cve-update-db: Catch request.urlopen errors.

If the NVD url is not accessible, print a warning on top of the CVE report, and continue. The database will not be fully updated, but cve_check can still run on the previous database. (From OE-Core rev: 0325dd72714f0b447558084f481b77f0ec850eed) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> 2019-07-03 11:35:06 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-05 12:00:20 +0100
commit: 4a68a44f56c725914cfa721993a2ea8a3dc6ebd5 (patch)
tree: 3cf1d843f0466b395ff94bb67a9499e59f641cbb /meta/classes
parent: a61354e965561b5d108d89864b5f9c8d15fbee39 (diff)
download: poky-4a68a44f56c725914cfa721993a2ea8a3dc6ebd5.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 1e7e8dd441..81071e3f19 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -51,14 +51,15 @@ python do_cve_check () {
    Check recipe for patched and unpatched CVEs
    """
-    if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")):
+    if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
        patched_cves = get_patches_cves(d)
        patched, unpatched = check_cves(d, patched_cves)
        if patched or unpatched:
            cve_data = get_cve_info(d, patched + unpatched)
            cve_write_data(d, patched, unpatched, cve_data)
    else:
-        bb.note("Failed to update CVE database, skipping CVE check")
+        bb.note("No CVE database found, skipping CVE check")
 }
 addtask cve_check after do_unpack before do_build
author	Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>	2019-07-03 11:35:06 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-05 12:00:20 +0100
commit	4a68a44f56c725914cfa721993a2ea8a3dc6ebd5 (patch)
tree	3cf1d843f0466b395ff94bb67a9499e59f641cbb /meta/classes
parent	a61354e965561b5d108d89864b5f9c8d15fbee39 (diff)
download	poky-4a68a44f56c725914cfa721993a2ea8a3dc6ebd5.tar.gz

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 1e7e8dd441..81071e3f19 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -51,14 +51,15 @@ python do_cve_check () {
51	Check recipe for patched and unpatched CVEs	51	Check recipe for patched and unpatched CVEs
52	"""	52	"""
53		53
54	if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")):	54	if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
55	patched_cves = get_patches_cves(d)	55	patched_cves = get_patches_cves(d)
56	patched, unpatched = check_cves(d, patched_cves)	56	patched, unpatched = check_cves(d, patched_cves)
57	if patched or unpatched:	57	if patched or unpatched:
58	cve_data = get_cve_info(d, patched + unpatched)	58	cve_data = get_cve_info(d, patched + unpatched)
59	cve_write_data(d, patched, unpatched, cve_data)	59	cve_write_data(d, patched, unpatched, cve_data)
60	else:	60	else:
61	bb.note("Failed to update CVE database, skipping CVE check")	61	bb.note("No CVE database found, skipping CVE check")
		62
62	}	63	}
63		64
64	addtask cve_check after do_unpack before do_build	65	addtask cve_check after do_unpack before do_build