The current security-related documentation is a bit hard to find and
hidden within the development manual. However these are processes that
are not part of a development task but is rather a vulnerability
reporting process.
Create a new "Security" section in the documentation to gather this
information. This will be directly visible in the sidebar when opening
the documentation.
Split the previous security-subjects.rst document into 2 documents:
- security-team.rst: defines the roles of the security teams and its
members.
- reporting-vulnerabilities.rst: guide to report vulnerabilities to the
security team.
The plan is to backport these documents to active releases. As a
consequence, this section should be free of instructions and information
that only make sense for a specific release. It should _not_ contain
documents on how to enable security features with Yocto on target
devices, this is unrelated and can be left in the development manual
(for example: dev-manual/vulnerabilities.rst to deal with CVEs).
(From yocto-docs rev: 80556704f8b60b5bf903da497909cfda7dd1b28b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 81e14ca2d5cff9e2104c556655144b069633790c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix as many instances of unbalanced-inline-literals-delimiters as reported by
'make sphinx-lint' as possible. Sphinx and/or its linter seem to get tripped
up randomly when references contain links to heading which contain literals
enclosed in double-back-tics, and not all of them can be "fixed" to pass both
building and linting.
(From yocto-docs rev: 0ba5429953dfa0cdc983ed13ddd06351116031c7)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In the same fashion as the previous commit ("ref-manual/packages: move
ptest section to the test-manual"), move the runtime testing section of
the development tasks manual to the test environment manual.
Add a link to it from the test-manual/intro document.
(From yocto-docs rev: 79aa34db34def525a11c41d951365bcb891318c4)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 6b44257874858db3aa426d3e84a79c41cb4937a3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
[ YOCTO #15106 ]
It makes more sense to document ptests in the test-manual. Since ptests
are still related to packages, keep a link to ptests from packages.rst
to the test-manual.
Reported-by: Yoann Congal <yoann.congal@smile.fr>
(From yocto-docs rev: 110e15c4407dfc03c7d931e4488eb43dbfad7570)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b389c06b709e4791e1cce5e8a5b58f6b0cd03a14)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Newer versions of Sphinx already define a :cve: role that points to
cve.org, instead of the role we defined in conf.py that points to
nvd.nist.gov.
Rename our role to :cve_nist: to avoid warnings (treated as errors).
This is also backwards compatible, meaning we can build the doc with an
older Sphinx if needed.
The file were automatically replaced with following command:
find . -name '*.rst' -exec sed -i 's/:cve:/:cve_nist:/g' {} \+
Cherry pick:
* remove changes to release-notes-5.1.rst, does not exist on this branch.
* release-notes-5.0.4.rst: apply the command to this file as it was
treated previously.
Suggested-By: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 5b86879b3b5f3c51bc7fa5dd2848cf1153a22242)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 15fa3b7e85dde50d7236c1738ad607531cc654b8)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Public hashserver is now at hashserv.yoctoproject.org:8686
(From yocto-docs rev: 5aeb6a6b2799fb72abbfb272271e3175eca14b37)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(From yocto-docs rev: cdce92a0f1595b4cf7b7797f5f95a2d8d8f7d376)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
update recipes changes in 5.0 rc4.
update new recipes, license changes, patched cve and recipes version
changes.
(From yocto-docs rev: 0fc86205668d122d4e550a5eae301cd6997f8a71)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a few missing entries based upon combing through the release
commits, as well as minor tweaks to existing items.
(From yocto-docs rev: 0680ee719edaa31a52f9cb7bd5138b402b1b26ce)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add CVEs from commits
* Add recipe upgrades using layer index branch comparison
* Add contributors from commits
(From yocto-docs rev: 4cf6b62939c226fb9c49b7d61f3d95075a9cd8bd)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch should cover those commits (from poky) :
* 789b10030c (cve-update-nvd2-native: remove rejected cve from database, 2024-03-15)
* 19f27037b2 (cve-update-nvd2-native: add an age threshold for incremental update, 2024-03-13)
* 6ce61b4357 (strace: disable bluetooth support by default, 2023-12-13)
* 381ef628fa (ref-manual: add documentation for the unimplemented-ptest qa warning, 2023-10-10)
(From yocto-docs rev: da44182aa084378dbf7a04bb010cbd87e508a607)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
List systemd changes
Add PACKAGECONFIG-related changes, as well as systemd-boot-native, to
'Miscellaneous changes section'.
Mention the licensing changes in systemd and libsystemd.
Add changes to wic
Summarize changes in 'wic Image Creator enhancements' item.
Add Go language upgrade
There were multiple bumps between Scarthgap and Nanbield, but overall
the version was upgraded from 1.20.10 (in Nanbield) to 1.22.1 (in Scarthgap).
Mention the new class 'go-vendor' in 'Miscellaneous changes'.
Add create_go.py to script changes
Mention this new script, at recipetool, in 'Utility script changes'.
(From yocto-docs rev: 3e24a1cf2f2089beedad11b91fc11b8b402caf87)
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
