diff options
author | Ross Burton <ross.burton@arm.com> | 2023-01-13 17:14:31 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-02-13 07:44:09 +0000 |
commit | c7fafc86a1cba37e92d4e692c33c212243321907 (patch) | |
tree | 6b86216ffe8737f6147ff3c2df17f7d068dbf267 | |
parent | a4eed2134159929d699520a7445d6f70a13c2578 (diff) | |
download | poky-c7fafc86a1cba37e92d4e692c33c212243321907.tar.gz |
cve-update-db-native: show IP on failure
We get random SSL failures when fetching the CVE database, and it's
notable that the NVD server is behind a DNS round-robin or geographically
diverse servers.
On a hunch that there is one misconfigured server, dump the IP that we
connected to.
(From OE-Core rev: 48c0e427675f4c99c395cc0a75743ac70eb64802)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91f46d431dc8f40e8c6475c800bb61cb08b82b0a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 28605bc13b..efc32470d3 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
@@ -129,7 +129,10 @@ def update_db_file(db_tmp_file, d): | |||
129 | response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) | 129 | response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) |
130 | except urllib.error.URLError as e: | 130 | except urllib.error.URLError as e: |
131 | cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') | 131 | cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') |
132 | bb.warn("Failed to fetch CVE data (%s)" % e.reason) | 132 | bb.warn("Failed to fetch CVE data (%s)" % e) |
133 | import socket | ||
134 | result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP) | ||
135 | bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result))) | ||
133 | return False | 136 | return False |
134 | 137 | ||
135 | if response: | 138 | if response: |