From 4ae1f081a56416ff53d66b167b99a3c2177a6ebb Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Fri, 9 Feb 2018 12:44:36 +0000
Subject: classes: don't scan for CVEs in images or packagegroups

There's no point even looking in the database for these, so unset CVE_PRODUCT.

(From OE-Core rev: f47da3e91541d75e1213dd9cf1f89ed16f21141a)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes/image.bbclass        | 2 ++
 meta/classes/packagegroup.bbclass | 1 +
 2 files changed, 3 insertions(+)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 7abb918212..23ed53deb4 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -674,3 +674,5 @@ reproducible_final_image_task () {
     fi
 }
 IMAGE_PREPROCESS_COMMAND_append = " reproducible_final_image_task; "
+
+CVE_PRODUCT = ""
diff --git a/meta/classes/packagegroup.bbclass b/meta/classes/packagegroup.bbclass
index eea2e5b9fc..d540d4214e 100644
--- a/meta/classes/packagegroup.bbclass
+++ b/meta/classes/packagegroup.bbclass
@@ -56,3 +56,4 @@ python () {
         bb.fatal("Please ensure that your setting of VIRTUAL-RUNTIME_init_manager (%s) matches the entries enabled in DISTRO_FEATURES" % initman)
 }
 
+CVE_PRODUCT = ""
-- 
cgit v1.2.3-54-g00ecf