From: Ross Burton <ross.bur...@arm.com> If a remote patch is compressed we need to have run the unpack task for the file to exist locally. Currently cve_check only depends on fetch so instead of erroring out, emit a warning that this file won't be scanned for CVE references.
Typically, remote compressed patches won't contain our custom tags, so this is unlikely to be an issue. Signed-off-by: Ross Burton <ross.bur...@arm.com> Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org> (cherry picked from commit cefc8741438c91f74264da6b59dece2e31f9e5a5) Signed-off-by: Steve Sakoman <st...@sakoman.com> --- meta/lib/oe/cve_check.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index e445b7a6ae..dc7d2e2826 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -89,9 +89,10 @@ def get_patched_cves(d): for url in oe.patch.src_patches(d): patch_file = bb.fetch.decodeurl(url)[2] + # Remote compressed patches may not be unpacked, so silently ignore them if not os.path.isfile(patch_file): - bb.error("File Not found: %s" % patch_file) - raise FileNotFoundError + bb.warn("%s does not exist, cannot extract CVE list" % patch_file) + continue # Check patch file name for CVE ID fname_match = cve_file_name_match.search(patch_file) -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165022): https://lists.openembedded.org/g/openembedded-core/message/165022 Mute This Topic: https://lists.openembedded.org/mt/90779133/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-