From: Jose Quaresma <quaresma.jose@gmail.com>
To: yocto@lists.yoctoproject.org
Cc: ricardo@foundries.io, jose.quaresma@foundries.io,
Peter Marko <peter.marko@siemens.com>,
Alexandre Belloni <alexandre.belloni@bootlin.com>,
Richard Purdie <richard.purdie@linuxfoundation.org>
Subject: [[yocto][meta-lts-mixins][kirkstone/go] 13/16] go: use go as CVE product for all golang recipe veriants
Date: Fri, 31 Mar 2023 16:20:39 +0000 [thread overview]
Message-ID: <20230331162042.1801766-13-jose.quaresma@foundries.io> (raw)
In-Reply-To: <20230331162042.1801766-1-jose.quaresma@foundries.io>
From: Peter Marko <peter.marko@siemens.com>
All golang vulnerabilities are reported under product 'go'.
By default there is no vulnerability reported for images with
golang components because none of used golang packages
have correct CVE product set:
* go-binary-native
* go-runtime
* go-cross-*
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
---
recipes-devtools/go-1.20/go-binary-native_1.20.1.bb | 2 ++
recipes-devtools/go-1.20/go-common.inc | 3 +++
2 files changed, 5 insertions(+)
diff --git a/recipes-devtools/go-1.20/go-binary-native_1.20.1.bb b/recipes-devtools/go-1.20/go-binary-native_1.20.1.bb
index 3eb80fd..2393345 100644
--- a/recipes-devtools/go-1.20/go-binary-native_1.20.1.bb
+++ b/recipes-devtools/go-1.20/go-binary-native_1.20.1.bb
@@ -16,6 +16,8 @@ SRC_URI[go_linux_ppc64le.sha256sum] = "85cfd4b89b48c94030783b6e9e619e35557862358
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
+CVE_PRODUCT = "go"
+
S = "${WORKDIR}/go"
inherit goarch native
diff --git a/recipes-devtools/go-1.20/go-common.inc b/recipes-devtools/go-1.20/go-common.inc
index 83f8db7..96e32ee 100644
--- a/recipes-devtools/go-1.20/go-common.inc
+++ b/recipes-devtools/go-1.20/go-common.inc
@@ -19,6 +19,9 @@ S = "${WORKDIR}/go"
B = "${S}"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"
+# all recipe variants are created from the same product
+CVE_PRODUCT = "go"
+
INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
SSTATE_SCAN_CMD = "true"
--
2.34.1
next prev parent reply other threads:[~2023-03-31 16:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-31 16:20 [[yocto][meta-lts-mixins][kirkstone/go] 01/16] Initial commit: add license, readme and layer config Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 02/16] make it kirkstone compatible Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 03/16] go-helloworld: add from openembedded-core master Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 04/16] go-helloworld: recipes-devtools -> recipes-extended Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 05/16] go-helloworld: update to latest revision Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 06/16] " Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 07/16] go-helloworld: remove unused GO_WORKDIR Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 08/16] go-1.18: import recipes from openembedded-core Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 09/16] go-1.19: " Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 10/16] go-1.20: " Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 11/16] go-cross-canadian: use gcc-crosssdk, not gcc-native Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 12/16] go: update 1.20 -> 1.20.1 Jose Quaresma
2023-03-31 16:20 ` Jose Quaresma [this message]
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 14/16] go: fix some linkshared regression introduced in go 1.20 Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 15/16] README: add note about backporting Jose Quaresma
2023-03-31 16:20 ` [[yocto][meta-lts-mixins][kirkstone/go] 16/16] README: add my self as maintainer Jose Quaresma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230331162042.1801766-13-jose.quaresma@foundries.io \
--to=quaresma.jose@gmail.com \
--cc=alexandre.belloni@bootlin.com \
--cc=jose.quaresma@foundries.io \
--cc=peter.marko@siemens.com \
--cc=ricardo@foundries.io \
--cc=richard.purdie@linuxfoundation.org \
--cc=yocto@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).