Recipe sysroots broke cve-check in several places, this patch set should get it running again.
The CA cert fix is a workaround really: Native libcurl is broken and looks for CA cert bundle in the wrong place. Note that the NVD CVE database is flaky: I have serious problems getting populate_cve_db to succeed during mornings in Europe as the xml files and their metadata does not match for hours. I've reported this to NVD. I mentioned error output improvements in email but did not implement as that requires more upstream changes: I'll talk to the maintainer about them. Jussi The following changes since commit e758547db9048d4aa1c1415d6af8072f519fae24: nss: Fix nss-native so the checksum doesn't change with BUILD_ARCH (2017-02-09 10:52:03 +0000) are available in the git repository at: git://git.yoctoproject.org/poky-contrib jku/cve-check http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jku/cve-check Jussi Kukkonen (3): cve-check.bbclass: Fix dependencies cve-check-tool: Fixes for recipe sysroots cve-check-tool: Use CA cert bundle in correct sysroot meta/classes/cve-check.bbclass | 2 +- .../cve-check-tool/cve-check-tool_5.6.4.bb | 7 +- ...ow-overriding-default-CA-certificate-file.patch | 215 +++++++++++++++++++++ 3 files changed, 221 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch -- 2.1.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
