[PATCH v7 0/4] generate-cve-exclusions: Add a .bbclass

[ValentinBoudevin <valentin.boudevin@gmail.com>]

From: ValentinBoudevinSFL <valentin.boudevin@savoirfairelinux.com>

Changes since v6:
- Update the maintainers.inc file to add new maintainer for the
  cvelistv5-native recipe.
- Update cvelistv5-native recipe to remove the variables CVELISTV5_DEFAULT_SRCREV and CVELISTV5_USE_AUTOREV for a fixed
  SRCREV usage (AUTOREV will be recommended in the documentation if the user wants to use the latest available commit).

Changes since v5:
- Add a new commit to add a new recipe cvelistv5-native to clone the
  cvelistv5 repository.
- Update the script generate-cve-exclusions.py to use provide the JSON
  format output with the INC output at the same time using --output-json-file and
  --output-inc-file options.
- Update the .bbclass to use the new cvelistv5-native recipe.
- Remove tasks and variables from the .bbclass to simplify the code:
  * Remove the do_clone_cvelistV5 task.
  * Remove __anonymous function to setup SRC_URI and SRCREV.
  * Remove the variables GENERATE_CVE_EXCLUSIONS_SRC_URI,
    GENERATE_CVE_EXCLUSIONS_SRCREV, GENERATE_CVE_EXCLUSIONS_NETWORK, GENERATE_CVE_EXCLUSIONS_WORKDIR,
    GENERATE_CVE_EXCLUSIONS_DESTSUFFIX, and GENERATE_CVE_EXCLUSIONS_UNPACK_DIR
    since they are not needed anymore.
- Remove direct inclusion in linux-yocto.inc and let the user include the
  bbclass in their kernel recipe if they want to use it.
  Using ENABLE_KERNEL_CVE_EXCLUSIONS variable to enable/disable the feature is
  not needed anymore. Including the bbclass is a cleaner implementation compare to set a variable
  to enable/disable the feature.
- Add the variables:
  *GENERATE_CVE_EXCLUSIONS_OUTPUT_JSON
  *GENERATE_CVE_EXCLUSIONS_OUTPUT_INC
  to customize the output paths of the generated files.

Changes since v4:
- Patch 2/4:
  * Renamed the bbclass to kernel-generate-cve-exclusions.bbclass to better reflect its purpose.
  * Add new variable ENABLE_KERNEL_CVE_EXCLUSIONS to enable/disable the
  feature.
  By default, the feature is disabled to avoid unexpected behavior on
  existing builds with linux-yocto.
  * Add new "__anonymous" python function to setup the variables SRC_URI and SRCREV only if
  this feature is enabled with ENABLE_KERNEL_CVE_EXCLUSIONS.
  Also prevent from modifying SRC_URI and SRCREV variables in the default linux-yocto usecase.
  Now, the recipe does not have any impact on the basic "linux-yocto" recipe if the feature is disabled.
  * Add new variables GENERATE_CVE_EXCLUSIONS_DESTSUFFIX and
  GENERATE_CVE_EXCLUSIONS_UNPACK_DIR to customize the working directory path of the
  class.
- Patch 4/4:
  * Update the inherit statement in linux-yocto.inc to reflect the new name of the bbclass with
  "kernel-generate-cve-exclusions".

Changes since v3:
- Patch 2/4:
  * Add variables to control offline mode, source URI and
  SRCREV for deterministic testing (GENERATE_CVE_EXCLUSIONS_SRC_URI,
  GENERATE_CVE_EXCLUSIONS_SRCREV, GENERATE_CVE_EXCLUSIONS_NETWORK).
  * Updated generate_cve_exclusions task scheduling to be executed before
  do_cve_check.

Changes since v2:
- Patch 4/4: Inherit the new bbclass in linux-yocto.inc instead of
  individual recipes.

Changes since v1:
- Patch 2/4: Removed the mandatory execution of the
  generate-cve-exclusions class on every build. It now needs to be
  manually run using:
    bitbake -c generate-cve-exclusions <kernel-recipe>

ValentinBoudevin (4):
  generate-cve-exclusions: Add output format option
  cvelistv5: add a new recipe
  kernel-generate-cve-exclusions: Add a .bbclass
  generate-cve-exclusions: Move python script

 .../kernel-generate-cve-exclusions.bbclass    |  46 ++++++++
 meta/conf/distro/include/maintainers.inc      |   1 +
 .../cvelistv5-native/cvelistv5-native_git.bb  |  19 ++++
 .../contrib}/generate-cve-exclusions.py       | 107 +++++++++++++++---
 4 files changed, 156 insertions(+), 17 deletions(-)
 create mode 100644 meta/classes/kernel-generate-cve-exclusions.bbclass
 create mode 100644 meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb
 rename {meta/recipes-kernel/linux => scripts/contrib}/generate-cve-exclusions.py (55%)