summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPierre Le Magourou <pierre.lemagourou@softbankrobotics.com>2019-06-27 16:59:17 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-06-28 13:28:32 +0100
commit975793e3825a2a9ca6dc0e43577f680214cb7993 (patch)
treef796d1e44347395390753524d97479e12dd607a6
parentf65013af8e556b8e56001fae147aac890fb1836c (diff)
downloadopenembedded-core-contrib-975793e3825a2a9ca6dc0e43577f680214cb7993.tar.gz
cve-update-db: do_populate_cve_db depends on do_fetch
To be able to populate NVD database on a fetchall (bitbake <image> --run-all=fetch), set the do_populate_cve_db task to be executed before do_fetch. Do not get CVE_CHECK_DB_DIR, CVE_CHECK_DB_FILE and CVE_CHECK_TMP_FILE variable because do_populate_cve_db can be called in a context where cve-check class is not loaded. Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db.bb21
1 files changed, 13 insertions, 8 deletions
diff --git a/meta/recipes-core/meta/cve-update-db.bb b/meta/recipes-core/meta/cve-update-db.bb
index 4c896dc880..3e5bae8b1d 100644
--- a/meta/recipes-core/meta/cve-update-db.bb
+++ b/meta/recipes-core/meta/cve-update-db.bb
@@ -6,7 +6,6 @@ PACKAGES = ""
inherit nopackages
-deltask do_fetch
deltask do_unpack
deltask do_patch
deltask do_configure
@@ -24,11 +23,16 @@ python do_populate_cve_db() {
BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
YEAR_START = 2002
- JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz'
+
+ db_dir = d.getVar("DL_DIR") + '/CVE_CHECK'
+ db_file = db_dir + '/nvd-json.db'
+ json_tmpfile = db_dir + '/nvd.json.gz'
proxy = d.getVar("https_proxy")
+ if not os.path.isdir(db_dir):
+ os.mkdir(db_dir)
+
# Connect to database
- db_file = d.getVar("CVE_CHECK_DB_FILE")
conn = sqlite3.connect(db_file)
c = conn.cursor()
@@ -55,9 +59,9 @@ python do_populate_cve_db() {
req = urllib.request.Request(json_url)
if proxy:
req.set_proxy(proxy, 'https')
- with urllib.request.urlopen(req) as r, open(JSON_TMPFILE, 'wb') as tmpfile:
+ with urllib.request.urlopen(req) as r, open(json_tmpfile, 'wb') as tmpfile:
shutil.copyfileobj(r, tmpfile)
- with gzip.open(JSON_TMPFILE, 'rt') as jsonfile:
+ with gzip.open(json_tmpfile, 'rt') as jsonfile:
update_db(c, jsonfile)
c.execute("insert or replace into META values (?, ?)",
[year, last_modified])
@@ -65,8 +69,9 @@ python do_populate_cve_db() {
conn.commit()
conn.close()
- with open(d.getVar("CVE_CHECK_TMP_FILE"), 'a'):
- os.utime(d.getVar("CVE_CHECK_TMP_FILE"), None)
+ cve_check_tmp_file = d.getVar("TMPDIR") + '/cve_check'
+ with open(cve_check_tmp_file, 'a'):
+ os.utime(cve_check_tmp_file, None)
}
# DJB2 hash algorithm
@@ -120,7 +125,7 @@ def update_db(c, json_filename):
-addtask do_populate_cve_db before do_cve_check
+addtask do_populate_cve_db before do_fetch
do_populate_cve_db[nostamp] = "1"
EXCLUDE_FROM_WORLD = "1"