[[yocto][meta-lts-mixins][kirkstone/go] 13/16] go: use go as CVE product for all golang recipe veriants

Fri, 31 Mar 2023 09:21:35 -0700 

From: Peter Marko <peter.ma...@siemens.com>

All golang vulnerabilities are reported under product 'go'.

By default there is no vulnerability reported for images with
golang components because none of used golang packages
have correct CVE product set:
* go-binary-native
* go-runtime
* go-cross-*

Signed-off-by: Peter Marko <peter.ma...@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.bell...@bootlin.com>
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
Signed-off-by: Jose Quaresma <jose.quare...@foundries.io>
---
 recipes-devtools/go-1.20/go-binary-native_1.20.1.bb | 2 ++
 recipes-devtools/go-1.20/go-common.inc              | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/recipes-devtools/go-1.20/go-binary-native_1.20.1.bb 
b/recipes-devtools/go-1.20/go-binary-native_1.20.1.bb
index 3eb80fd..2393345 100644
--- a/recipes-devtools/go-1.20/go-binary-native_1.20.1.bb
+++ b/recipes-devtools/go-1.20/go-binary-native_1.20.1.bb
@@ -16,6 +16,8 @@ SRC_URI[go_linux_ppc64le.sha256sum] = 
"85cfd4b89b48c94030783b6e9e619e35557862358
 UPSTREAM_CHECK_URI = "https://golang.org/dl/";
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
 
+CVE_PRODUCT = "go"
+
 S = "${WORKDIR}/go"
 
 inherit goarch native
diff --git a/recipes-devtools/go-1.20/go-common.inc 
b/recipes-devtools/go-1.20/go-common.inc
index 83f8db7..96e32ee 100644
--- a/recipes-devtools/go-1.20/go-common.inc
+++ b/recipes-devtools/go-1.20/go-common.inc
@@ -19,6 +19,9 @@ S = "${WORKDIR}/go"
 B = "${S}"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"
 
+# all recipe variants are created from the same product
+CVE_PRODUCT = "go"
+
 INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
 SSTATE_SCAN_CMD = "true"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#59582): https://lists.yoctoproject.org/g/yocto/message/59582
Mute This Topic: https://lists.yoctoproject.org/mt/97976954/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to