[OE-core] do_populate_cve_db: Error in executing cve-check-update
Jussi Kukkonen
jussi.kukkonen at intel.com
Tue Feb 7 16:49:44 UTC 2017
On 7 February 2017 at 17:07, Mariano Lopez <mariano.lopez at linux.intel.com>
wrote:
> On 06/02/17 09:17, Jussi Kukkonen wrote:
>
>
>
> On 6 February 2017 at 16:56, Burton, Ross <ross.burton at intel.com> wrote:
>
>>
>> On 6 February 2017 at 14:43, Sona Sarmadi <sona.sarmadi at enea.com> wrote:
>>
>>> bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
>>> if cve-check-update -d "$cve_dir" ; then
>>> printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date
>>> --utc +'%F %T')" > "$cve_file"
>>> else
>>> bbwarn "Error in executing cve-check-update"
>>> <<<<<<<<<<<<<<<<<<<<<<<<<
>>>
>>
>> This definitely needs to be rewritten so you can see the output if it
>> fails. Just run cve-check-update -d <dir> yourself and see what it says.
>> Last time I had this failing it was because the mitre servers were offline.
>>
>
> Agreed about the error output.
>
>
> Also you need to patch the tool, most of the time there is no output from
> it; I think Ikey would integrate those patches without hesitation.
>
I don't know... the branch we're using is called 'legacy-tool' and is quite
different from master (which isn't usable).
> I think recipe specific sysroots broke the setup somehow (so the tools are
> not actually in sysroot when they're needed). I'm taking a look at this
> tomorrow.
>
>
> I tried today, but I'm having a hard time with the proxies (like always)
> so I can't really verify this. Were you able to check?
>
Yes, the problem is indeed that cve-check-update is not found when
do_populate_cve_db() is run. In addition to that curl-native is currently
broken by recipe-specific sysroots as well (CA certificates are looked for
in the wrong place) and this makes all downloads in cve-check-tool fail.
TL;DR: working on it.
Jussi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20170207/5f3f55c6/attachment-0002.html>
More information about the Openembedded-core
mailing list