Several CVE helper functions (get_patched_cves() and decode_cve_status()) implicitly depend on the CVE_STATUS and CVE_CHECK_STATUSMAP variables, but these were not declared in the vardeps of their callers.
On Scarthgap, the upstream fix (2cc43c72ff28aa39a417dd8d57cd7c8741c0e541) cannot be cherry-picked cleanly, as it also requires BitBake changes. As a workaround, explicitly add CVE_STATUS and CVE_CHECK_STATUSMAP to the vardeps of all tasks invoking these helpers, ensuring correct task re-execution when CVE status changes. This keeps CVE-related metadata generation consistent without requiring BitBake modifications. Signed-off-by: Benjamin Robin (Schneider Electric) <[email protected]> --- changes in v2: - provide a clearer commit message meta/classes/create-spdx-2.2.bbclass | 1 + meta/classes/create-spdx-3.0.bbclass | 2 ++ meta/classes/cve-check.bbclass | 1 + meta/classes/vex.bbclass | 1 + 4 files changed, 5 insertions(+) diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass index aaa2e78fe211..037193bb4b96 100644 --- a/meta/classes/create-spdx-2.2.bbclass +++ b/meta/classes/create-spdx-2.2.bbclass @@ -710,6 +710,7 @@ python do_create_spdx() { oe.sbom.write_doc(d, package_doc, pkg_arch, "packages", indent=get_json_indent(d)) } +do_create_spdx[vardeps] += "CVE_STATUS" do_create_spdx[vardepsexclude] += "BB_NUMBER_THREADS" # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source addtask do_create_spdx after do_package do_packagedata do_unpack do_collect_spdx_deps before do_populate_sdk do_build do_rm_work diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index 6125e8b54794..388497054b09 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass @@ -159,6 +159,8 @@ do_create_spdx[vardeps] += "\ SPDX_PROFILES \ SPDX_NAMESPACE_PREFIX \ SPDX_UUID_NAMESPACE \ + CVE_STATUS \ + CVE_CHECK_STATUSMAP \ " addtask do_create_spdx after \ diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index f5bbaa5d159a..3f4704fb4ec2 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -187,6 +187,7 @@ python do_cve_check () { } addtask cve_check before do_build +do_cve_check[vardeps] += "CVE_STATUS CVE_CHECK_STATUSMAP" do_cve_check[depends] = "cve-update-nvd2-native:do_unpack" do_cve_check[nostamp] = "1" diff --git a/meta/classes/vex.bbclass b/meta/classes/vex.bbclass index 707e6f45a19a..45a15348724b 100644 --- a/meta/classes/vex.bbclass +++ b/meta/classes/vex.bbclass @@ -160,6 +160,7 @@ python do_generate_vex () { cve_write_data_json(d, cve_data, cves_status) } +do_generate_vex[vardeps] += "CVE_STATUS CVE_CHECK_STATUSMAP" addtask generate_vex before do_build
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#229596): https://lists.openembedded.org/g/openembedded-core/message/229596 Mute This Topic: https://lists.openembedded.org/mt/117341946/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
