go: use go as CVE product for all golang recipe veriants

All golang vulnerabilities are reported under product 'go'.

By default there is no vulnerability reported for images with
golang components because none of used golang packages
have correct CVE product set:
* go-binary-native
* go-runtime
* go-cross-*

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-devtools/go/go-binary-native_1.20.1.bb b/meta/recipes-devtools/go/go-binary-native_1.20.1.bb
index 3eb80fdcce6d8a1115ab885457cdcdbafde93884..239334552aeb1b22c38d15ae94f6a8cbd8ff8b47 100644 (file)
--- a/meta/recipes-devtools/go/go-binary-native_1.20.1.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.20.1.bb
@@ -16,6 +16,8 @@ SRC_URI[go_linux_ppc64le.sha256sum] = "85cfd4b89b48c94030783b6e9e619e35557862358
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
 
+CVE_PRODUCT = "go"
+
 S = "${WORKDIR}/go"
 
 inherit goarch native

diff --git a/meta/recipes-devtools/go/go-common.inc b/meta/recipes-devtools/go/go-common.inc
index 83f8db7b39733968f18a42cd21f96819f7030216..96e32eeb978a33e230099783bb22ceec2fe88566 100644 (file)
--- a/meta/recipes-devtools/go/go-common.inc
+++ b/meta/recipes-devtools/go/go-common.inc
@@ -19,6 +19,9 @@ S = "${WORKDIR}/go"
 B = "${S}"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"
 
+# all recipe variants are created from the same product
+CVE_PRODUCT = "go"
+
 INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
 SSTATE_SCAN_CMD = "true"