Thank you Valentin, please add me in cc for future review, so it goes directly
into the main inbox, and for any people that you want to review your changes.
Also reply to the patch, so it is easy to comment in the same thread.
I have applied the series into a master build without direct internet
connectivity. It breaks the build by default since the class is inherit in your
patch 4.
WARNING: yocto-master/meta/recipes-kernel/linux/linux-yocto_6.12.bb: Exception
during build_dependencies for fetcher_hashes_dummyfunc
| ETA: 0:00:31
WARNING: yocto-master/meta/recipes-kernel/linux/linux-yocto_6.12.bb: Error
during finalise of
/local/edaturu/yocto-master/meta/recipes-kernel/linux/linux-yocto_6.12.bb
WARNING: yocto-master/meta/recipes-kernel/linux/linux-yocto_6.16.bb: Exception
during build_dependencies for fetcher_hashes_dummyfunc
WARNING: yocto-master/meta/recipes-kernel/linux/linux-yocto_6.16.bb: Error
during finalise of
/local/edaturu/yocto-master/meta/recipes-kernel/linux/linux-yocto_6.16.bb
WARNING: yocto-master/meta/recipes-kernel/linux/linux-yocto_6.18.bb: Exception
during build_dependencies for fetcher_hashes_dummyfunc
| ETA: 0:00:29
WARNING: yocto-master/meta/recipes-kernel/linux/linux-yocto_6.18.bb: Error
during finalise of
/local/edaturu/yocto-master/meta/recipes-kernel/linux/linux-yocto_6.18.bb
ERROR: ExpansionError during parsing
/yocto-master/meta/recipes-kernel/linux/linux-yocto_6.18.bb###########################
| ETA: 0:00:02
bb.data_smart.ExpansionError: Failure expanding variable
fetcher_hashes_dummyfunc[vardepvalue], expression was
${@bb.fetch.get_hashvalue(d)}<mailto:$%[email protected]_hashvalue(d)%7d> which
triggered exception UntrustedUrl: git -c gc.autoDetach=false -c core.pager=cat
-c safe.bareRepository=all -c clone.defaultRemoteName=origin ls-remote
https://github.com/CVEProject/cvelistV5.git
The variable dependency chain for the failure is:
fetcher_hashes_dummyfunc[vardepvalue]
ERROR: Parsing halted due to errors, see error messages above
You should make sure that nothing is executed by default. You could set a new
variable to enable the initialization, for example ENABLE_KERNEL_CVE_EXCLUSIONS
= “1” but it is defaulted to ENABLE_KERNEL_CVE_EXCLUSIONS ?= “0”
The problem is that you are adding into the linux-yocto recipe since it is
inhering the class. I had exactly the same problem in my original patch.
https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/
Since you have the SRC_URI defined, bitbake verifies that the SRCREV is valid.
If you don’t have internet connection, cannot be verified and the build fails.
SRC_URI:append = "
${GENERATE_CVE_EXCLUSIONS_SRC_URI};name=generate-cve-exclusions"
SRCREV_generate-cve-exclusions = "${GENERATE_CVE_EXCLUSIONS_SRCREV}"
Probably it needs to be conditionally initialize only if it is the intended
behaviour. It also add the source in the kernel tree, which probably is not the
intended behaviour.
Best regards,
Daniel
From: [email protected]
<[email protected]> On Behalf Of vboudevin via
lists.openembedded.org
Sent: Thursday, 15 January 2026 20:06
To: [email protected]
Subject: Re: [OE-core] [[PATCH v2] 3/4] generate-cve-exclusions: Move python
script
Hi Daniel,
I updated the class based on your recommendations:
https://lists.openembedded.org/g/openembedded-core/message/229427
Now it works with a custom repo/a fixed SRCREV for deterministic purposes (also
integrated an offline mode based on DL_DIR content).
Keep me informed if you see something else to modify.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#229526):
https://lists.openembedded.org/g/openembedded-core/message/229526
Mute This Topic: https://lists.openembedded.org/mt/117111077/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
