manuals: initial documentation for CVE management

This starts to document vulnerability management and the use of the CVE_PRODUCT variable (From yocto-docs rev: 2b9199fe490cb3ec126bffc6518646194a94ace4) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reviewed-by: Quentin Schulz <foss@0leil.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Michael Opdenacker <michael.opdenacker@bootlin.com> 2021-07-30 20:52:16 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-02 17:46:39 +0100
commit: 76053e0f7849ff33428fd75c531c91ab375de8d3 (patch)
tree: b9a53009169d92808b80d8ad1295841d667176c1 /documentation/ref-manual
parent: 090384d9e74fddfdd38f4fd54b3dd39f5d5a8b24 (diff)
download: poky-76053e0f7849ff33428fd75c531c91ab375de8d3.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index b61de1993d..1150940133 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -1471,6 +1471,18 @@ system and gives an overview of their function and contents.
         variable only in certain contexts (e.g. when building for kernel
         and kernel module recipes).
+   :term:`CVE_PRODUCT`
+      In a recipe, defines the name used to match the recipe name
+      against the name in the upstream `NIST CVE database <https://nvd.nist.gov/>`__.
+      The default is ${:term:`BPN`}. If it does not match the name in NIST CVE
+      database or matches with multiple entries in the database, the default
+      value needs to be changed.
+      Here is an example from the :oe_layerindex:`Berkeley DB recipe </layerindex/recipe/544>`::
+         CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
   :term:`CVSDIR`
      The directory in which files checked out under the CVS system are
      stored.
author	Michael Opdenacker <michael.opdenacker@bootlin.com>	2021-07-30 20:52:16 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-02 17:46:39 +0100
commit	76053e0f7849ff33428fd75c531c91ab375de8d3 (patch)
tree	b9a53009169d92808b80d8ad1295841d667176c1 /documentation/ref-manual
parent	090384d9e74fddfdd38f4fd54b3dd39f5d5a8b24 (diff)
download	poky-76053e0f7849ff33428fd75c531c91ab375de8d3.tar.gz

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index b61de1993d..1150940133 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst
@@ -1471,6 +1471,18 @@ system and gives an overview of their function and contents.
1471	variable only in certain contexts (e.g. when building for kernel	1471	variable only in certain contexts (e.g. when building for kernel
1472	and kernel module recipes).	1472	and kernel module recipes).
1473		1473
		1474	:term:`CVE_PRODUCT`
		1475	In a recipe, defines the name used to match the recipe name
		1476	against the name in the upstream `NIST CVE database <https://nvd.nist.gov/>`__.
		1477
		1478	The default is ${:term:`BPN`}. If it does not match the name in NIST CVE
		1479	database or matches with multiple entries in the database, the default
		1480	value needs to be changed.
		1481
		1482	Here is an example from the :oe_layerindex:`Berkeley DB recipe </layerindex/recipe/544>`::
		1483
		1484	CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
		1485
1474	:term:`CVSDIR`	1486	:term:`CVSDIR`
1475	The directory in which files checked out under the CVS system are	1487	The directory in which files checked out under the CVS system are
1476	stored.	1488	stored.