From: ValentinBoudevin <valentin.boudevin@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: daniel.turull@ericsson.com, jerome.oufella@savoirfairelinux.com,
antonin.godard@bootlin.com,
ValentinBoudevin <valentin.boudevin@gmail.com>
Subject: [PATCH v5 0/4] generate-cve-exclusions: Add a .bbclass
Date: Fri, 16 Jan 2026 14:05:16 -0500 [thread overview]
Message-ID: <20260116190520.118714-2-valentin.boudevin@gmail.com> (raw)
In-Reply-To: <20260116190520.118714-1-valentin.boudevin@gmail.com>
Changes since v4:
- Patch 2/4:
* Renamed the bbclass to kernel-generate-cve-exclusions.bbclass to better reflect its purpose.
* Add new variable ENABLE_KERNEL_CVE_EXCLUSIONS to enable/disable the
feature.
By default, the feature is disabled to avoid unexpected behavior on
existing builds with linux-yocto.
* Add new "__anonymous" python function to setup the variables SRC_URI and SRCREV only if
this feature is enabled with ENABLE_KERNEL_CVE_EXCLUSIONS.
Also prevent from modifying SRC_URI and SRCREV variables in the default linux-yocto usecase.
Now, the recipe does not have any impact on the basic "linux-yocto" recipe if the feature is disabled.
* Add new variables GENERATE_CVE_EXCLUSIONS_DESTSUFFIX and
GENERATE_CVE_EXCLUSIONS_UNPACK_DIR to customize the working directory path of the
class.
- Patch 4/4:
* Update the inherit statement in linux-yocto.inc to reflect the new name of the bbclass with
"kernel-generate-cve-exclusions".
Changes since v3:
- Patch 2/4:
* Add variables to control offline mode, source URI and
SRCREV for deterministic testing (GENERATE_CVE_EXCLUSIONS_SRC_URI,
GENERATE_CVE_EXCLUSIONS_SRCREV, GENERATE_CVE_EXCLUSIONS_NETWORK).
* Updated generate_cve_exclusions task scheduling to be executed before
do_cve_check.
Changes since v2:
- Patch 4/4: Inherit the new bbclass in linux-yocto.inc instead of
individual recipes.
Changes since v1:
- Patch 2/4: Removed the mandatory execution of the
generate-cve-exclusions class on every build. It now needs to be
manually run using:
bitbake -c generate-cve-exclusions <kernel-recipe>
ValentinBoudevin (4):
generate-cve-exclusions: Add --output-json option
generate-cve-exclusions: Add a .bbclass
generate-cve-exclusions: Move python script
linux: Add inherit on generate-cve-exclusions
.../kernel-generate-cve-exclusions.bbclass | 135 ++++++++++++++++++
meta/recipes-kernel/linux/linux-yocto.inc | 3 +
.../contrib}/generate-cve-exclusions.py | 64 +++++++--
3 files changed, 188 insertions(+), 14 deletions(-)
create mode 100644 meta/classes/kernel-generate-cve-exclusions.bbclass
rename {meta/recipes-kernel/linux => scripts/contrib}/generate-cve-exclusions.py (71%)
next prev parent reply other threads:[~2026-01-16 19:12 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <188AFCD98EA3E578.3200434@lists.openembedded.org>
2026-01-16 19:05 ` [PATCH 1/1] improve_kerne_cve_report: Add a bbclass support ValentinBoudevin
2026-01-16 19:05 ` ValentinBoudevin [this message]
2026-01-19 10:44 ` [PATCH v5 0/4] generate-cve-exclusions: Add a .bbclass Daniel Turull
2026-01-16 19:05 ` [PATCH v5 1/4] generate-cve-exclusions: Add --output-json option ValentinBoudevin
2026-01-16 19:05 ` [PATCH v5 2/4] generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-17 13:36 ` [OE-core] " Peter Kjellerstedt
2026-01-19 10:40 ` Daniel Turull
2026-01-16 19:05 ` [PATCH v5 3/4] generate-cve-exclusions: Move python script ValentinBoudevin
2026-01-16 19:05 ` [PATCH v5 4/4] linux: Add inherit on generate-cve-exclusions ValentinBoudevin
2026-01-17 13:38 ` [OE-core] " Peter Kjellerstedt
2026-01-19 9:35 ` [PATCH 1/1] improve_kerne_cve_report: Add a bbclass support Daniel Turull
2026-01-29 21:10 ` [PATCH v6 0/4] generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-29 21:10 ` [PATCH v6 1/4] generate-cve-exclusions: Add output format option ValentinBoudevin
2026-01-29 21:10 ` [PATCH v6 2/4] cvelistv5: add a new recipe ValentinBoudevin
2026-02-01 11:56 ` [OE-core] " Mathieu Dubois-Briand
2026-02-01 15:12 ` Richard Purdie
2026-02-02 13:48 ` vboudevin
2026-02-02 14:04 ` [OE-core] " Marta Rybczynska
2026-02-02 19:54 ` vboudevin
2026-01-29 21:10 ` [PATCH v6 3/4] kernel-generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-29 21:10 ` [PATCH v6 4/4] generate-cve-exclusions: Move python script ValentinBoudevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260116190520.118714-2-valentin.boudevin@gmail.com \
--to=valentin.boudevin@gmail.com \
--cc=antonin.godard@bootlin.com \
--cc=daniel.turull@ericsson.com \
--cc=jerome.oufella@savoirfairelinux.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox