From 325096cd2a801b6e1a741be8deaf272e9b5f3f37 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Fri, 9 Feb 2018 12:43:17 +0000 Subject: cve-check: short-circuit checking if CVE_PRODUCT isn't set For some recipes is is meaningless to do a CVE check, for example packagegroups or images. Check that CVE_PRODUCT is set and short-circuit the scan if it isn't. (From OE-Core rev: d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 061e883fa7..d8087dd7c6 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -169,6 +169,9 @@ def check_cves(d, patched_cves): cves_patched = [] cves_unpatched = [] bpn = d.getVar("CVE_PRODUCT") + # If this has been unset then we're not scanning for CVEs here (for example, image recipes) + if not bpn: + return ([], []) pv = d.getVar("CVE_VERSION").split("+git")[0] cves = " ".join(patched_cves) cve_db_dir = d.getVar("CVE_CHECK_DB_DIR") -- cgit v1.2.3-54-g00ecf