This is more of an RFC than an actual review request. Currently, the
yocto CVE checker fails to report CVEs in docker, due to mismatch of the
package names (eg "docker-moby" versus just "docker" in NVD).
So set CVE_PRODUCT in each recipe to match up the names. I have only
done this for docker, containerd and runc. Perhaps there are more
components needing similar treatment.
Possible TODOs include:
* rebase/update this to master, and test it there
* split into separate commits, one per component
---
recipes-containers/containerd/containerd-docker_git.bb | 2 ++
recipes-containers/containerd/containerd-opencontainers_git.bb | 2 ++
recipes-containers/docker/docker-ce_git.bb | 2 ++
recipes-containers/docker/docker-moby.bb | 2 ++
recipes-containers/runc/runc-docker_git.bb | 2 ++
recipes-containers/runc/runc-opencontainers_git.bb | 2 ++
6 files changed, 12 insertions(+)
diff --git a/recipes-containers/containerd/containerd-docker_git.bb
b/recipes-containers/containerd/containerd-docker_git.bb
index b18a9bb..2a3cd34 100644
--- a/recipes-containers/containerd/containerd-docker_git.bb
+++ b/recipes-containers/containerd/containerd-docker_git.bb
@@ -12,3 +12,5 @@ PROVIDES += "virtual/containerd"
RPROVIDES_${PN} = "virtual/containerd"
DEPENDS += "btrfs-tools"
+
+CVE_PRODUCT = "containerd"
diff --git a/recipes-containers/containerd/containerd-opencontainers_git.bb
b/recipes-containers/containerd/containerd-opencontainers_git.bb
index 347eae5..2bcff1e 100644
--- a/recipes-containers/containerd/containerd-opencontainers_git.bb
+++ b/recipes-containers/containerd/containerd-opencontainers_git.bb
@@ -14,3 +14,5 @@ EXTRA_OEMAKE += "GODEBUG=1"
PROVIDES += "virtual/containerd"
RPROVIDES_${PN} = "virtual/containerd"
+
+CVE_PRODUCT = "containerd"
diff --git a/recipes-containers/docker/docker-ce_git.bb
b/recipes-containers/docker/docker-ce_git.bb
index 14182d1..adffcec 100644
--- a/recipes-containers/docker/docker-ce_git.bb
+++ b/recipes-containers/docker/docker-ce_git.bb
@@ -129,3 +129,5 @@ FILES_${PN} += "${systemd_unitdir}/system/*
${sysconfdir}/docker"
FILES_${PN}-contrib += "${datadir}/docker/check-config.sh"
RDEPENDS_${PN}-contrib += "bash"
+
+CVE_PRODUCT = "docker"
diff --git a/recipes-containers/docker/docker-moby.bb
b/recipes-containers/docker/docker-moby.bb
index 762a785..600603f 100644
--- a/recipes-containers/docker/docker-moby.bb
+++ b/recipes-containers/docker/docker-moby.bb
@@ -148,3 +148,5 @@ FILES_${PN} += "${systemd_unitdir}/system/*
${sysconfdir}/docker"
FILES_${PN}-contrib += "${datadir}/docker/check-config.sh"
RDEPENDS_${PN}-contrib += "bash"
+
+CVE_PRODUCT = "docker"
diff --git a/recipes-containers/runc/runc-docker_git.bb
b/recipes-containers/runc/runc-docker_git.bb
index 8d810d0..3684366 100644
--- a/recipes-containers/runc/runc-docker_git.bb
+++ b/recipes-containers/runc/runc-docker_git.bb
@@ -11,3 +11,5 @@ SRC_URI =
"git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \
"
RUNC_VERSION = "1.0.0-rc8"
+
+CVE_PRODUCT = "runc"
diff --git a/recipes-containers/runc/runc-opencontainers_git.bb
b/recipes-containers/runc/runc-opencontainers_git.bb
index 3a7e7aa..a1271f6 100644
--- a/recipes-containers/runc/runc-opencontainers_git.bb
+++ b/recipes-containers/runc/runc-opencontainers_git.bb
@@ -7,3 +7,5 @@ SRC_URI = " \
file://0001-Only-allow-proc-mount-if-it-is-procfs.patch \
"
RUNC_VERSION = "1.0.0-rc8"
+
+CVE_PRODUCT = "runc"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6464):
https://lists.yoctoproject.org/g/meta-virtualization/message/6464
Mute This Topic: https://lists.yoctoproject.org/mt/82410597/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
