[oe-commits] [openembedded-core] 27/55: cve-check-tool: correctly exported web proxies

git at git.openembedded.org git at git.openembedded.org
Sat Feb 24 10:38:12 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master-next
in repository openembedded-core.

commit b721fa678c366947ca4a95e30694770287f278c9
Author: Konstantin Shemyak <konstantin.shemyak at ge.com>
AuthorDate: Mon Feb 19 16:35:54 2018 +0200

    cve-check-tool: correctly exported web proxies
    
    The binary 'cve-check-update' downloads the CVE database from the Internet.
    If the system is behind a web proxy, the download fails, as proxy-related
    variables are not exported.
    In turn, 'cve-check-tool' does not connect to the network and correspondingly
    does not need exported proxies.
    
    Exported all proxy-related environment variables to 'cve-check-update' and
    removed the unneeded export from 'cve-check-tool'.
    
    Signed-off-by: Konstantin Shemyak <konstantin.shemyak at ge.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
---
 meta/classes/cve-check.bbclass                               | 3 ---
 meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb | 1 +
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index d8087dd..537659d 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -184,9 +184,6 @@ def check_cves(d, patched_cves):
         bb.note("Recipe has been whitelisted, skipping check")
         return ([], [])
 
-    # It is needed to export the proxies to download the database using HTTP
-    bb.utils.export_proxies(d)
-
     try:
         # Write the faux CSV file to be used with cve-check-tool
         fd, faux = tempfile.mkstemp(prefix="cve-faux-")
diff --git a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
index 7b70daa..1c84fb1 100644
--- a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
+++ b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
@@ -41,6 +41,7 @@ do_populate_cve_db() {
     [ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK"
     [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check"
 
+    unused="${@bb.utils.export_proxies(d)}"
     bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
     # --cacert works around curl-native not finding the CA bundle
     if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list