diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-05-29 11:51:59 +0100 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2022-06-01 06:22:09 -1000 |
commit | d009233f36fb866f6bdaa12fb6deedf5e253e9c9 (patch) | |
tree | d88102931438288e06fb08d84b3ad2704fa1f9e1 | |
parent | 2bacd7cc67b2f624885ce9c9c9e48950b359387d (diff) | |
download | openembedded-core-d009233f36fb866f6bdaa12fb6deedf5e253e9c9.tar.gz |
cve-check: Allow warnings to be disabled
When running CVE checks in CI we're usually not interested in warnings on the
console for any CVEs present. Add a configuration option CVE_CHECK_SHOW_WARNINGS
to allow this to be disabled (it is left enabled by default).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1054d3366ba528f2ad52585cf951e508958c5c68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 8fd6a9f521ea6b1e10c80fe33968943db30991ba)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/classes/cve-check.bbclass | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 29b276e491..0111ec6ba8 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -48,6 +48,7 @@ CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" CVE_CHECK_REPORT_PATCHED ??= "1" +CVE_CHECK_SHOW_WARNINGS ??= "1" # Provide text output CVE_CHECK_FORMAT_TEXT ??= "1" @@ -472,7 +473,7 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data): write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) - if unpatched_cves: + if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) if write_string: |