From: Yuta Hayama <hay...@lineo.co.jp> Signed-off-by: Yuta Hayama <hay...@lineo.co.jp> --- Please do not apply this. For now, this is just my question.
I think the issue of [YOCTO #14929] is partially still there. https://bugzilla.yoctoproject.org/show_bug.cgi?id=14929 Certainly, now that 8efe99214d has been applied, do_cve_check no longer runs on broken DB file. However, if the first cve-update-nvd2-native:do_fetch run after creating the build environment fails to save CVE_CHECK_DB_FILE, do_fetch will have succeeded even though the DB file does not exist. This may be confusing. * do_cve_check seems to exit without doing anything if CVE_CHECK_DB_FILE is not existing. At this time, do_cve_check only logs in bb.note() and nothing seems to appear in the console. This may make it difficult for the user to understand what happened. * Similar to cve-update-nvd2-native:do_fetch, do_cve_check is also successful even though it does not actually do anything. Yes, a check like this patch may be needed for cve-check.bbclass... I have written a task in our own recipe (sorry, we can't publish it) that depends on do_cve_check and expects ${WORKDIR}/temp/cve.log to be present, but I have found that the task may not work because of this. I don't know if I didn't understand do_cve_check well or if the current behavior is not good... First, I would like to ask why cve-update-nvd2-native:do_fetch and do_cve_check are completing successfully even when the DB file does not exist. Well, NVD API frequently fails with errors, so I don't think it is necessary to fail the do_fetch task if it "just failed to update". But other than that, I feel it's better to make an error... Thanks, meta/recipes-core/meta/cve-update-nvd2-native.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index bfe48b27e7..42e50d9cd1 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -83,6 +83,9 @@ python do_fetch() { # Update failed, do not modify the database bb.warn("CVE database update failed") os.remove(db_tmp_file) + + if not os.path.isfile(db_file): + bb.error("Failed to fetch the CVE DB. do_cve_check run after this will not work.") } do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#194339): https://lists.openembedded.org/g/openembedded-core/message/194339 Mute This Topic: https://lists.openembedded.org/mt/103968560/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
