summaryrefslogtreecommitdiff
path: root/meta/classes/cve-check.bbclass
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2016-12-07 11:25:53 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-12-13 22:47:25 +0000
commitba330051570a4c991885ee726cb187e0c911bd4f (patch)
tree303fcae5613637d8d716985aabe587804b624c8f /meta/classes/cve-check.bbclass
parentf5381da49ac781ef017a1b9816c00b512ca9c7c2 (diff)
downloadopenembedded-core-ba330051570a4c991885ee726cb187e0c911bd4f.tar.gz
openembedded-core-ba330051570a4c991885ee726cb187e0c911bd4f.tar.bz2
openembedded-core-ba330051570a4c991885ee726cb187e0c911bd4f.zip
cve-check: allow recipes to override the product name
Add a new variable CVE_PRODUCT for the product name to look up in the NVD database. Default this to BPN, but allow recipes such as tiff (which is libtiff in NVD) to override it. Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r--meta/classes/cve-check.bbclass6
1 files changed, 5 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b0febfb2e5..75b8fa9ab9 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -20,6 +20,10 @@
# the only method to check against CVEs. Running this tool
# doesn't guarantee your packages are free of CVEs.
+# The product name that the CVE database uses. Defaults to BPN, but may need to
+# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
+CVE_PRODUCT ?= "${BPN}"
+
CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db"
@@ -144,7 +148,7 @@ def check_cves(d, patched_cves):
cves_patched = []
cves_unpatched = []
- bpn = d.getVar("BPN", True)
+ bpn = d.getVar("CVE_PRODUCT")
pv = d.getVar("PV", True).split("git+")[0]
cves = " ".join(patched_cves)
cve_db_dir = d.getVar("CVE_CHECK_DB_DIR", True)