MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

ref-manual: add missing CVE_CHECK manifest variables

Browse Source 
Variables that can be used for toggling creation of manifest and
specifying the path to the output in the deploy directory.

(From yocto-docs rev: fb462c47bb15522cc02642fe51f39c8e15044957)

Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 14131a42a7ea8bbae2165c1b8dbcabd5f28b2b22)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Antonin Godard 2024-10-09 09:40:59 +02:00 committed by Steve Sakoman
parent ca77e75846
commit 67fd2ee995
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
documentation/ref-manual/variables.rst
View File

@ -135,7 +135,7 @@ system and gives an overview of their function and contents.
appear in :term:`DISTRO_FEATURES` within the current configuration, then appear in :term:`DISTRO_FEATURES` within the current configuration, then
the recipe will be skipped, and if the build system attempts to build the recipe will be skipped, and if the build system attempts to build
the recipe then an error will be triggered. the recipe then an error will be triggered.
:term:`APPEND` :term:`APPEND`
An override list of append strings for each target specified with An override list of append strings for each target specified with
@ -1521,6 +1521,10 @@ system and gives an overview of their function and contents.
variable only in certain contexts (e.g. when building for kernel variable only in certain contexts (e.g. when building for kernel
and kernel module recipes). and kernel module recipes).
:term:`CVE_CHECK_CREATE_MANIFEST`
Specifies whether to create a CVE manifest to place in the deploy
directory. The default is "1".
:term:`CVE_CHECK_IGNORE` :term:`CVE_CHECK_IGNORE`
The list of CVE IDs which are ignored. Here is The list of CVE IDs which are ignored. Here is
an example from the :oe_layerindex:`Python3 recipe</layerindex/recipe/23823>`:: an example from the :oe_layerindex:`Python3 recipe</layerindex/recipe/23823>`::
@ -1528,6 +1532,10 @@ system and gives an overview of their function and contents.
# This is windows only issue. # This is windows only issue.
CVE_CHECK_IGNORE += "CVE-2020-15523" CVE_CHECK_IGNORE += "CVE-2020-15523"
:term:`CVE_CHECK_MANIFEST_JSON`
Specifies the path to the CVE manifest in JSON format. See
:term:`CVE_CHECK_CREATE_MANIFEST`.
:term:`CVE_CHECK_REPORT_PATCHED` :term:`CVE_CHECK_REPORT_PATCHED`
Specifies whether or not the :ref:`ref-classes-cve-check` Specifies whether or not the :ref:`ref-classes-cve-check`
class should report patched or ignored CVEs. The default is "1", but you class should report patched or ignored CVEs. The default is "1", but you
@ -2489,8 +2497,8 @@ system and gives an overview of their function and contents.
.. note:: .. note::
From a security perspective, hardcoding a default password is not From a security perspective, hardcoding a default password is not
generally a good idea or even legal in some jurisdictions. It is generally a good idea or even legal in some jurisdictions. It is
recommended that you do not do this if you are building a production recommended that you do not do this if you are building a production
image. image.
Additionally there is a special ``passwd-expire`` command that will Additionally there is a special ``passwd-expire`` command that will
@ -9554,4 +9562,3 @@ system and gives an overview of their function and contents.
On systems where many tasks run in parallel, setting a limit to this On systems where many tasks run in parallel, setting a limit to this
can be helpful in controlling system resource usage. can be helpful in controlling system resource usage.