diff options
| author | Ross Burton <ross.burton@arm.com> | 2023-08-25 17:08:29 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-08-30 09:56:13 +0100 |
| commit | 2b0eac4dd68e1ea203d8aadb541e0821fa7d4208 (patch) | |
| tree | 2f27add436c78b32b1baaf66bfb0e940fc2d5350 | |
| parent | d2d5b2ad3c806f0c4cd968df4cdf80848537da5d (diff) | |
| download | poky-2b0eac4dd68e1ea203d8aadb541e0821fa7d4208.tar.gz | |
linux/generate-cve-exclusions: add version check warning
Embed the version that this file was generated for in the include, and
compare it to the version that is being checked.
This should act as a reminder to update the file when the kernel is
upgraded.
(From OE-Core rev: 645066ecec0f52eac0225a144285f44882003856)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rwxr-xr-x | meta/recipes-kernel/linux/generate-cve-exclusions.py | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index 34f9ee731d..3bc1c7096f 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py | |||
| @@ -42,9 +42,18 @@ def main(argp=None): | |||
| 42 | with open(datadir / "data" / "stream_fixes.json", "r") as f: | 42 | with open(datadir / "data" / "stream_fixes.json", "r") as f: |
| 43 | stream_data = json.load(f) | 43 | stream_data = json.load(f) |
| 44 | 44 | ||
| 45 | print("# Auto-generated CVE metadata, DO NOT EDIT BY HAND.") | 45 | print(f""" |
| 46 | print(f"# Generated at {datetime.datetime.now()} for version {version}") | 46 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. |
| 47 | print() | 47 | # Generated at {datetime.datetime.now()} for version {version} |
| 48 | |||
| 49 | python check_kernel_cve_status_version() {{ | ||
| 50 | this_version = "{version}" | ||
| 51 | kernel_version = d.getVar("LINUX_VERSION") | ||
| 52 | if kernel_version != this_version: | ||
| 53 | bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) | ||
| 54 | }} | ||
| 55 | do_cve_check[prefuncs] += "check_kernel_cve_status_version" | ||
| 56 | """) | ||
| 48 | 57 | ||
| 49 | for cve, data in cve_data.items(): | 58 | for cve, data in cve_data.items(): |
| 50 | if "affected_versions" not in data: | 59 | if "affected_versions" not in data: |