[OE-core] [RFC PATCH 0/2] Proposal vuln-cve.bbclass about plug and call style CVE task
Toshikazu Nakayama
toshikazu-n at nec.com
Mon Mar 9 07:35:07 UTC 2020
To give any extensibility about CVE task in OE-Core with introducing plug and
call style CVE task execution in patch set.
If pluggable CVE frameworks will provide from OE-Core for embedded people
include Linux distributors, CVE tool makers, embedded product maintainers or
developers, they may get chance of implementing plugins which are available
for their localized schema(secure development or long term maintenance).
In preparation for this submission, I implement two bbclasses with learning
from cve-check.bbclass about CVE tasks or license/license_image.bbclass about
sstate/manifest tasks. I also read README.OE-Core about how to submit patch.
Tests by decomposing cve-check's functions and mapping to plugin framework
variables have been succeeded 'bitbake core-image-sato' at 'master' with the
almost same result as cve-check's.
If there is something missing in the way of my contacts, please let me know.
Or if possible, please review or give comments.
Regards,
Toshikazu.
Toshikazu Nakayama (2):
vuln-cve: vulnerability task with plug and call style
vuln-cve_image: rootfs manifest about vulnerability
meta/classes/vuln-cve.bbclass | 299 ++++++++++++++++++++++++++++++++++++
meta/classes/vuln-cve_image.bbclass | 111 +++++++++++++
2 files changed, 410 insertions(+)
create mode 100644 meta/classes/vuln-cve.bbclass
create mode 100644 meta/classes/vuln-cve_image.bbclass
--
2.7.4
More information about the Openembedded-core
mailing list