[PATCH 0/2] Documentation and 5.0 release notes for some of our work

[PATCH 0/2] Documentation and 5.0 release notes for some of our work

[Yoann Congal]

This series documents and/or adds to release notes the commits coming
from @smile.fr emails addresses (from yocto-4.3 tag).

I considered all those commits (SHA1 from poky):

Documented:
* 789b10030c6 (cve-update-nvd2-native: remove rejected cve from database, 2024-03-15)
* 19f27037b2b (cve-update-nvd2-native: add an age threshold for incremental update, 2024-03-13)
* 6ce61b43570 (strace: disable bluetooth support by default, 2023-12-13)
* 381ef628fab (ref-manual: add documentation for the unimplemented-ptest qa warning, 2023-10-10)

Considered but not deemed documentation worthy (It seems we don't document
non-security fixes):
* ab6d3e3d645 (oeqa/selftest/devtool: fix test_devtool_add_git_style2, 2024-04-04)
* c698cf6723f (cve-update-nvd2-native: Fix CVE configuration update, 2024-03-15)
* 50e17197c6f (cve-update-nvd2-native: nvd_request_next: Improve comment, 2024-03-15)
* 64a54c9c399 (cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition, 2024-03-15)
* 6243d7b8ce6 (cve-update-nvd2-native: Fix typo in comment, 2024-03-13)
* ef88dee4f77 (bitbake: prserv/serv: Fix a PID file removal race on prserv stop, 2024-02-29)
* 140edb96aa4 (waf: Improve version parsing to avoid failing on warnings, 2024-02-29)
* 6088f280dbb (ldconfig-native: Fix to point correctly on the DT_NEEDED entries in an ELF file, 2024-02-16)
* e898f65b339 (waf.bbclass: Print waf output on unparsable version, 2024-02-15)
* f441e63de9d (kexec-tools: Replace a submitted patch by the backported one, 2024-02-14)
* 56c7ea02d29 (systemd: add udev-bash-completion package, 2024-01-08)
* 7608ad08ae6 (image-live.bbclass: LIVE_ROOTFS_TYPE support compression, 2023-12-21)
* 2c59f5ad01a (lib/oe/patch: handle creating patches for CRLF sources, 2023-12-05)
* 93a9621df35 (meta-selftest/files: add xuser to static-passwd/-group, 2023-11-15)
* abeea5c797a (selftest/reproducible: Allow packages exclusion via config, 2023-11-15)
* cc2980ab7f3 (selftest/reproducible: Split a long line, 2023-11-15)

Yoann Congal (2):
  ref-manual: variables: document CVE_DB_INCR_UPDATE_AGE_THRES variable
  release-notes-5.0: Document some work

 .../migration-guides/release-notes-5.0.rst      | 17 +++++++++++++++++
 documentation/ref-manual/variables.rst          |  5 +++++
 2 files changed, 22 insertions(+)

-- 
2.39.2

[PATCH 1/2] ref-manual: variables: document CVE_DB_INCR_UPDATE_AGE_THRES variable

[Yoann Congal]

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 documentation/ref-manual/variables.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 52062b63f..97abb398c 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -1688,6 +1688,11 @@ system and gives an overview of their function and contents.
       The list of package names (:term:`PN`) for which
       CVEs (Common Vulnerabilities and Exposures) are ignored.
 
+   :term:`CVE_DB_INCR_UPDATE_AGE_THRES`
+      Specifies the maximum age of the CVE database in seconds for an
+      incremental update (instead of a full-download). Use "0" to force a
+      full-download.
+
    :term:`CVE_DB_UPDATE_INTERVAL`
       Specifies the CVE database update interval in seconds, as used by
       ``cve-update-db-native``. The default value is "86400" i.e. once a day
-- 
2.39.2

[PATCH 2/2] release-notes-5.0: Document some work

[Yoann Congal]

This patch should cover those commits (from poky) :
* 789b10030c6 (cve-update-nvd2-native: remove rejected cve from database, 2024-03-15)
* 19f27037b2b (cve-update-nvd2-native: add an age threshold for incremental update, 2024-03-13)
* 6ce61b43570 (strace: disable bluetooth support by default, 2023-12-13)
* 381ef628fab (ref-manual: add documentation for the unimplemented-ptest qa warning, 2023-10-10)

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../migration-guides/release-notes-5.0.rst      | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/documentation/migration-guides/release-notes-5.0.rst b/documentation/migration-guides/release-notes-5.0.rst
index 8df95ca21..441c5d7d6 100644
--- a/documentation/migration-guides/release-notes-5.0.rst
+++ b/documentation/migration-guides/release-notes-5.0.rst
@@ -10,6 +10,10 @@ New Features / Enhancements in 5.0
 
 -  New variables:
 
+   -  ``CVE_DB_INCR_UPDATE_AGE_THRES``: Configure the maximum age of the
+      internal CVE database for incremental update (instead of a full
+      redownload)
+
 -  Architecture-specific enhancements:
 
 -  Kernel-related enhancements:
@@ -44,6 +48,9 @@ New Features / Enhancements in 5.0
 
 -  Testing:
 
+   -  Add an optional ``unimplemented-ptest`` QA warning to detect upstream
+      packages with tests that does not use ptest.
+
 -  Utility script changes:
 
    -  New ``recipetool/create_go.py`` script added to support Go recipe creation
@@ -54,6 +61,11 @@ New Features / Enhancements in 5.0
 
 -  Security improvements:
 
+   -  Improve incremental CVE database download from NVD. Rejected CVEs are
+      removed, configuration is kept up-to-date. The age threshold for
+      incremental update can be configured with ``CVE_DB_INCR_UPDATE_AGE_THRES``
+      variable
+
 -  Prominent documentation updates:
 
 -  Miscellaneous changes:
@@ -64,10 +76,15 @@ New Features / Enhancements in 5.0
    -  ``systemd-boot`` can, from now on, be compiled as ``native``, thus
       providing ``ukify`` tool to build UKI images.
 
+   -  systemd: split bash completion for udevadm in a new udev-bash-completion
+      package.
+
    -  The :ref:`ref-classes-go-vendor` class was added to support offline builds
       (i.e., vendoring). It can also handle modules from the same repository,
       taking into account their versions.
 
+   -  Disable strace support of bluetooth by default.
+
 Known Issues in 5.0
 ~~~~~~~~~~~~~~~~~~~
 
-- 
2.39.2

Re: [docs] [PATCH 1/2] ref-manual: variables: document CVE_DB_INCR_UPDATE_AGE_THRES variable

[Michael Opdenacker]

Hi Yoann

On 4/9/24 at 16:55, Yoann Congal wrote:
> Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
> ---
>   documentation/ref-manual/variables.rst | 5 +++++
>   1 file changed, 5 insertions(+)
>
> diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
> index 52062b63f..97abb398c 100644
> --- a/documentation/ref-manual/variables.rst
> +++ b/documentation/ref-manual/variables.rst
> @@ -1688,6 +1688,11 @@ system and gives an overview of their function and contents.
>         The list of package names (:term:`PN`) for which
>         CVEs (Common Vulnerabilities and Exposures) are ignored.
>   
> +   :term:`CVE_DB_INCR_UPDATE_AGE_THRES`
> +      Specifies the maximum age of the CVE database in seconds for an
> +      incremental update (instead of a full-download). Use "0" to force a
> +      full-download.
> +
>      :term:`CVE_DB_UPDATE_INTERVAL`
>         Specifies the CVE database update interval in seconds, as used by
>         ``cve-update-db-native``. The default value is "86400" i.e. once a day


Thanks for the update!
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Merged into "master-next"
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [docs] [PATCH 2/2] release-notes-5.0: Document some work

[Michael Opdenacker]

Hi again Yoann

On 4/9/24 at 16:55, Yoann Congal wrote:
> This patch should cover those commits (from poky) :
> * 789b10030c6 (cve-update-nvd2-native: remove rejected cve from database, 2024-03-15)
> * 19f27037b2b (cve-update-nvd2-native: add an age threshold for incremental update, 2024-03-13)
> * 6ce61b43570 (strace: disable bluetooth support by default, 2023-12-13)
> * 381ef628fab (ref-manual: add documentation for the unimplemented-ptest qa warning, 2023-10-10)
>
> Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
> ---
>   .../migration-guides/release-notes-5.0.rst      | 17 +++++++++++++++++
>   1 file changed, 17 insertions(+)
>
> diff --git a/documentation/migration-guides/release-notes-5.0.rst b/documentation/migration-guides/release-notes-5.0.rst
> index 8df95ca21..441c5d7d6 100644
> --- a/documentation/migration-guides/release-notes-5.0.rst
> +++ b/documentation/migration-guides/release-notes-5.0.rst
> @@ -10,6 +10,10 @@ New Features / Enhancements in 5.0
>   
>   -  New variables:
>   
> +   -  ``CVE_DB_INCR_UPDATE_AGE_THRES``: Configure the maximum age of the

Now that you defined the variable in the previous commit, you can now 
refer to it:
:term:`CVE_DB_INCR_UPDATE_AGE_THRES`
I took care of doing it.

> @@ -44,6 +48,9 @@ New Features / Enhancements in 5.0
>   
>   -  Testing:
>   
> +   -  Add an optional ``unimplemented-ptest`` QA warning to detect upstream
> +      packages with tests that does not use ptest.
s/with tests that does not use ptest/with tests, that do not use ptest/
(fixing grammar issue plus adding a comma to try to make the sentence 
easier to understand).
I made the change by myself.
>
>   
> +   -  systemd: split bash completion for udevadm in a new udev-bash-completion

Add backquotes around "udevadm" and "udev-bash-completion".
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Merged into "master-next".
Thanks!
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com