summaryrefslogtreecommitdiffstats
path: root/meta/classes/cve-check.bbclass
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2018-02-09 12:43:17 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-02-16 18:05:25 +0000
commitd1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06 (patch)
tree399bc8e0cedddb7eda7caef8ee8e28799b21d3c6 /meta/classes/cve-check.bbclass
parent36fbf96cf284acbc810ff3bf00702f1f82bc0da9 (diff)
downloadopenembedded-core-contrib-d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06.tar.gz
cve-check: short-circuit checking if CVE_PRODUCT isn't set
For some recipes is is meaningless to do a CVE check, for example packagegroups or images. Check that CVE_PRODUCT is set and short-circuit the scan if it isn't. Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r--meta/classes/cve-check.bbclass3
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061e883fa7..d8087dd7c6 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves):
cves_patched = []
cves_unpatched = []
bpn = d.getVar("CVE_PRODUCT")
+ # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
+ if not bpn:
+ return ([], [])
pv = d.getVar("CVE_VERSION").split("+git")[0]
cves = " ".join(patched_cves)
cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")