This series looks good to me. I have tested it offline. Only a small typo in patch 3.
Daniel > -----Original Message----- > From: ValentinBoudevin <[email protected]> > Sent: Monday, 2 February 2026 21:52 > To: [email protected] > Cc: Daniel Turull <[email protected]>; > [email protected]; ValentinBoudevinSFL > <[email protected]> > Subject: [PATCH v7 0/4] generate-cve-exclusions: Add a .bbclass > > From: ValentinBoudevinSFL <[email protected]> > > Changes since v6: > - Update the maintainers.inc file to add new maintainer for the > cvelistv5-native recipe. > - Update cvelistv5-native recipe to remove the variables > CVELISTV5_DEFAULT_SRCREV and CVELISTV5_USE_AUTOREV for a fixed > SRCREV usage (AUTOREV will be recommended in the documentation if the user > wants to use the latest available commit). > > Changes since v5: > - Add a new commit to add a new recipe cvelistv5-native to clone the > cvelistv5 repository. > - Update the script generate-cve-exclusions.py to use provide the JSON > format output with the INC output at the same time using --output-json-file > and > --output-inc-file options. > - Update the .bbclass to use the new cvelistv5-native recipe. > - Remove tasks and variables from the .bbclass to simplify the code: > * Remove the do_clone_cvelistV5 task. > * Remove __anonymous function to setup SRC_URI and SRCREV. > * Remove the variables GENERATE_CVE_EXCLUSIONS_SRC_URI, > GENERATE_CVE_EXCLUSIONS_SRCREV, > GENERATE_CVE_EXCLUSIONS_NETWORK, > GENERATE_CVE_EXCLUSIONS_WORKDIR, > GENERATE_CVE_EXCLUSIONS_DESTSUFFIX, and > GENERATE_CVE_EXCLUSIONS_UNPACK_DIR > since they are not needed anymore. > - Remove direct inclusion in linux-yocto.inc and let the user include the > bbclass in their kernel recipe if they want to use it. > Using ENABLE_KERNEL_CVE_EXCLUSIONS variable to enable/disable the > feature is > not needed anymore. Including the bbclass is a cleaner implementation > compare > to set a variable > to enable/disable the feature. > - Add the variables: > *GENERATE_CVE_EXCLUSIONS_OUTPUT_JSON > *GENERATE_CVE_EXCLUSIONS_OUTPUT_INC > to customize the output paths of the generated files. > > Changes since v4: > - Patch 2/4: > * Renamed the bbclass to kernel-generate-cve-exclusions.bbclass to better > reflect its purpose. > * Add new variable ENABLE_KERNEL_CVE_EXCLUSIONS to enable/disable the > feature. > By default, the feature is disabled to avoid unexpected behavior on > existing builds with linux-yocto. > * Add new "__anonymous" python function to setup the variables SRC_URI and > SRCREV only if > this feature is enabled with ENABLE_KERNEL_CVE_EXCLUSIONS. > Also prevent from modifying SRC_URI and SRCREV variables in the default > linux- > yocto usecase. > Now, the recipe does not have any impact on the basic "linux-yocto" recipe > if the > feature is disabled. > * Add new variables GENERATE_CVE_EXCLUSIONS_DESTSUFFIX and > GENERATE_CVE_EXCLUSIONS_UNPACK_DIR to customize the working directory > path of the > class. > - Patch 4/4: > * Update the inherit statement in linux-yocto.inc to reflect the new name > of the > bbclass with > "kernel-generate-cve-exclusions". > > Changes since v3: > - Patch 2/4: > * Add variables to control offline mode, source URI and > SRCREV for deterministic testing (GENERATE_CVE_EXCLUSIONS_SRC_URI, > GENERATE_CVE_EXCLUSIONS_SRCREV, > GENERATE_CVE_EXCLUSIONS_NETWORK). > * Updated generate_cve_exclusions task scheduling to be executed before > do_cve_check. > > Changes since v2: > - Patch 4/4: Inherit the new bbclass in linux-yocto.inc instead of > individual recipes. > > Changes since v1: > - Patch 2/4: Removed the mandatory execution of the > generate-cve-exclusions class on every build. It now needs to be > manually run using: > bitbake -c generate-cve-exclusions <kernel-recipe> > > ValentinBoudevin (4): > generate-cve-exclusions: Add output format option > cvelistv5: add a new recipe > kernel-generate-cve-exclusions: Add a .bbclass > generate-cve-exclusions: Move python script > > .../kernel-generate-cve-exclusions.bbclass | 46 ++++++++ > meta/conf/distro/include/maintainers.inc | 1 + > .../cvelistv5-native/cvelistv5-native_git.bb | 19 ++++ > .../contrib}/generate-cve-exclusions.py | 107 +++++++++++++++--- > 4 files changed, 156 insertions(+), 17 deletions(-) create mode 100644 > meta/classes/kernel-generate-cve-exclusions.bbclass > create mode 100644 meta/recipes-kernel/cvelistv5-native/cvelistv5- > native_git.bb > rename {meta/recipes-kernel/linux => scripts/contrib}/generate-cve- > exclusions.py (55%)
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230535): https://lists.openembedded.org/g/openembedded-core/message/230535 Mute This Topic: https://lists.openembedded.org/mt/117604447/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
