From: "Quentin Schulz" <quentin.schulz@theobroma-systems.com>
To: Michael Opdenacker <michael.opdenacker@bootlin.com>
Cc: docs@lists.yoctoproject.org
Subject: Re: [docs] [PATCH v2] manuals: further documentation for cve-check
Date: Fri, 6 Aug 2021 17:38:44 +0200 [thread overview]
Message-ID: <20210806153844.3cnrvphjnpddp55w@fedora> (raw)
In-Reply-To: <20210806153447.59835-1-michael.opdenacker@bootlin.com>
Hi Michael,
On Fri, Aug 06, 2021 at 05:34:47PM +0200, Michael Opdenacker wrote:
> This adds details about the actual implementation
> of vulnerability checks, about how to fix or ignore
> vulnerabilities in recipes, and documents the
> CVE_CHECK_PN_WHITELIST and CVE_CHECK_WHITELIST variables.
>
> Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
[...]
> diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
> index 49905f2725..274ea19e6e 100644
> --- a/documentation/ref-manual/classes.rst
> +++ b/documentation/ref-manual/classes.rst
> @@ -404,6 +404,18 @@ cross-compilation tools used for building SDKs. See the
> section in the Yocto Project Overview and Concepts Manual for more
> discussion on these cross-compilation tools.
>
> +.. _ref-classes-cve-check:
> +
> +``cve-check.bbclass``
> +=====================
> +
> +The ``cve-check`` class looks for known CVE (Common Vulnerabilities
> +and Exposures) while building an image. You can also look for
> +vulnerabilities in specific packages by passing ``-c cve_check``
> +to BitBake. You will find details in the
> +":ref:`dev-manual/common-tasks:checking for vulnerabilities`"
> +section in the Development Tasks Manual.
> +
I would maybe add that this class should be inherited globally from a
configuration file with INHERIT += "cve-check" just to highlight it's
not expected to inherit it in recipe files.
In any case:
Reviewed-by: Quentin Schulz <foss@0leil.net>
Thanks!
Quentin
next prev parent reply other threads:[~2021-08-06 15:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1698BF9C32F2ACEF.15765@lists.yoctoproject.org>
2021-08-06 15:34 ` [PATCH v2] manuals: further documentation for cve-check Michael Opdenacker
2021-08-06 15:38 ` Quentin Schulz [this message]
2021-08-06 17:02 ` [docs] " Michael Opdenacker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210806153844.3cnrvphjnpddp55w@fedora \
--to=quentin.schulz@theobroma-systems.com \
--cc=docs@lists.yoctoproject.org \
--cc=michael.opdenacker@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox