diff options
author | Ross Burton <ross.burton@intel.com> | 2019-07-16 13:47:21 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-17 09:36:29 +0100 |
commit | 1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17 (patch) | |
tree | 414fefa62c886e7c42d5c4fab68a05cf8216630e /meta/recipes-core/glibc | |
parent | 5388ed6d1378d647a65912dbd537f9ef3cb5760a (diff) | |
download | openembedded-core-contrib-1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17.tar.gz |
glibc: exclude child recipes from CVE scanning
As glibc will be scanned for CVEs, we don't need to scan glibc-locale,
glibc-mtrace, and glibc-scripts which are all separate recipes for technical
reasons.
Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the
global whitelist.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/glibc')
-rw-r--r-- | meta/recipes-core/glibc/glibc-locale.inc | 3 | ||||
-rw-r--r-- | meta/recipes-core/glibc/glibc-mtrace.inc | 3 | ||||
-rw-r--r-- | meta/recipes-core/glibc/glibc-scripts.inc | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc index bf5eaee938..ef06389ff9 100644 --- a/meta/recipes-core/glibc/glibc-locale.inc +++ b/meta/recipes-core/glibc/glibc-locale.inc @@ -98,3 +98,6 @@ do_install() { inherit libc-package BBCLASSEXTEND = "nativesdk" + +# Don't scan for CVEs as glibc will be scanned +CVE_PRODUCT = "" diff --git a/meta/recipes-core/glibc/glibc-mtrace.inc b/meta/recipes-core/glibc/glibc-mtrace.inc index d703c14bdc..ef9d60ec23 100644 --- a/meta/recipes-core/glibc/glibc-mtrace.inc +++ b/meta/recipes-core/glibc/glibc-mtrace.inc @@ -11,3 +11,6 @@ do_install() { install -d -m 0755 ${D}${bindir} install -m 0755 ${SRC}/mtrace ${D}${bindir}/ } + +# Don't scan for CVEs as glibc will be scanned +CVE_PRODUCT = "" diff --git a/meta/recipes-core/glibc/glibc-scripts.inc b/meta/recipes-core/glibc/glibc-scripts.inc index 2a2b41507e..14a14e4512 100644 --- a/meta/recipes-core/glibc/glibc-scripts.inc +++ b/meta/recipes-core/glibc/glibc-scripts.inc @@ -18,3 +18,6 @@ do_install() { # sotruss script requires sotruss-lib.so (given by libsotruss package), # to produce trace of the library calls. RDEPENDS_${PN} += "libsotruss" + +# Don't scan for CVEs as glibc will be scanned +CVE_PRODUCT = "" |