To give any extensibility about CVE task in OE-Core with introducing plug and call style CVE task execution in patch set. If pluggable CVE frameworks will provide from OE-Core for embedded people include Linux distributors, CVE tool makers, embedded product maintainers or developers, they may get chance of implementing plugins which are available for their localized schema(secure development or long term maintenance).
In preparation for this submission, I implement two bbclasses with learning from cve-check.bbclass about CVE tasks or license/license_image.bbclass about sstate/manifest tasks. I also read README.OE-Core about how to submit patch. Tests by decomposing cve-check's functions and mapping to plugin framework variables have been succeeded 'bitbake core-image-sato' at 'master' with the almost same result as cve-check's. If there is something missing in the way of my contacts, please let me know. Or if possible, please review or give comments. Regards, Toshikazu. Toshikazu Nakayama (2): vuln-cve: vulnerability task with plug and call style vuln-cve_image: rootfs manifest about vulnerability meta/classes/vuln-cve.bbclass | 299 ++++++++++++++++++++++++++++++++++++ meta/classes/vuln-cve_image.bbclass | 111 +++++++++++++ 2 files changed, 410 insertions(+) create mode 100644 meta/classes/vuln-cve.bbclass create mode 100644 meta/classes/vuln-cve_image.bbclass -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
