On Thu, Feb 25, 2016 at 01:14:21PM +0100, Mikko Rapeli wrote: > On Wed, Feb 24, 2016 at 03:27:05PM +0000, mariano.lo...@linux.intel.com wrote: > > From: Mariano Lopez <mariano.lo...@linux.intel.com> > > > > This series add the cve-check-tool recipe, a tool used to identify > > potentially vulnerable software through version matching. It will > > check if a vulnerability has been addressed by a patch. > > > > Also add the new cve-check class that will add a task for all recipes > > to check for CVEs using cve-check-tool. This tool can be used by recipe, > > image (will generate an image report in deploy dir), and with "world" > > and "universe" > > > > To run it just inherit the class and enter: > > > > bitbake -c cve_check <recipe> > > I tried these on yocto/dizzy but: > > ERROR: Task do_cve_check in > /home/builder/src/base/poky/meta/recipes-core/busybox/busybox_1.22.1.bb > depends upon non-existent task do_populate_cve_db in > virtual:native:/home/builder/src/base/poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.bb > > Is there some simple way to make this work there too? > > For testing purposes I tried this only with busybox: > > $ cat busybox_%.bbappend > inherit cve-check > > The cve-check-tool itself needed a few native backports/fixes: > > diff --git a/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.13.bb > b/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.13.bb > index 9df81cb..b98d991 100644 > --- a/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.13.bb > +++ b/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.13.bb > @@ -21,3 +21,5 @@ FILES_${PN} += "${datadir}/icons" > do_install_append () { > install -m 0644 ${WORKDIR}/index.theme ${D}/${datadir}/icons/hicolor > } > + > +BBCLASSEXTEND = "native" > diff --git a/meta/recipes-gnome/json-glib/json-glib_1.0.0.bb > b/meta/recipes-gnome/json-glib/json-glib_1.0.0.bb > index ce00709..26f8f7f 100644 > --- a/meta/recipes-gnome/json-glib/json-glib_1.0.0.bb > +++ b/meta/recipes-gnome/json-glib/json-glib_1.0.0.bb > @@ -18,3 +18,5 @@ SRC_URI[archive.sha256sum] = > "dbf558d2da989ab84a27e4e13daa51ceaa97eb959c2c2f8097 > inherit gnome gettext lib_package > > EXTRA_OECONF = "--disable-introspection" > + > +BBCLASSEXTEND = "native"
Sorry, I guess this is needed to enable the class properly: $ grep cve-check conf/local.conf INHERIT += "cve-check" but there are some other backports needed in python modules... -Mikko -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core