Hi,
Thanks for the new version. I'll suggest a simplification to how the databases
are unpacked, since I understand this is a costly operation.
This gets rid of the do_install() task, and rsync-native dependency. What this
does is let the BitBake fetcher handle the unpacking/checkout of the databases
directly in the DEPLOYDIR. This simplifies the recipe and removes one copy
operation, I think.
I've successfully generated the two json output files with this (with the class
added for the core-image-minimal build).
diff --git a/meta/classes-recipe/sbom-cve-check.bbclass
b/meta/classes-recipe/sbom-cve-check.bbclass
index c51ea45759..a5c23142b7 100644
--- a/meta/classes-recipe/sbom-cve-check.bbclass
+++ b/meta/classes-recipe/sbom-cve-check.bbclass
@@ -116,8 +116,8 @@ do_sbom_cve_check[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}"
do_sbom_cve_check[depends] += " \
python3-sbom-cve-check-native:do_populate_sysroot \
${@oe.utils.conditional('SBOM_CVE_CHECK_INTERNAL_FETCHER','0',' \
- sbom-cve-check-update-cvelist-native:do_install \
- sbom-cve-check-update-nvd-native:do_install \
+ sbom-cve-check-update-cvelist-native:do_unpack \
+ sbom-cve-check-update-nvd-native:do_unpack \
','',d)} \
"
diff --git a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-db.inc
b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-db
.inc
index 5d7a07001c..6a968e941c 100644
--- a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-db.inc
+++ b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-db.inc
@@ -9,13 +9,12 @@ require sbom-cve-check-config.inc
SBOM_CVE_CHECK_DB_NAME[doc] = "Database name, which is the Git repository
directory name. \
The git repository will be stored in ${SBOM_CVE_CHECK_DEPLOY_DB_DIR)/"
-DEPENDS += "rsync-native"
-ALLOW_EMPTY:${PN} = "1"
+deltask do_patch
+deltask do_configure
+deltask do_compile
+deltask do_install
+deltask do_populate_sysroot
-# In the install task, also deploy directly to ${DEPLOY_DIR} using rsync.
-# This is an hack, we are not using do_deploy to prevent multiple unnecessary
copy of the CVE database.
-do_install() {
- dst="${SBOM_CVE_CHECK_DEPLOY_DB_DIR}/${SBOM_CVE_CHECK_DB_NAME}"
- mkdir -p "$dst"
- rsync -aH --delete --link-dest="${S}/" "${S}/" "${dst}/"
-}
+UNPACKDIR = "${SBOM_CVE_CHECK_DEPLOY_DB_DIR}"
+S = "${UNPACKDIR}"
+BB_GIT_DEFAULT_DESTSUFFIX = "${SBOM_CVE_CHECK_DB_NAME}"
diff --git
a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb
b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-up
date-nvd-native.bb
index 46c86952a1..30c7868b2a 100644
--- a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb
+++ b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb
@@ -1,6 +1,6 @@
SUMMARY = "Updates the NVD CVE database"
LICENSE = "cve-tou"
-LIC_FILES_CHKSUM =
"file://LICENSES/cve-tou.md;md5=bc5bbf146f01e20ece63d83c8916d8fb"
+LIC_FILES_CHKSUM =
"file://${SBOM_CVE_CHECK_DB_NAME}/LICENSES/cve-tou.md;md5=bc5bbf146f01e20ece63d83c8916d8fb"
HOMEPAGE = "https://github.com/fkie-cad/nvd-json-data-feeds";
SRC_URI =
"git://github.com/fkie-cad/nvd-json-data-feeds.git;branch=main;protocol=https"
Antonin
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#233780):
https://lists.openembedded.org/g/openembedded-core/message/233780
Mute This Topic: https://lists.openembedded.org/mt/118467893/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
