summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPierre Le Magourou <pierre.lemagourou@softbankrobotics.com>2019-11-06 17:37:24 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-11-07 19:47:26 +0000
commit146c81f2b39f22e8d7c06e34a2473ba73bffac9c (patch)
tree0fc21745c40a42e54f2b2b5d98f390229fa9b81a
parent9555ef7122c23b1455f73f75f311b5b711d102f4 (diff)
downloadpoky-146c81f2b39f22e8d7c06e34a2473ba73bffac9c.tar.gz
cve-update-db: do_populate_cve_db depends on do_fetch
To be able to populate NVD database on a fetchall (bitbake <image> --run-all=fetch), set the do_populate_cve_db task to be executed before do_fetch. Do not get CVE_CHECK_DB_DIR, CVE_CHECK_DB_FILE and CVE_CHECK_TMP_FILE variable because do_populate_cve_db can be called in a context where cve-check class is not loaded. (From OE-Core rev: 975793e3825a2a9ca6dc0e43577f680214cb7993) (From OE-Core rev: 5d265e84ef47ec6545eaa0fa64b16ccbb9e8a4ea) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-core/meta/cve-update-db.bb21
1 files changed, 13 insertions, 8 deletions
diff --git a/meta/recipes-core/meta/cve-update-db.bb b/meta/recipes-core/meta/cve-update-db.bb
index 4c896dc880..3e5bae8b1d 100644
--- a/meta/recipes-core/meta/cve-update-db.bb
+++ b/meta/recipes-core/meta/cve-update-db.bb
@@ -6,7 +6,6 @@ PACKAGES = ""
6 6
7inherit nopackages 7inherit nopackages
8 8
9deltask do_fetch
10deltask do_unpack 9deltask do_unpack
11deltask do_patch 10deltask do_patch
12deltask do_configure 11deltask do_configure
@@ -24,11 +23,16 @@ python do_populate_cve_db() {
24 23
25 BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" 24 BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
26 YEAR_START = 2002 25 YEAR_START = 2002
27 JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz' 26
27 db_dir = d.getVar("DL_DIR") + '/CVE_CHECK'
28 db_file = db_dir + '/nvd-json.db'
29 json_tmpfile = db_dir + '/nvd.json.gz'
28 proxy = d.getVar("https_proxy") 30 proxy = d.getVar("https_proxy")
29 31
32 if not os.path.isdir(db_dir):
33 os.mkdir(db_dir)
34
30 # Connect to database 35 # Connect to database
31 db_file = d.getVar("CVE_CHECK_DB_FILE")
32 conn = sqlite3.connect(db_file) 36 conn = sqlite3.connect(db_file)
33 c = conn.cursor() 37 c = conn.cursor()
34 38
@@ -55,9 +59,9 @@ python do_populate_cve_db() {
55 req = urllib.request.Request(json_url) 59 req = urllib.request.Request(json_url)
56 if proxy: 60 if proxy:
57 req.set_proxy(proxy, 'https') 61 req.set_proxy(proxy, 'https')
58 with urllib.request.urlopen(req) as r, open(JSON_TMPFILE, 'wb') as tmpfile: 62 with urllib.request.urlopen(req) as r, open(json_tmpfile, 'wb') as tmpfile:
59 shutil.copyfileobj(r, tmpfile) 63 shutil.copyfileobj(r, tmpfile)
60 with gzip.open(JSON_TMPFILE, 'rt') as jsonfile: 64 with gzip.open(json_tmpfile, 'rt') as jsonfile:
61 update_db(c, jsonfile) 65 update_db(c, jsonfile)
62 c.execute("insert or replace into META values (?, ?)", 66 c.execute("insert or replace into META values (?, ?)",
63 [year, last_modified]) 67 [year, last_modified])
@@ -65,8 +69,9 @@ python do_populate_cve_db() {
65 conn.commit() 69 conn.commit()
66 conn.close() 70 conn.close()
67 71
68 with open(d.getVar("CVE_CHECK_TMP_FILE"), 'a'): 72 cve_check_tmp_file = d.getVar("TMPDIR") + '/cve_check'
69 os.utime(d.getVar("CVE_CHECK_TMP_FILE"), None) 73 with open(cve_check_tmp_file, 'a'):
74 os.utime(cve_check_tmp_file, None)
70} 75}
71 76
72# DJB2 hash algorithm 77# DJB2 hash algorithm
@@ -120,7 +125,7 @@ def update_db(c, json_filename):
120 125
121 126
122 127
123addtask do_populate_cve_db before do_cve_check 128addtask do_populate_cve_db before do_fetch
124do_populate_cve_db[nostamp] = "1" 129do_populate_cve_db[nostamp] = "1"
125 130
126EXCLUDE_FROM_WORLD = "1" 131EXCLUDE_FROM_WORLD = "1"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-04-26 13:44:33 +0000