summaryrefslogtreecommitdiffstats
path: root/import-layers/yocto-poky/meta/classes/cve-check.bbclass
diff options
context:
space:
mode:
Diffstat (limited to 'import-layers/yocto-poky/meta/classes/cve-check.bbclass')
-rw-r--r--import-layers/yocto-poky/meta/classes/cve-check.bbclass16
1 files changed, 8 insertions, 8 deletions
diff --git a/import-layers/yocto-poky/meta/classes/cve-check.bbclass b/import-layers/yocto-poky/meta/classes/cve-check.bbclass
index bc2f03f7d..537659df1 100644
--- a/import-layers/yocto-poky/meta/classes/cve-check.bbclass
+++ b/import-layers/yocto-poky/meta/classes/cve-check.bbclass
@@ -23,12 +23,12 @@
# The product name that the CVE database uses. Defaults to BPN, but may need to
# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
CVE_PRODUCT ??= "${BPN}"
+CVE_VERSION ??= "${PV}"
CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db"
-CVE_CHECK_LOCAL_DIR ?= "${WORKDIR}/cve"
-CVE_CHECK_LOCAL_FILE ?= "${CVE_CHECK_LOCAL_DIR}/cve.log"
+CVE_CHECK_LOG ?= "${T}/cve.log"
CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
@@ -169,7 +169,10 @@ def check_cves(d, patched_cves):
cves_patched = []
cves_unpatched = []
bpn = d.getVar("CVE_PRODUCT")
- pv = d.getVar("PV").split("+git")[0]
+ # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
+ if not bpn:
+ return ([], [])
+ pv = d.getVar("CVE_VERSION").split("+git")[0]
cves = " ".join(patched_cves)
cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))
@@ -181,9 +184,6 @@ def check_cves(d, patched_cves):
bb.note("Recipe has been whitelisted, skipping check")
return ([], [])
- # It is needed to export the proxies to download the database using HTTP
- bb.utils.export_proxies(d)
-
try:
# Write the faux CSV file to be used with cve-check-tool
fd, faux = tempfile.mkstemp(prefix="cve-faux-")
@@ -251,11 +251,11 @@ def cve_write_data(d, patched, unpatched, cve_data):
CVE manifest if enabled.
"""
- cve_file = d.getVar("CVE_CHECK_LOCAL_FILE")
+ cve_file = d.getVar("CVE_CHECK_LOG")
nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
write_string = ""
unpatched_cves = []
- bb.utils.mkdirhier(d.getVar("CVE_CHECK_LOCAL_DIR"))
+ bb.utils.mkdirhier(os.path.dirname(cve_file))
for cve in sorted(cve_data):
write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
OpenPOWER on IntegriCloud