From: Ross Burton <ross.bur...@arm.com> We get random SSL failures when fetching the CVE database, and it's notable that the NVD server is behind a DNS round-robin or geographically diverse servers.
On a hunch that there is one misconfigured server, dump the IP that we connected to. Signed-off-by: Ross Burton <ross.bur...@arm.com> Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org> (cherry picked from commit 91f46d431dc8f40e8c6475c800bb61cb08b82b0a) Signed-off-by: Steve Sakoman <st...@sakoman.com> --- meta/recipes-core/meta/cve-update-db-native.bb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 28605bc13b..efc32470d3 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -129,7 +129,10 @@ def update_db_file(db_tmp_file, d): response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') - bb.warn("Failed to fetch CVE data (%s)" % e.reason) + bb.warn("Failed to fetch CVE data (%s)" % e) + import socket + result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP) + bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result))) return False if response: -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176355): https://lists.openembedded.org/g/openembedded-core/message/176355 Mute This Topic: https://lists.openembedded.org/mt/96521250/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-