From 975793e3825a2a9ca6dc0e43577f680214cb7993 Mon Sep 17 00:00:00 2001 From: Pierre Le Magourou Date: Thu, 27 Jun 2019 16:59:17 +0200 Subject: cve-update-db: do_populate_cve_db depends on do_fetch To be able to populate NVD database on a fetchall (bitbake --run-all=fetch), set the do_populate_cve_db task to be executed before do_fetch. Do not get CVE_CHECK_DB_DIR, CVE_CHECK_DB_FILE and CVE_CHECK_TMP_FILE variable because do_populate_cve_db can be called in a context where cve-check class is not loaded. Signed-off-by: Pierre Le Magourou Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db.bb | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db.bb b/meta/recipes-core/meta/cve-update-db.bb index 4c896dc880..3e5bae8b1d 100644 --- a/meta/recipes-core/meta/cve-update-db.bb +++ b/meta/recipes-core/meta/cve-update-db.bb @@ -6,7 +6,6 @@ PACKAGES = "" inherit nopackages -deltask do_fetch deltask do_unpack deltask do_patch deltask do_configure @@ -24,11 +23,16 @@ python do_populate_cve_db() { BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" YEAR_START = 2002 - JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz' + + db_dir = d.getVar("DL_DIR") + '/CVE_CHECK' + db_file = db_dir + '/nvd-json.db' + json_tmpfile = db_dir + '/nvd.json.gz' proxy = d.getVar("https_proxy") + if not os.path.isdir(db_dir): + os.mkdir(db_dir) + # Connect to database - db_file = d.getVar("CVE_CHECK_DB_FILE") conn = sqlite3.connect(db_file) c = conn.cursor() @@ -55,9 +59,9 @@ python do_populate_cve_db() { req = urllib.request.Request(json_url) if proxy: req.set_proxy(proxy, 'https') - with urllib.request.urlopen(req) as r, open(JSON_TMPFILE, 'wb') as tmpfile: + with urllib.request.urlopen(req) as r, open(json_tmpfile, 'wb') as tmpfile: shutil.copyfileobj(r, tmpfile) - with gzip.open(JSON_TMPFILE, 'rt') as jsonfile: + with gzip.open(json_tmpfile, 'rt') as jsonfile: update_db(c, jsonfile) c.execute("insert or replace into META values (?, ?)", [year, last_modified]) @@ -65,8 +69,9 @@ python do_populate_cve_db() { conn.commit() conn.close() - with open(d.getVar("CVE_CHECK_TMP_FILE"), 'a'): - os.utime(d.getVar("CVE_CHECK_TMP_FILE"), None) + cve_check_tmp_file = d.getVar("TMPDIR") + '/cve_check' + with open(cve_check_tmp_file, 'a'): + os.utime(cve_check_tmp_file, None) } # DJB2 hash algorithm @@ -120,7 +125,7 @@ def update_db(c, json_filename): -addtask do_populate_cve_db before do_cve_check +addtask do_populate_cve_db before do_fetch do_populate_cve_db[nostamp] = "1" EXCLUDE_FROM_WORLD = "1" -- cgit 1.2.3-korg