From: Ross Burton <ross.bur...@arm.com>
If a remote patch is compressed we need to have run the unpack task for
the file to exist locally. Currently cve_check only depends on fetch so
instead of erroring out, emit a warning that this file won't be scanned
for CVE references.
Typically, remote compressed patches won't contain our custom tags, so
this is unlikely to be an issue.
Signed-off-by: Ross Burton <ross.bur...@arm.com>
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
(cherry picked from commit cefc8741438c91f74264da6b59dece2e31f9e5a5)
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
meta/lib/oe/cve_check.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index e445b7a6ae..dc7d2e2826 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -89,9 +89,10 @@ def get_patched_cves(d):
for url in oe.patch.src_patches(d):
patch_file = bb.fetch.decodeurl(url)[2]
+ # Remote compressed patches may not be unpacked, so silently ignore
them
if not os.path.isfile(patch_file):
- bb.error("File Not found: %s" % patch_file)
- raise FileNotFoundError
+ bb.warn("%s does not exist, cannot extract CVE list" % patch_file)
+ continue
# Check patch file name for CVE ID
fname_match = cve_file_name_match.search(patch_file)
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165022):
https://lists.openembedded.org/g/openembedded-core/message/165022
Mute This Topic: https://lists.openembedded.org/mt/90779133/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
