Re: [OE-core] [RFC 3/3] cve-check: revert to old NVD feed

Tue, 10 Dec 2024 04:33:59 -0800 

This should probably be made configurable so we can switch to a source which is 
reliable/available/up-to-date at time of build.

Maybe something like
CVE_CHECK_DB_FETCHER ?= "cve-update-db-native2"
CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if 
d.getVar('CVE_CHECK_DB_FETCHER') == 'cve-update-nvd2-native' else 
'nvdcve_1-3.db'}"
do_cve_check[depends] = "${CVE_CHECK_DB_FETCHER}:do_unpack"

Peter

> -----Original Message-----
> From: [email protected] <openembedded-
> [email protected]> On Behalf Of Marta Rybczynska via
> lists.openembedded.org
> Sent: Tuesday, December 10, 2024 12:48
> To: [email protected]
> Cc: Marta Rybczynska <[email protected]>
> Subject: [OE-core] [RFC 3/3] cve-check: revert to old NVD feed
> 
> Use the old NVD feed
> 
> Signed-off-by: Marta Rybczynska <[email protected]>
> ---
>  meta/classes/cve-check.bbclass | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> index 6e10dd915a..7cc2248faf 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -31,7 +31,7 @@
>  CVE_PRODUCT ??= "${BPN}"
>  CVE_VERSION ??= "${PV}"
> 
> -CVE_CHECK_DB_FILENAME ?= "nvdcve_2-2.db"
> +CVE_CHECK_DB_FILENAME ?= "nvdcve_1-3.db"
>  CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"
>  CVE_CHECK_DB_FILE ?=
> "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"
>  CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
> @@ -182,7 +182,7 @@ python do_cve_check () {
>  }
> 
>  addtask cve_check before do_build
> -do_cve_check[depends] = "cve-update-nvd2-native:do_unpack"
> +do_cve_check[depends] = "cve-update-db-native2:do_unpack"
>  do_cve_check[nostamp] = "1"
> 
>  python cve_check_cleanup () {
> --
> 2.45.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#208530): 
https://lists.openembedded.org/g/openembedded-core/message/208530
Mute This Topic: https://lists.openembedded.org/mt/110023796/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to