = d.getVar("BPN", True) 151 bpn = d.getVar("CVE_PRODUCT")
148 pv = d.getVar("PV", True).split("git+")[0] 152 pv = d.getVar("PV", True).split("git+")[0]
149 cves = " ".join(patched_cves) 153 cves = " ".join(patched_cves)
150 cve_db_dir = d.getVar("CVE_CHECK_DB_DIR", True) 154 cve_db_dir = d.getVar("CVE_CHECK_DB_DIR", True)