Re: [OE-core] [PATCH 1/4] cve-update-db: New recipe to update CVE database

Thu, 27 Jun 2019 00:32:38 -0700 

On Wed, 2019-06-19 at 15:59 +0200, Pierre Le Magourou wrote:
> From: Pierre Le Magourou <pierre.lemagou...@softbankrobotics.com>
> 
> cve-check-tool-native do_populate_cve_db task was using deprecated
> NVD
> xml data feeds, cve-update-db uses NVD json data feeds.
> 
> Sqlite database schema was updated to take into account CVSSv3 CVE
> scores and operator in affected product versions.
> A new META table was added to store the last modification date of the
> NVD json data feeds.
> 
> Signed-off-by: Pierre Le Magourou <
> pierre.lemagou...@softbankrobotics.com>
> ---
>  meta/recipes-core/meta/cve-update-db.bb | 121
> ++++++++++++++++++++++++++++++++
>  1 file changed, 121 insertions(+)
>  create mode 100644 meta/recipes-core/meta/cve-update-db.bb
> 
> diff --git a/meta/recipes-core/meta/cve-update-db.bb b/meta/recipes-
> core/meta/cve-update-db.bb
> new file mode 100644
> index 0000000000..522fd23807
> --- /dev/null
> +++ b/meta/recipes-core/meta/cve-update-db.bb
> @@ -0,0 +1,121 @@
> +SUMMARY = "Updates the NVD CVE database"
> +LICENSE = "MIT"
> +
> +INHIBIT_DEFAULT_DEPS = "1"
> +PACKAGES = ""
> +
> +inherit nopackages
> +
> +deltask do_fetch
> +deltask do_unpack
> +deltask do_patch
> +deltask do_configure
> +deltask do_compile
> +deltask do_install
> +deltask do_populate_sysroot
> +
> +python do_populate_cve_db() {
> +    """
> +    Update NVD database with json data feed
> +    """
> +
> +    import sqlite3, urllib3, shutil, gzip, re
> +    from datetime import date
> +
> +    BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-";
> +    YEAR_START = 2002
> +    JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz'

It looks like CVE_CHECK_DB_DIR has no default value which resulted in:

https://autobuilder.yoctoproject.org/typhoon/#/builders/23/builds/988/steps/7/logs/step1b

We only started seeing that error after your later patch to add back
the do_fetch task. build-appliance is trying to collect up all the
sources it may need.

Cheers,

Richard





-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to