On Fri, 2024-08-16 at 15:18 +0200, Marta Rybczynska wrote: > > > On Fri, Aug 16, 2024 at 3:05 PM Richard Purdie > <[email protected]> wrote: > > On Fri, 2024-08-16 at 14:23 +0200, Marta Rybczynska via > > lists.openembedded.org wrote: > > > Update the recent code adding local/source database files. Add LOCAL and > > > SOURCE part to variable names, as none of them needs to be in DL_DIR. > > > Use old variable names for the source files, so that the change should be > > > invisible to users after backporting. > > > > > > At the same time fix a bug: handle a situation when both point to the > > > same place (was: a deadlock). > > > > > > Fixes: 03596904392d257572a905a182b92c780d636744 (cve_check: Use a local > > > copy of the database during builds) > > > > > > Signed-off-by: Marta Rybczynska <[email protected]> > > > --- > > > meta/classes/cve-check.bbclass | 14 ++++++------- > > > .../meta/cve-update-nvd2-native.bb | 21 ++++++++++++------- > > > 2 files changed, 21 insertions(+), 14 deletions(-) > > > > I'm not convinced about this I'm afraid. I think do_fetch should put > > data into DL_DIR and share it, "cve-update-nvd2" isn't special in that > > regard. We do want to have our source artefacts stored in one place > > consistently. > > > > If we keep DL_DIR, the naming the makes sense? > > I'm not sure I understand. I haven't changed the fact that it gets stored in > DL_DIR (after download, because you have moved the download itself to the > local dir > - maybe that wasn't your intent).
I reached the wrong conclusion from reading the commit message, I thought you were saying that the file shouldn't be in DL_DIR. You're saying only that it might not be. We can tweak the commit message to better explain that, but I'm still not convinced about the naming. > More about my use-case, that can give context: I tell many of my customers to > override > the variable, download outside of DL_DIR and then move the database file > manually while > disabling the automatic download. > > This is the way I have found to have consistent scan results when running > multiple image > builds in different configurations (various hardware platforms) on machines > that do not > share a filesystem. The use case helps thanks. I am worried that "local" doesn't really make it clear which variable does what. For example, if I want the build to use a local file, perhaps I need to set the one with "local" in it? The trouble with naming is that right now, it is really obvious to us but in a few months time, this probably won't be clear and new users to this code will face a similar issue. I therefore do want to get this naming right. With my previous patch, I tried to only change what I saw as "internal" variables which are recipe specific. I'm not a big fan of having to set global variables to influence a single recipe. Perhaps people wanting to use a specific database file should just place it in DL_DIR and configure the code not to update the database and just use it as is? Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203465): https://lists.openembedded.org/g/openembedded-core/message/203465 Mute This Topic: https://lists.openembedded.org/mt/107930586/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
