summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonstantin Shemyak <konstantin.shemyak@ge.com>2018-02-19 16:35:54 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-02-24 10:31:46 +0000
commit2e07b1c0bb6e88cd0338b477ab9e69b1fe605e6c (patch)
tree8319c38b5618fbd105441c10fec3117113d708c3
parent6c0c3220aa82e3cace95a1184592985163bc0efd (diff)
downloadpoky-2e07b1c0bb6e88cd0338b477ab9e69b1fe605e6c.tar.gz
cve-check-tool: correctly exported web proxies
The binary 'cve-check-update' downloads the CVE database from the Internet. If the system is behind a web proxy, the download fails, as proxy-related variables are not exported. In turn, 'cve-check-tool' does not connect to the network and correspondingly does not need exported proxies. Exported all proxy-related environment variables to 'cve-check-update' and removed the unneeded export from 'cve-check-tool'. (From OE-Core rev: 17db210975c740aff12732c511cf4fb32b507365) Signed-off-by: Konstantin Shemyak <konstantin.shemyak@ge.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/cve-check.bbclass3
-rw-r--r--meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb1
2 files changed, 1 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index d8087dd7c6..537659df12 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -184,9 +184,6 @@ def check_cves(d, patched_cves):
184 bb.note("Recipe has been whitelisted, skipping check") 184 bb.note("Recipe has been whitelisted, skipping check")
185 return ([], []) 185 return ([], [])
186 186
187 # It is needed to export the proxies to download the database using HTTP
188 bb.utils.export_proxies(d)
189
190 try: 187 try:
191 # Write the faux CSV file to be used with cve-check-tool 188 # Write the faux CSV file to be used with cve-check-tool
192 fd, faux = tempfile.mkstemp(prefix="cve-faux-") 189 fd, faux = tempfile.mkstemp(prefix="cve-faux-")
diff --git a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
index 7b70daa323..1c84fb1cf2 100644
--- a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
+++ b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
@@ -41,6 +41,7 @@ do_populate_cve_db() {
41 [ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK" 41 [ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK"
42 [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check" 42 [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check"
43 43
44 unused="${@bb.utils.export_proxies(d)}"
44 bbdebug 2 "Updating cve-check-tool database located in $cve_dir" 45 bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
45 # --cacert works around curl-native not finding the CA bundle 46 # --cacert works around curl-native not finding the CA bundle
46 if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then 47 if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then