From d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Fri, 9 Feb 2018 12:43:17 +0000
Subject: cve-check: short-circuit checking if CVE_PRODUCT isn't set

For some recipes is is meaningless to do a CVE check, for example packagegroups
or images.  Check that CVE_PRODUCT is set and short-circuit the scan if it
isn't.

Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 meta/classes/cve-check.bbclass | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'meta/classes/cve-check.bbclass')

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061e883fa7..d8087dd7c6 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves):
     cves_patched = []
     cves_unpatched = []
     bpn = d.getVar("CVE_PRODUCT")
+    # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
+    if not bpn:
+        return ([], [])
     pv = d.getVar("CVE_VERSION").split("+git")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
-- 
cgit 1.2.3-korg