patchtest: Add test for deprecated CVE_CHECK_IGNORE

If a recipes was modified recommand the use of `CVE_STATUS` instead if
`CVE_CHECK_IGNORE` is used. This is a depreacted variable and will
result in a warning from the cve-check.class and should hence not be
used anymore. [YOCTO #15311]

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/lib/patchtest/tests/test_metadata.py b/meta/lib/patchtest/tests/test_metadata.py
index b6f4456ad2eba53555837c988cc2160d52f55fd8..174dfc31c6638276547210be8d696513aa1a0fd7 100644 (file)
--- a/meta/lib/patchtest/tests/test_metadata.py
+++ b/meta/lib/patchtest/tests/test_metadata.py
@@ -25,6 +25,8 @@ class TestMetadata(base.Metadata):
     sha256sum = 'sha256sum'
     git_regex = pyparsing.Regex('^git\:\/\/.*')
     metadata_summary = 'SUMMARY'
+    cve_check_ignore_var = 'CVE_CHECK_IGNORE'
+    cve_status_var = 'CVE_STATUS'
 
     def test_license_presence(self):
         if not self.added:
@@ -178,3 +180,16 @@ class TestMetadata(base.Metadata):
             # "${PN} version ${PN}-${PR}" is the default, so fail if default
             if summary.startswith('%s version' % pn):
                 self.fail('%s is missing in newly added recipe' % self.metadata_summary)
+
+    def test_cve_check_ignore(self):
+        if not self.modified:
+            self.skip('No modified recipes, skipping test')
+        for pn in self.modified:
+            # we are not interested in images
+            if 'core-image' in pn:
+                continue
+            rd = self.tinfoil.parse_recipe(pn)
+            cve_check_ignore = rd.getVar(self.cve_check_ignore_var)
+
+            if cve_check_ignore is not None:
+                self.fail('%s is deprecated and should be replaced by %s' % (self.cve_check_ignore_var, self.cve_status_var))