From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: valentin.boudevin@gmail.com, openembedded-core@lists.openembedded.org
Cc: daniel.turull@ericsson.com, jerome.oufella@savoirfairelinux.com
Subject: Re: [OE-core] [PATCH v6 2/4] cvelistv5: add a new recipe
Date: Sun, 01 Feb 2026 15:12:30 +0000 [thread overview]
Message-ID: <49de779cc2db0ef5c2bade9c8b07e076dedc340f.camel@linuxfoundation.org> (raw)
In-Reply-To: <20260129211012.623827-3-valentin.boudevin@gmail.com>
On Thu, 2026-01-29 at 16:10 -0500, vboudevin via lists.openembedded.org wrote:
> This recipe is in charge of cloning and setting the cvelistv5
> repository: https://github.com/CVEProject/cvelistV5
>
> The variable CVELISTV5_USE_AUTOREV can be used to use AUTOREV to use the
> latest available commit on the remote repository and stay
> up-to-date with the latest CVE information available.
>
> AUTOREV would make the build non-deterministic, turned off by default.
>
> Signed-off-by: ValentinBoudevin <valentin.boudevin@gmail.com>
> ---
> .../cvelistv5-native/cvelistv5-native_git.bb | 24 +++++++++++++++++++
> 1 file changed, 24 insertions(+)
> create mode 100644 meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb
>
> diff --git a/meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb b/meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb
> new file mode 100644
> index 0000000000..f25dda9f3d
> --- /dev/null
> +++ b/meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb
> @@ -0,0 +1,24 @@
> +SUMMARY = "CVE List V5"
> +DESCRIPTION = "Official CVE List. It is a catalog of all CVE Records identified by, or reported to, the CVE Program. \
> +The cvelistV5 repository hosts downloadable files of CVE Records in the CVE Record Format."
> +HOMEPAGE = "https://github.com/CVEProject/cvelistV5"
> +LICENSE = "cve-tou"
> +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/cve-tou;md5=4f7e96b3094e80e66b53359a8342c7f8"
> +
> +inherit native allarch
> +
> +SRC_URI = "git://github.com/CVEProject/cvelistV5.git;branch=main;protocol=https"
> +CVELISTV5_USE_AUTOREV ?= "0"
> +CVELISTV5_DEFAULT_SRCREV ?= "644ce1758db1773336ebebb6a0da90e132da0eb7"
> +
> +python __anonymous () {
> + if d.getVar("CVELISTV5_USE_AUTOREV") == "1":
> + d.setVar("SRCREV", d.getVar("AUTOREV"))
> + else:
> + d.setVar("SRCREV", d.getVar("CVELISTV5_DEFAULT_SRCREV"))
> +}
> +
> +do_install(){
> + install -d ${D}${datadir}/cvelistv5-native
> + cp -r ${UNPACKDIR}/cvelistv5-git/* ${D}${datadir}/cvelistv5-native/
> +}
Why add a CVELISTV5_DEFAULT_SRCREV variable when this is a standard usage of autorev?
SRCREV = "644ce1758db1773336ebebb6a0da90e132da0eb7"
and then users can set:
SRCREV:pn-cvelistv5-native = "${AUTROREV}"
if they want it, just the same as any other recipe?
Cheers,
Richard
next prev parent reply other threads:[~2026-02-01 15:12 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <188AFCD98EA3E578.3200434@lists.openembedded.org>
2026-01-16 19:05 ` [PATCH 1/1] improve_kerne_cve_report: Add a bbclass support ValentinBoudevin
2026-01-16 19:05 ` [PATCH v5 0/4] generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-19 10:44 ` Daniel Turull
2026-01-16 19:05 ` [PATCH v5 1/4] generate-cve-exclusions: Add --output-json option ValentinBoudevin
2026-01-16 19:05 ` [PATCH v5 2/4] generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-17 13:36 ` [OE-core] " Peter Kjellerstedt
2026-01-19 10:40 ` Daniel Turull
2026-01-16 19:05 ` [PATCH v5 3/4] generate-cve-exclusions: Move python script ValentinBoudevin
2026-01-16 19:05 ` [PATCH v5 4/4] linux: Add inherit on generate-cve-exclusions ValentinBoudevin
2026-01-17 13:38 ` [OE-core] " Peter Kjellerstedt
2026-01-19 9:35 ` [PATCH 1/1] improve_kerne_cve_report: Add a bbclass support Daniel Turull
2026-01-29 21:10 ` [PATCH v6 0/4] generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-29 21:10 ` [PATCH v6 1/4] generate-cve-exclusions: Add output format option ValentinBoudevin
2026-01-29 21:10 ` [PATCH v6 2/4] cvelistv5: add a new recipe ValentinBoudevin
2026-02-01 11:56 ` [OE-core] " Mathieu Dubois-Briand
2026-02-01 15:12 ` Richard Purdie [this message]
2026-02-02 13:48 ` vboudevin
2026-02-02 14:04 ` [OE-core] " Marta Rybczynska
2026-02-02 19:54 ` vboudevin
2026-01-29 21:10 ` [PATCH v6 3/4] kernel-generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-29 21:10 ` [PATCH v6 4/4] generate-cve-exclusions: Move python script ValentinBoudevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49de779cc2db0ef5c2bade9c8b07e076dedc340f.camel@linuxfoundation.org \
--to=richard.purdie@linuxfoundation.org \
--cc=daniel.turull@ericsson.com \
--cc=jerome.oufella@savoirfairelinux.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=valentin.boudevin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.