[OE-core] [PATCH 0/3] Fix cve-check (for recipe sysroots)

Jussi Kukkonen jussi.kukkonen at intel.com
Thu Feb 9 19:38:15 UTC 2017


Recipe sysroots broke cve-check in several places, this patch set
should get it running again.

The CA cert fix is a workaround really: Native libcurl is broken
and looks for CA cert bundle in the wrong place.

Note that the NVD CVE database is flaky: I have serious problems
getting populate_cve_db to succeed during mornings in Europe as the
xml files and their metadata does not match for hours. I've reported
this to NVD.

I mentioned error output improvements in email  but did not implement
as that requires more upstream changes: I'll talk to the maintainer
about them.


  Jussi

The following changes since commit e758547db9048d4aa1c1415d6af8072f519fae24:

  nss: Fix nss-native so the checksum doesn't change with BUILD_ARCH (2017-02-09 10:52:03 +0000)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib jku/cve-check
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jku/cve-check

Jussi Kukkonen (3):
  cve-check.bbclass: Fix dependencies
  cve-check-tool: Fixes for recipe sysroots
  cve-check-tool: Use CA cert bundle in correct sysroot

 meta/classes/cve-check.bbclass                     |   2 +-
 .../cve-check-tool/cve-check-tool_5.6.4.bb         |   7 +-
 ...ow-overriding-default-CA-certificate-file.patch | 215 +++++++++++++++++++++
 3 files changed, 221 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch

-- 
2.1.4




More information about the Openembedded-core mailing list