[OE-core] [PATCH] cve-update-nvd2-native: Handle BB_NO_NETWORK and missing db

Tue, 12 Nov 2024 13:23:26 -0800 

From: Mark Hatle <mark.ha...@amd.com>

The custom do_fetch routine is ignoring BB_NO_NETWORK, add a check for this
as the correct behavior for the user is to set:
  CVE_DB_UPDATE_INTERVAL = "-1"

If CVE_DB_UPDATE_INTERNAL is set to -1, check that a DB file exists, if not
we need to error so the user can deal with this.

Note, MIRRORs are NOT handled by this code.

Signed-off-by: Mark Hatle <mark.ha...@amd.com>
---

For reference current behavior is a silent failure (due to being a bb.note)
that then results in an empty .cve file in the image directory and a bb.note
in each do_check_cve task log, but not to the screen.

This will ensure that the user gets an ERROR if they are in a no-network
situation and have not dealt with the database issues.  It does not resolve
the issue where things may still process with a non-existant database and give
a blank result.

Note, this applies to both master and scarthgap.  I haven't checked Styhead
yet, but once it's integrated in master then I'll work on backports for both.

 meta/recipes-core/meta/cve-update-nvd2-native.bb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb 
b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 93d1fa1de6..a68a8bb89f 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -68,6 +68,8 @@ python do_fetch() {
         update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
         if update_interval < 0:
             bb.note("CVE database update skipped")
+            if not os.path.exists(db_file):
+                bb.error("CVE database %s not present, database fetch/update 
skipped" % db_file)
             return
         if time.time() - os.path.getmtime(db_file) < update_interval:
             bb.note("CVE database recently updated, skipping")
@@ -77,6 +79,9 @@ python do_fetch() {
     except OSError:
         pass
 
+    if bb.utils.to_boolean(d.getVar("BB_NO_NETWORK")):
+        bb.error("BB_NO_NETWORK attempted to disable fetch, this recipe uses 
CVE_DB_UPDATE_INTERVAL to control download, set to '-1' to disable fetch or 
update")
+
     bb.utils.mkdirhier(db_dir)
     bb.utils.mkdirhier(os.path.dirname(db_tmp_file))
     if os.path.exists(db_file):
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#207068): 
https://lists.openembedded.org/g/openembedded-core/message/207068
Mute This Topic: https://lists.openembedded.org/mt/109543549/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to