ref-manual: add missing CVE_CHECK manifest variables

Variables that can be used for toggling creation of manifest and specifying the path to the output in the deploy directory. (From yocto-docs rev: fb462c47bb15522cc02642fe51f39c8e15044957) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 14131a42a7ea8bbae2165c1b8dbcabd5f28b2b22) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Antonin Godard <antonin.godard@bootlin.com> 2024-10-09 09:40:59 +0200
committer: Steve Sakoman <steve@sakoman.com> 2024-10-24 06:31:59 -0700
commit: 67fd2ee995f313f4e09d07cda5d59ca5dda62646 (patch)
tree: 8c1064dd19891852503c628ebb07d52a8537a189 /documentation
parent: ca77e7584675089fd91641313582fe21c6cb31fa (diff)
download: poky-67fd2ee995f313f4e09d07cda5d59ca5dda62646.tar.gz
1 files changed, 11 insertions, 4 deletions
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 70d8d8baeb..757cce5fb8 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -135,7 +135,7 @@ system and gives an overview of their function and contents.
      appear in :term:`DISTRO_FEATURES` within the current configuration, then
      the recipe will be skipped, and if the build system attempts to build
      the recipe then an error will be triggered.
-      
   :term:`APPEND`
      An override list of append strings for each target specified with
@@ -1521,6 +1521,10 @@ system and gives an overview of their function and contents.
         variable only in certain contexts (e.g. when building for kernel
         and kernel module recipes).
+   :term:`CVE_CHECK_CREATE_MANIFEST`
+      Specifies whether to create a CVE manifest to place in the deploy
+      directory. The default is "1".
   :term:`CVE_CHECK_IGNORE`
      The list of CVE IDs which are ignored. Here is
      an example from the :oe_layerindex:`Python3 recipe</layerindex/recipe/23823>`::
@@ -1528,6 +1532,10 @@ system and gives an overview of their function and contents.
         # This is windows only issue.
         CVE_CHECK_IGNORE += "CVE-2020-15523"
+   :term:`CVE_CHECK_MANIFEST_JSON`
+      Specifies the path to the CVE manifest in JSON format. See
+      :term:`CVE_CHECK_CREATE_MANIFEST`.
   :term:`CVE_CHECK_REPORT_PATCHED`
      Specifies whether or not the :ref:`ref-classes-cve-check`
      class should report patched or ignored CVEs. The default is "1", but you
@@ -2489,8 +2497,8 @@ system and gives an overview of their function and contents.
      .. note::
         From a security perspective, hardcoding a default password is not
-         generally a good idea or even legal in some jurisdictions. It is 
+         generally a good idea or even legal in some jurisdictions. It is
-         recommended that you do not do this if you are building a production 
+         recommended that you do not do this if you are building a production
         image.
      Additionally there is a special ``passwd-expire`` command that will
@@ -9554,4 +9562,3 @@ system and gives an overview of their function and contents.
      On systems where many tasks run in parallel, setting a limit to this
      can be helpful in controlling system resource usage.
author	Antonin Godard <antonin.godard@bootlin.com>	2024-10-09 09:40:59 +0200
committer	Steve Sakoman <steve@sakoman.com>	2024-10-24 06:31:59 -0700
commit	67fd2ee995f313f4e09d07cda5d59ca5dda62646 (patch)
tree	8c1064dd19891852503c628ebb07d52a8537a189 /documentation
parent	ca77e7584675089fd91641313582fe21c6cb31fa (diff)
download	poky-67fd2ee995f313f4e09d07cda5d59ca5dda62646.tar.gz