[OE-core] [PATCH 0/3] Fix cve-check (for recipe sysroots)
Jussi Kukkonen
jussi.kukkonen at intel.com
Thu Feb 9 19:38:15 UTC 2017
Recipe sysroots broke cve-check in several places, this patch set
should get it running again.
The CA cert fix is a workaround really: Native libcurl is broken
and looks for CA cert bundle in the wrong place.
Note that the NVD CVE database is flaky: I have serious problems
getting populate_cve_db to succeed during mornings in Europe as the
xml files and their metadata does not match for hours. I've reported
this to NVD.
I mentioned error output improvements in email but did not implement
as that requires more upstream changes: I'll talk to the maintainer
about them.
Jussi
The following changes since commit e758547db9048d4aa1c1415d6af8072f519fae24:
nss: Fix nss-native so the checksum doesn't change with BUILD_ARCH (2017-02-09 10:52:03 +0000)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib jku/cve-check
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jku/cve-check
Jussi Kukkonen (3):
cve-check.bbclass: Fix dependencies
cve-check-tool: Fixes for recipe sysroots
cve-check-tool: Use CA cert bundle in correct sysroot
meta/classes/cve-check.bbclass | 2 +-
.../cve-check-tool/cve-check-tool_5.6.4.bb | 7 +-
...ow-overriding-default-CA-certificate-file.patch | 215 +++++++++++++++++++++
3 files changed, 221 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch
--
2.1.4
More information about the Openembedded-core
mailing list