Hi, I am resending this from my regular email client because I think that my original submission using git sendmail was messed up in my GIT config so it didn’t make it to the list. (I did send an email using git sendmail to Armin).
We need this change to meta-security to be compatible with the referenced change made in poky / OE-core. Otherwise there is an error as I reported weeks back. I believe that this patch fixes it. I have used it in both master branch and in dunfell. We also need this to be back ported to all the same branches of meta-security to correspond to all the branches on poky to which the 33efd9351702e08a53e6512e235f947e4f9e914f commit was back ported. This includes dunfell. It is easy to find in a poky branch by grepping for do_populate_cve_db. >From a different perspective, there could also be a case to revert the >original changes as I notice that populating the CVE database is not >necessarily something that we would want to be part of someone running a fetch >all operation for a target image, because the fetch for the CVE database would >likely be run again later at the time of building the image. This could be a >matter of discussion (if not already discussed). But I can work with it >either way. Thanks! Regards, Darcy Darcy Watkins :: Senior Staff Engineer, Firmware SIERRA WIRELESS Direct +1 604 233 7989 :: Fax +1 604 231 1109 :: Main +1 604 231 1100 13811 Wireless Way :: Richmond, BC Canada V6V 3A4 [M4] [email protected]<mailto:[email protected]> :: www.sierrawireless.com<http://www.sierrawireless.com/> From: Darcy Watkins <[email protected]> Date: Wednesday, March 9, 2022 at 6:19 PM To: [email protected] <[email protected]> Cc: Darcy Watkins <[email protected]>, Darcy Watkins <[email protected]> Subject: [meta-security][PATCH] isafw.bbclass: update task dependency on cve-update-db-native From: Darcy Watkins <[email protected]> poky commit: 33efd9351702e08a53e6512e235f947e4f9e914f (or OE-Core commit: f5f97d33a1703d75b9fd9760f2c7767081538e00) had renamed the do_populate_cve_db task in cve-update-db-native to do_fetch. Need to update the do_build task dependency accordingly. Signed-off-by: Darcy Watkins <[email protected]> --- meta-security-isafw/classes/isafw.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-security-isafw/classes/isafw.bbclass b/meta-security-isafw/classes/isafw.bbclass index da6bf76..4d39fc7 100644 --- a/meta-security-isafw/classes/isafw.bbclass +++ b/meta-security-isafw/classes/isafw.bbclass @@ -105,7 +105,7 @@ python process_reports_handler() { os.environ["PATH"] = savedenv["PATH"] } -do_build[depends] += "cve-update-db-native:do_populate_cve_db ca-certificates-native:do_populate_sysroot" +do_build[depends] += "cve-update-db-native:do_fetch ca-certificates-native:do_populate_sysroot" do_build[depends] += "python3-lxml-native:do_populate_sysroot" # These tasks are intended to be called directly by the user (e.g. bitbake -c) -- 2.16.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#56415): https://lists.yoctoproject.org/g/yocto/message/56415 Mute This Topic: https://lists.yoctoproject.org/mt/89689087/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
