If there is cve report for a recipe in previous build and there is no result for current one, old cves are kept in CVE_CHECK_DIR. This happens on version upgrade or when cve/recipe is whitelisted.
Signed-off-by: Peter Marko <peter.ma...@siemens.com> --- meta/classes/cve-check.bbclass | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 9007a6e..21f3225 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -83,6 +83,11 @@ python cve_check_write_rootfs_manifest () { import shutil + if d.getVar("CVE_CHECK_COPY_FILES") == "1": + deploy_file = os.path.join(d.getVar("CVE_CHECK_DIR"), d.getVar("PN")) + if os.path.exists(deploy_file): + bb.utils.remove(deploy_file) + if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")): bb.note("Writing rootfs CVE manifest") deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") -- 2.1.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core