diff options
| author | Konstantin Shemyak <konstantin.shemyak@ge.com> | 2018-02-19 16:35:54 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-02-24 10:31:46 +0000 |
| commit | 2e07b1c0bb6e88cd0338b477ab9e69b1fe605e6c (patch) | |
| tree | 8319c38b5618fbd105441c10fec3117113d708c3 | |
| parent | 6c0c3220aa82e3cace95a1184592985163bc0efd (diff) | |
| download | poky-2e07b1c0bb6e88cd0338b477ab9e69b1fe605e6c.tar.gz | |
cve-check-tool: correctly exported web proxies
The binary 'cve-check-update' downloads the CVE database from the Internet.
If the system is behind a web proxy, the download fails, as proxy-related
variables are not exported.
In turn, 'cve-check-tool' does not connect to the network and correspondingly
does not need exported proxies.
Exported all proxy-related environment variables to 'cve-check-update' and
removed the unneeded export from 'cve-check-tool'.
(From OE-Core rev: 17db210975c740aff12732c511cf4fb32b507365)
Signed-off-by: Konstantin Shemyak <konstantin.shemyak@ge.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/cve-check.bbclass | 3 | ||||
| -rw-r--r-- | meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb | 1 |
2 files changed, 1 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index d8087dd7c6..537659df12 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -184,9 +184,6 @@ def check_cves(d, patched_cves): | |||
| 184 | bb.note("Recipe has been whitelisted, skipping check") | 184 | bb.note("Recipe has been whitelisted, skipping check") |
| 185 | return ([], []) | 185 | return ([], []) |
| 186 | 186 | ||
| 187 | # It is needed to export the proxies to download the database using HTTP | ||
| 188 | bb.utils.export_proxies(d) | ||
| 189 | |||
| 190 | try: | 187 | try: |
| 191 | # Write the faux CSV file to be used with cve-check-tool | 188 | # Write the faux CSV file to be used with cve-check-tool |
| 192 | fd, faux = tempfile.mkstemp(prefix="cve-faux-") | 189 | fd, faux = tempfile.mkstemp(prefix="cve-faux-") |
diff --git a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb index 7b70daa323..1c84fb1cf2 100644 --- a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb +++ b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb | |||
| @@ -41,6 +41,7 @@ do_populate_cve_db() { | |||
| 41 | [ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK" | 41 | [ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK" |
| 42 | [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check" | 42 | [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check" |
| 43 | 43 | ||
| 44 | unused="${@bb.utils.export_proxies(d)}" | ||
| 44 | bbdebug 2 "Updating cve-check-tool database located in $cve_dir" | 45 | bbdebug 2 "Updating cve-check-tool database located in $cve_dir" |
| 45 | # --cacert works around curl-native not finding the CA bundle | 46 | # --cacert works around curl-native not finding the CA bundle |
| 46 | if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then | 47 | if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then |