diff mbox series

ref-manual: classes: Add cve status check for oe.qa

Message ID 20240224172214.557369-1-simone.p.weiss@posteo.com
State New
Headers show
Series ref-manual: classes: Add cve status check for oe.qa | expand

Commit Message

Simone Weiß Feb. 24, 2024, 5:22 p.m. UTC 
From: Simone Weiß <simone.p.weiss@posteo.com>

With a new check was added for oe.qa for CVE_STATUS via commit
3c5b7605acd9cd68b ("cve-check: Log if CVE_STATUS set but not
reported for component")
in poky. Add related documentation here.

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
---
 documentation/ref-manual/classes.rst | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Michael Opdenacker Feb. 26, 2024, 1:56 p.m. UTC | #1 
Hi Simone

On 2/24/24 at 18:22, Simone Weiß wrote:
> From: Simone Weiß <simone.p.weiss@posteo.com>
>
> With a new check was added for oe.qa for CVE_STATUS via commit
> 3c5b7605acd9cd68b ("cve-check: Log if CVE_STATUS set but not
> reported for component")
> in poky. Add related documentation here.
>
> Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
> ---
>   documentation/ref-manual/classes.rst | 5 +++++
>   1 file changed, 5 insertions(+)
>
> diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
> index 844433c55..4f1188ef2 100644
> --- a/documentation/ref-manual/classes.rst
> +++ b/documentation/ref-manual/classes.rst
> @@ -1297,6 +1297,11 @@ Here are the tests you can list with the :term:`WARN_QA` and
>      paths to locations on the build host were used. Using such paths
>      might result in host contamination of the build output.
>   
> +-  ``cve_status_not_in_db:`` Checks for each component if CVEs that are ignored
> +   via :term:`CVE_STATUS`, that those are (still) reported for this component
> +   in the NIST database. If not, a warning is printed. This check is disabled
> +   by default.
> +
>   -  ``debug-deps:`` Checks that all packages except ``-dbg`` packages
>      do not depend on ``-dbg`` packages, which would cause a packaging
>      bug.
>

Thanks for the update!
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Merged into master-next.
Cheers

Michael.
diff mbox series

Patch

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 844433c55..4f1188ef2 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -1297,6 +1297,11 @@  Here are the tests you can list with the :term:`WARN_QA` and
    paths to locations on the build host were used. Using such paths
    might result in host contamination of the build output.
 
+-  ``cve_status_not_in_db:`` Checks for each component if CVEs that are ignored
+   via :term:`CVE_STATUS`, that those are (still) reported for this component
+   in the NIST database. If not, a warning is printed. This check is disabled
+   by default.
+
 -  ``debug-deps:`` Checks that all packages except ``-dbg`` packages
    do not depend on ``-dbg`` packages, which would cause a packaging
    bug.