diff options
author | Ross Burton <ross.burton@intel.com> | 2018-02-09 12:43:17 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-02-16 18:05:40 +0000 |
commit | 325096cd2a801b6e1a741be8deaf272e9b5f3f37 (patch) | |
tree | 82317652cc9268cbd30e40a5df963692311db58d | |
parent | 4873716c0cb436c82e877db2bba2d748b675c08b (diff) | |
download | poky-325096cd2a801b6e1a741be8deaf272e9b5f3f37.tar.gz |
cve-check: short-circuit checking if CVE_PRODUCT isn't set
For some recipes is is meaningless to do a CVE check, for example packagegroups
or images. Check that CVE_PRODUCT is set and short-circuit the scan if it
isn't.
(From OE-Core rev: d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/classes/cve-check.bbclass | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 061e883fa7..d8087dd7c6 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves): | |||
169 | cves_patched = [] | 169 | cves_patched = [] |
170 | cves_unpatched = [] | 170 | cves_unpatched = [] |
171 | bpn = d.getVar("CVE_PRODUCT") | 171 | bpn = d.getVar("CVE_PRODUCT") |
172 | # If this has been unset then we're not scanning for CVEs here (for example, image recipes) | ||
173 | if not bpn: | ||
174 | return ([], []) | ||
172 | pv = d.getVar("CVE_VERSION").split("+git")[0] | 175 | pv = d.getVar("CVE_VERSION").split("+git")[0] |
173 | cves = " ".join(patched_cves) | 176 | cves = " ".join(patched_cves) |
174 | cve_db_dir = d.getVar("CVE_CHECK_DB_DIR") | 177 | cve_db_dir = d.getVar("CVE_CHECK_DB_DIR") |