Message ID | 20240224172214.557369-1-simone.p.weiss@posteo.com |
---|---|
State | New |
Headers | show |
Series | ref-manual: classes: Add cve status check for oe.qa | expand |
Hi Simone On 2/24/24 at 18:22, Simone Weiß wrote: > From: Simone Weiß <simone.p.weiss@posteo.com> > > With a new check was added for oe.qa for CVE_STATUS via commit > 3c5b7605acd9cd68b ("cve-check: Log if CVE_STATUS set but not > reported for component") > in poky. Add related documentation here. > > Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> > --- > documentation/ref-manual/classes.rst | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst > index 844433c55..4f1188ef2 100644 > --- a/documentation/ref-manual/classes.rst > +++ b/documentation/ref-manual/classes.rst > @@ -1297,6 +1297,11 @@ Here are the tests you can list with the :term:`WARN_QA` and > paths to locations on the build host were used. Using such paths > might result in host contamination of the build output. > > +- ``cve_status_not_in_db:`` Checks for each component if CVEs that are ignored > + via :term:`CVE_STATUS`, that those are (still) reported for this component > + in the NIST database. If not, a warning is printed. This check is disabled > + by default. > + > - ``debug-deps:`` Checks that all packages except ``-dbg`` packages > do not depend on ``-dbg`` packages, which would cause a packaging > bug. > Thanks for the update! Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Merged into master-next. Cheers Michael.
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 844433c55..4f1188ef2 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -1297,6 +1297,11 @@ Here are the tests you can list with the :term:`WARN_QA` and paths to locations on the build host were used. Using such paths might result in host contamination of the build output. +- ``cve_status_not_in_db:`` Checks for each component if CVEs that are ignored + via :term:`CVE_STATUS`, that those are (still) reported for this component + in the NIST database. If not, a warning is printed. This check is disabled + by default. + - ``debug-deps:`` Checks that all packages except ``-dbg`` packages do not depend on ``-dbg`` packages, which would cause a packaging bug.