From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: valentin.boudevin@gmail.com, openembedded-core@lists.openembedded.org
Cc: daniel.turull@ericsson.com, jerome.oufella@savoirfairelinux.com
Subject: Re: [OE-core] [PATCH v6 2/4] cvelistv5: add a new recipe
Date: Sun, 01 Feb 2026 15:12:30 +0000 [thread overview]
Message-ID: <49de779cc2db0ef5c2bade9c8b07e076dedc340f.camel@linuxfoundation.org> (raw)
In-Reply-To: <20260129211012.623827-3-valentin.boudevin@gmail.com>
On Thu, 2026-01-29 at 16:10 -0500, vboudevin via lists.openembedded.org wrote:
> This recipe is in charge of cloning and setting the cvelistv5
> repository: https://github.com/CVEProject/cvelistV5
>
> The variable CVELISTV5_USE_AUTOREV can be used to use AUTOREV to use the
> latest available commit on the remote repository and stay
> up-to-date with the latest CVE information available.
>
> AUTOREV would make the build non-deterministic, turned off by default.
>
> Signed-off-by: ValentinBoudevin <valentin.boudevin@gmail.com>
> ---
> .../cvelistv5-native/cvelistv5-native_git.bb | 24 +++++++++++++++++++
> 1 file changed, 24 insertions(+)
> create mode 100644 meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb
>
> diff --git a/meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb b/meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb
> new file mode 100644
> index 0000000000..f25dda9f3d
> --- /dev/null
> +++ b/meta/recipes-kernel/cvelistv5-native/cvelistv5-native_git.bb
> @@ -0,0 +1,24 @@
> +SUMMARY = "CVE List V5"
> +DESCRIPTION = "Official CVE List. It is a catalog of all CVE Records identified by, or reported to, the CVE Program. \
> +The cvelistV5 repository hosts downloadable files of CVE Records in the CVE Record Format."
> +HOMEPAGE = "https://github.com/CVEProject/cvelistV5"
> +LICENSE = "cve-tou"
> +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/cve-tou;md5=4f7e96b3094e80e66b53359a8342c7f8"
> +
> +inherit native allarch
> +
> +SRC_URI = "git://github.com/CVEProject/cvelistV5.git;branch=main;protocol=https"
> +CVELISTV5_USE_AUTOREV ?= "0"
> +CVELISTV5_DEFAULT_SRCREV ?= "644ce1758db1773336ebebb6a0da90e132da0eb7"
> +
> +python __anonymous () {
> + if d.getVar("CVELISTV5_USE_AUTOREV") == "1":
> + d.setVar("SRCREV", d.getVar("AUTOREV"))
> + else:
> + d.setVar("SRCREV", d.getVar("CVELISTV5_DEFAULT_SRCREV"))
> +}
> +
> +do_install(){
> + install -d ${D}${datadir}/cvelistv5-native
> + cp -r ${UNPACKDIR}/cvelistv5-git/* ${D}${datadir}/cvelistv5-native/
> +}
Why add a CVELISTV5_DEFAULT_SRCREV variable when this is a standard usage of autorev?
SRCREV = "644ce1758db1773336ebebb6a0da90e132da0eb7"
and then users can set:
SRCREV:pn-cvelistv5-native = "${AUTROREV}"
if they want it, just the same as any other recipe?
Cheers,
Richard
next prev parent reply other threads:[~2026-02-01 15:12 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <188AFCD98EA3E578.3200434@lists.openembedded.org>
2026-01-16 19:05 ` [PATCH 1/1] improve_kerne_cve_report: Add a bbclass support ValentinBoudevin
2026-01-16 19:05 ` [PATCH v5 0/4] generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-19 10:44 ` Daniel Turull
2026-01-16 19:05 ` [PATCH v5 1/4] generate-cve-exclusions: Add --output-json option ValentinBoudevin
2026-01-16 19:05 ` [PATCH v5 2/4] generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-17 13:36 ` [OE-core] " Peter Kjellerstedt
2026-01-19 10:40 ` Daniel Turull
2026-01-16 19:05 ` [PATCH v5 3/4] generate-cve-exclusions: Move python script ValentinBoudevin
2026-01-16 19:05 ` [PATCH v5 4/4] linux: Add inherit on generate-cve-exclusions ValentinBoudevin
2026-01-17 13:38 ` [OE-core] " Peter Kjellerstedt
2026-01-19 9:35 ` [PATCH 1/1] improve_kerne_cve_report: Add a bbclass support Daniel Turull
2026-01-29 21:10 ` [PATCH v6 0/4] generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-29 21:10 ` [PATCH v6 1/4] generate-cve-exclusions: Add output format option ValentinBoudevin
2026-01-29 21:10 ` [PATCH v6 2/4] cvelistv5: add a new recipe ValentinBoudevin
2026-02-01 11:56 ` [OE-core] " Mathieu Dubois-Briand
2026-02-01 15:12 ` Richard Purdie [this message]
2026-02-02 13:48 ` vboudevin
2026-02-02 14:04 ` [OE-core] " Marta Rybczynska
2026-02-02 19:54 ` vboudevin
2026-01-29 21:10 ` [PATCH v6 3/4] kernel-generate-cve-exclusions: Add a .bbclass ValentinBoudevin
2026-01-29 21:10 ` [PATCH v6 4/4] generate-cve-exclusions: Move python script ValentinBoudevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49de779cc2db0ef5c2bade9c8b07e076dedc340f.camel@linuxfoundation.org \
--to=richard.purdie@linuxfoundation.org \
--cc=daniel.turull@ericsson.com \
--cc=jerome.oufella@savoirfairelinux.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=valentin.boudevin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox