From: Ross Burton Date: Wed, 27 Apr 2022 11:43:39 +0000 (+0100) Subject: cve_check: skip remote patches that haven't been fetched when searching for CVE tags X-Git-Tag: lucaceresoli/bug-15201-perf-libtraceevent-missing~4305 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cefc8741438c91f74264da6b59dece2e31f9e5a5;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git cve_check: skip remote patches that haven't been fetched when searching for CVE tags If a remote patch is compressed we need to have run the unpack task for the file to exist locally. Currently cve_check only depends on fetch so instead of erroring out, emit a warning that this file won't be scanned for CVE references. Typically, remote compressed patches won't contain our custom tags, so this is unlikely to be an issue. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index e445b7a6ae2..dc7d2e2826d 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -89,9 +89,10 @@ def get_patched_cves(d): for url in oe.patch.src_patches(d): patch_file = bb.fetch.decodeurl(url)[2] + # Remote compressed patches may not be unpacked, so silently ignore them if not os.path.isfile(patch_file): - bb.error("File Not found: %s" % patch_file) - raise FileNotFoundError + bb.warn("%s does not exist, cannot extract CVE list" % patch_file) + continue # Check patch file name for CVE ID fname_match = cve_file_name_match.search(patch_file)