diff options
author | Ross Burton <ross.burton@arm.com> | 2023-08-25 17:08:29 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-08-30 09:51:43 +0100 |
commit | 645066ecec0f52eac0225a144285f44882003856 (patch) | |
tree | fc2f0c0e0ddbe4a9fd7304dbb4a15f2f998245f0 /meta/recipes-kernel/linux | |
parent | 490b9357d5ede15fbcbb01971591abddb115a3b0 (diff) | |
download | openembedded-core-contrib-645066ecec0f52eac0225a144285f44882003856.tar.gz |
linux/generate-cve-exclusions: add version check warning
Embed the version that this file was generated for in the include, and
compare it to the version that is being checked.
This should act as a reminder to update the file when the kernel is
upgraded.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-kernel/linux')
-rwxr-xr-x | meta/recipes-kernel/linux/generate-cve-exclusions.py | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index 34f9ee731d..3bc1c7096f 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py @@ -42,9 +42,18 @@ def main(argp=None): with open(datadir / "data" / "stream_fixes.json", "r") as f: stream_data = json.load(f) - print("# Auto-generated CVE metadata, DO NOT EDIT BY HAND.") - print(f"# Generated at {datetime.datetime.now()} for version {version}") - print() + print(f""" +# Auto-generated CVE metadata, DO NOT EDIT BY HAND. +# Generated at {datetime.datetime.now()} for version {version} + +python check_kernel_cve_status_version() {{ + this_version = "{version}" + kernel_version = d.getVar("LINUX_VERSION") + if kernel_version != this_version: + bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) +}} +do_cve_check[prefuncs] += "check_kernel_cve_status_version" +""") for cve, data in cve_data.items(): if "affected_versions" not in data: |