mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-01 13:09:50 +00:00
Code Issues Projects Releases Wiki Activity

meta/classes: fix missing vardeps for CVE status variables

Browse Source 
Several CVE helper functions (get_patched_cves() and decode_cve_status())
implicitly depend on the CVE_STATUS and CVE_CHECK_STATUSMAP variables, but
these were not declared in the vardeps of their callers.

On Scarthgap, the upstream fix (2cc43c72ff28aa39a417dd8d57cd7c8741c0e541)
cannot be cherry-picked cleanly, as it also requires BitBake changes.

As a workaround, explicitly add CVE_STATUS and CVE_CHECK_STATUSMAP to the
vardeps of all tasks invoking these helpers, ensuring correct task
re-execution when CVE status changes.

This keeps CVE-related metadata generation consistent without requiring
BitBake modifications.

(From OE-Core rev: 111e1f2febade3c34649f33676f7f7e7cc8e0bd0)

Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Benjamin Robin (Schneider Electric)
2026-01-19 09:44:50 +01:00
committed by Richard Purdie
parent af8b964e9b
commit 9628ed0111
4 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/classes/create-spdx-2.2.bbclass
+1
View File
@@ -710,6 +710,7 @@ python do_create_spdx() {
oe.sbom.write_doc(d, package_doc, pkg_arch, "packages", indent=get_json_indent(d))
}
do_create_spdx[vardeps] += "CVE_STATUS"
do_create_spdx[vardepsexclude] += "BB_NUMBER_THREADS"
# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
addtask do_create_spdx after do_package do_packagedata do_unpack do_collect_spdx_deps before do_populate_sdk do_build do_rm_work
meta/classes/create-spdx-3.0.bbclass
+2
View File
@@ -159,6 +159,8 @@ do_create_spdx[vardeps] += "\
SPDX_PROFILES \
SPDX_NAMESPACE_PREFIX \
SPDX_UUID_NAMESPACE \
CVE_STATUS \
CVE_CHECK_STATUSMAP \
"
addtask do_create_spdx after \
meta/classes/cve-check.bbclass
+1
View File
@@ -187,6 +187,7 @@ python do_cve_check () {
}
addtask cve_check before do_build
do_cve_check[vardeps] += "CVE_STATUS CVE_CHECK_STATUSMAP"
do_cve_check[depends] = "cve-update-nvd2-native:do_unpack"
do_cve_check[nostamp] = "1"
meta/classes/vex.bbclass
+1
View File
@@ -160,6 +160,7 @@ python do_generate_vex () {
cve_write_data_json(d, cve_data, cves_status)
}
do_generate_vex[vardeps] += "CVE_STATUS CVE_CHECK_STATUSMAP"
addtask generate_vex before do_build