diff options
author | Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> | 2019-06-27 16:59:17 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-06-28 13:28:32 +0100 |
commit | 975793e3825a2a9ca6dc0e43577f680214cb7993 (patch) | |
tree | f796d1e44347395390753524d97479e12dd607a6 /meta | |
parent | f65013af8e556b8e56001fae147aac890fb1836c (diff) | |
download | openembedded-core-contrib-975793e3825a2a9ca6dc0e43577f680214cb7993.tar.gz |
cve-update-db: do_populate_cve_db depends on do_fetch
To be able to populate NVD database on a fetchall
(bitbake <image> --run-all=fetch), set the do_populate_cve_db task to be
executed before do_fetch.
Do not get CVE_CHECK_DB_DIR, CVE_CHECK_DB_FILE and CVE_CHECK_TMP_FILE
variable because do_populate_cve_db can be called in a context where
cve-check class is not loaded.
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/meta/cve-update-db.bb | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/meta/recipes-core/meta/cve-update-db.bb b/meta/recipes-core/meta/cve-update-db.bb index 4c896dc880..3e5bae8b1d 100644 --- a/meta/recipes-core/meta/cve-update-db.bb +++ b/meta/recipes-core/meta/cve-update-db.bb @@ -6,7 +6,6 @@ PACKAGES = "" inherit nopackages -deltask do_fetch deltask do_unpack deltask do_patch deltask do_configure @@ -24,11 +23,16 @@ python do_populate_cve_db() { BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" YEAR_START = 2002 - JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz' + + db_dir = d.getVar("DL_DIR") + '/CVE_CHECK' + db_file = db_dir + '/nvd-json.db' + json_tmpfile = db_dir + '/nvd.json.gz' proxy = d.getVar("https_proxy") + if not os.path.isdir(db_dir): + os.mkdir(db_dir) + # Connect to database - db_file = d.getVar("CVE_CHECK_DB_FILE") conn = sqlite3.connect(db_file) c = conn.cursor() @@ -55,9 +59,9 @@ python do_populate_cve_db() { req = urllib.request.Request(json_url) if proxy: req.set_proxy(proxy, 'https') - with urllib.request.urlopen(req) as r, open(JSON_TMPFILE, 'wb') as tmpfile: + with urllib.request.urlopen(req) as r, open(json_tmpfile, 'wb') as tmpfile: shutil.copyfileobj(r, tmpfile) - with gzip.open(JSON_TMPFILE, 'rt') as jsonfile: + with gzip.open(json_tmpfile, 'rt') as jsonfile: update_db(c, jsonfile) c.execute("insert or replace into META values (?, ?)", [year, last_modified]) @@ -65,8 +69,9 @@ python do_populate_cve_db() { conn.commit() conn.close() - with open(d.getVar("CVE_CHECK_TMP_FILE"), 'a'): - os.utime(d.getVar("CVE_CHECK_TMP_FILE"), None) + cve_check_tmp_file = d.getVar("TMPDIR") + '/cve_check' + with open(cve_check_tmp_file, 'a'): + os.utime(cve_check_tmp_file, None) } # DJB2 hash algorithm @@ -120,7 +125,7 @@ def update_db(c, json_filename): -addtask do_populate_cve_db before do_cve_check +addtask do_populate_cve_db before do_fetch do_populate_cve_db[nostamp] = "1" EXCLUDE_FROM_WORLD = "1" |