diff options
| author | akuster <akuster808@gmail.com> | 2021-02-08 05:51:30 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-02-09 08:56:10 +0000 |
| commit | 73befa8f413090ec0d4eba45efe51303b25b0004 (patch) | |
| tree | 051d0c8f900f94032fab13d1d24bcce5c159e047 /meta/classes | |
| parent | 29e280f7ee6d38910e6186948272d641e1511fdd (diff) | |
| download | poky-73befa8f413090ec0d4eba45efe51303b25b0004.tar.gz | |
cve-check: add include/exclude layers
There are times when exluding or including a layer
may be desired. This provide the framwork for that via
two variables. The default is all layers in bblayers.
CVE_CHECK_LAYER_INCLUDELIST
CVE_CHECK_LAYER_EXCLUDELIST
(From OE-Core rev: 5fdde65ef58b4c1048839e4f9462b34bab36fc22)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 061af7a276..112ee3379d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= "" | |||
| 53 | # | 53 | # |
| 54 | CVE_CHECK_WHITELIST ?= "" | 54 | CVE_CHECK_WHITELIST ?= "" |
| 55 | 55 | ||
| 56 | # Layers to be excluded | ||
| 57 | CVE_CHECK_LAYER_EXCLUDELIST ??= "" | ||
| 58 | |||
| 59 | # Layers to be included | ||
| 60 | CVE_CHECK_LAYER_INCLUDELIST ??= "" | ||
| 61 | |||
| 62 | |||
| 56 | # set to "alphabetical" for version using single alphabetical character as increament release | 63 | # set to "alphabetical" for version using single alphabetical character as increament release |
| 57 | CVE_VERSION_SUFFIX ??= "" | 64 | CVE_VERSION_SUFFIX ??= "" |
| 58 | 65 | ||
| @@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): | |||
| 334 | CVE manifest if enabled. | 341 | CVE manifest if enabled. |
| 335 | """ | 342 | """ |
| 336 | 343 | ||
| 344 | |||
| 337 | cve_file = d.getVar("CVE_CHECK_LOG") | 345 | cve_file = d.getVar("CVE_CHECK_LOG") |
| 338 | fdir_name = d.getVar("FILE_DIRNAME") | 346 | fdir_name = d.getVar("FILE_DIRNAME") |
| 339 | layer = fdir_name.split("/")[-3] | 347 | layer = fdir_name.split("/")[-3] |
| 340 | 348 | ||
| 349 | include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() | ||
| 350 | exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() | ||
| 351 | |||
| 352 | if exclude_layers and layer in exclude_layers: | ||
| 353 | return | ||
| 354 | |||
| 355 | if include_layers and layer not in include_layers: | ||
| 356 | return | ||
| 357 | |||
| 341 | nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" | 358 | nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=" |
| 342 | write_string = "" | 359 | write_string = "" |
| 343 | unpatched_cves = [] | 360 | unpatched_cves = [] |