diff options
author | Jussi Kukkonen <jussi.kukkonen@intel.com> | 2017-02-09 21:38:33 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-02-15 09:29:42 -0800 |
commit | 73bd11d5190a072064128cc13b4537154d07b129 (patch) | |
tree | f46ae6610a6d264cd8349d7cda9ee42be101c926 /meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb | |
parent | 2da6b01893d0afe8750bd0b12a8d55aafa82f58c (diff) | |
download | openembedded-core-contrib-73bd11d5190a072064128cc13b4537154d07b129.tar.gz |
cve-check-tool: Use CA cert bundle in correct sysroot
Native libcurl looks for CA certs in the wrong place by
default.
* Add patch that allows overriding the default CA certificate
location. Patch is originally from meta-security-isafw.
* Use the new --cacert to set the correct CA bundle path
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb')
-rw-r--r-- | meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb index c78af6728c..fcd3182931 100644 --- a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb +++ b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e8c1458438ead3c34974bc0be3a03ed6" SRC_URI = "https://github.com/ikeydoherty/${BPN}/releases/download/v${PV}/${BP}.tar.xz \ file://check-for-malloc_trim-before-using-it.patch \ file://0001-print-progress-in-percent-when-downloading-CVE-db.patch \ + file://0001-curl-allow-overriding-default-CA-certificate-file.patch \ " SRC_URI[md5sum] = "c5f4247140fc9be3bf41491d31a34155" @@ -39,7 +40,8 @@ do_populate_cve_db() { [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check" bbdebug 2 "Updating cve-check-tool database located in $cve_dir" - if cve-check-update -d "$cve_dir" ; then + # --cacert works around curl-native not finding the CA bundle + if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date --utc +'%F %T')" > "$cve_file" else bbwarn "Error in executing cve-check-update" |