summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@arm.com>2023-01-13 17:14:31 +0000
committerSteve Sakoman <steve@sakoman.com>2023-01-19 07:42:26 -1000
commit99f1a8971192f85fefad3cbc993b23a59627eb4c (patch)
tree16c895181cf0841562cd9e355d932826a973d969
parent878988a67b488a01f53658bcc528b5d0422672ae (diff)
downloadopenembedded-core-99f1a8971192f85fefad3cbc993b23a59627eb4c.tar.gz
cve-update-db-native: show IP on failure
We get random SSL failures when fetching the CVE database, and it's notable that the NVD server is behind a DNS round-robin or geographically diverse servers. On a hunch that there is one misconfigured server, dump the IP that we connected to. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 91f46d431dc8f40e8c6475c800bb61cb08b82b0a) Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb5
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 079f062f79..e042e67b09 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -130,7 +130,10 @@ def update_db_file(db_tmp_file, d):
response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout)
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
- bb.warn("Failed to fetch CVE data (%s)" % e.reason)
+ bb.warn("Failed to fetch CVE data (%s)" % e)
+ import socket
+ result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP)
+ bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result)))
return False
if response: