From: Ross Burton Date: Wed, 27 Apr 2022 11:43:39 +0000 (+0100) Subject: cve_check: skip remote patches that haven't been fetched when searching for CVE tags X-Git-Tag: 2020-04.19-dunfell~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2d03f445c45558997484240d2549eaa1e103692;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git cve_check: skip remote patches that haven't been fetched when searching for CVE tags If a remote patch is compressed we need to have run the unpack task for the file to exist locally. Currently cve_check only depends on fetch so instead of erroring out, emit a warning that this file won't be scanned for CVE references. Typically, remote compressed patches won't contain our custom tags, so this is unlikely to be an issue. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit cefc8741438c91f74264da6b59dece2e31f9e5a5) Signed-off-by: Steve Sakoman --- diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index a4b831831b1..30fdc3e3ddc 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -114,9 +114,10 @@ def get_patched_cves(d): for url in oe.patch.src_patches(d): patch_file = bb.fetch.decodeurl(url)[2] + # Remote compressed patches may not be unpacked, so silently ignore them if not os.path.isfile(patch_file): - bb.error("File Not found: %s" % patch_file) - raise FileNotFoundError + bb.warn("%s does not exist, cannot extract CVE list" % patch_file) + continue # Check patch file name for CVE ID fname_match = cve_file_name_match.search(patch_file)