summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2018-02-09 12:43:17 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-02-16 18:05:40 +0000
commit325096cd2a801b6e1a741be8deaf272e9b5f3f37 (patch)
tree82317652cc9268cbd30e40a5df963692311db58d
parent4873716c0cb436c82e877db2bba2d748b675c08b (diff)
downloadpoky-325096cd2a801b6e1a741be8deaf272e9b5f3f37.tar.gz
cve-check: short-circuit checking if CVE_PRODUCT isn't set
For some recipes is is meaningless to do a CVE check, for example packagegroups or images. Check that CVE_PRODUCT is set and short-circuit the scan if it isn't. (From OE-Core rev: d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/cve-check.bbclass3
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061e883fa7..d8087dd7c6 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves):
169 cves_patched = [] 169 cves_patched = []
170 cves_unpatched = [] 170 cves_unpatched = []
171 bpn = d.getVar("CVE_PRODUCT") 171 bpn = d.getVar("CVE_PRODUCT")
172 # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
173 if not bpn:
174 return ([], [])
172 pv = d.getVar("CVE_VERSION").split("+git")[0] 175 pv = d.getVar("CVE_VERSION").split("+git")[0]
173 cves = " ".join(patched_cves) 176 cves = " ".join(patched_cves)
174 cve_db_dir = d.getVar("CVE_CHECK_DB_DIR") 177 cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")