diff options
author | Ross Burton <ross.burton@arm.com> | 2022-04-27 12:43:39 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-28 11:51:41 +0100 |
commit | fa553eb643303b94839a184ac7e42972be0854ea (patch) | |
tree | 36b38a54d075ac1897ffc17662fc36b8715b0b9e /meta/lib | |
parent | 51f7dfe9145e8f4dbaeac02d4ccea2fec4c62fb6 (diff) | |
download | poky-fa553eb643303b94839a184ac7e42972be0854ea.tar.gz |
cve_check: skip remote patches that haven't been fetched when searching for CVE tags
If a remote patch is compressed we need to have run the unpack task for
the file to exist locally. Currently cve_check only depends on fetch so
instead of erroring out, emit a warning that this file won't be scanned
for CVE references.
Typically, remote compressed patches won't contain our custom tags, so
this is unlikely to be an issue.
(From OE-Core rev: cefc8741438c91f74264da6b59dece2e31f9e5a5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
-rw-r--r-- | meta/lib/oe/cve_check.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index e445b7a6ae..dc7d2e2826 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py | |||
@@ -89,9 +89,10 @@ def get_patched_cves(d): | |||
89 | for url in oe.patch.src_patches(d): | 89 | for url in oe.patch.src_patches(d): |
90 | patch_file = bb.fetch.decodeurl(url)[2] | 90 | patch_file = bb.fetch.decodeurl(url)[2] |
91 | 91 | ||
92 | # Remote compressed patches may not be unpacked, so silently ignore them | ||
92 | if not os.path.isfile(patch_file): | 93 | if not os.path.isfile(patch_file): |
93 | bb.error("File Not found: %s" % patch_file) | 94 | bb.warn("%s does not exist, cannot extract CVE list" % patch_file) |
94 | raise FileNotFoundError | 95 | continue |
95 | 96 | ||
96 | # Check patch file name for CVE ID | 97 | # Check patch file name for CVE ID |
97 | fname_match = cve_file_name_match.search(patch_file) | 98 | fname_match = cve_file_name_match.search(patch_file) |