All of lore.kernel.org
 help / color / mirror / Atom feed
From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: Pierre Le Magourou <lemagoup@gmail.com>,
	 openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 1/4] cve-update-db: New recipe to update CVE database
Date: Thu, 27 Jun 2019 08:31:36 +0100	[thread overview]
Message-ID: <065a68d75756f3afbc07d2229e307969cd4de386.camel@linuxfoundation.org> (raw)
In-Reply-To: <20190619135940.18544-1-lemagoup@gmail.com>

On Wed, 2019-06-19 at 15:59 +0200, Pierre Le Magourou wrote:
> From: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
> 
> cve-check-tool-native do_populate_cve_db task was using deprecated
> NVD
> xml data feeds, cve-update-db uses NVD json data feeds.
> 
> Sqlite database schema was updated to take into account CVSSv3 CVE
> scores and operator in affected product versions.
> A new META table was added to store the last modification date of the
> NVD json data feeds.
> 
> Signed-off-by: Pierre Le Magourou <
> pierre.lemagourou@softbankrobotics.com>
> ---
>  meta/recipes-core/meta/cve-update-db.bb | 121
> ++++++++++++++++++++++++++++++++
>  1 file changed, 121 insertions(+)
>  create mode 100644 meta/recipes-core/meta/cve-update-db.bb
> 
> diff --git a/meta/recipes-core/meta/cve-update-db.bb b/meta/recipes-
> core/meta/cve-update-db.bb
> new file mode 100644
> index 0000000000..522fd23807
> --- /dev/null
> +++ b/meta/recipes-core/meta/cve-update-db.bb
> @@ -0,0 +1,121 @@
> +SUMMARY = "Updates the NVD CVE database"
> +LICENSE = "MIT"
> +
> +INHIBIT_DEFAULT_DEPS = "1"
> +PACKAGES = ""
> +
> +inherit nopackages
> +
> +deltask do_fetch
> +deltask do_unpack
> +deltask do_patch
> +deltask do_configure
> +deltask do_compile
> +deltask do_install
> +deltask do_populate_sysroot
> +
> +python do_populate_cve_db() {
> +    """
> +    Update NVD database with json data feed
> +    """
> +
> +    import sqlite3, urllib3, shutil, gzip, re
> +    from datetime import date
> +
> +    BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
> +    YEAR_START = 2002
> +    JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz'

It looks like CVE_CHECK_DB_DIR has no default value which resulted in:

https://autobuilder.yoctoproject.org/typhoon/#/builders/23/builds/988/steps/7/logs/step1b

We only started seeing that error after your later patch to add back
the do_fetch task. build-appliance is trying to collect up all the
sources it may need.

Cheers,

Richard







  parent reply	other threads:[~2019-06-27  7:31 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-19 13:59 [PATCH 1/4] cve-update-db: New recipe to update CVE database Pierre Le Magourou
2019-06-19 13:59 ` [PATCH 2/4] cve-check: Remove dependency to cve-check-tool-native Pierre Le Magourou
2019-06-19 14:59   ` Burton, Ross
2019-06-19 15:58     ` Pierre Le Magourou
2019-06-19 13:59 ` [PATCH 3/4] cve-check: Manage CVE_PRODUCT with more than one name Pierre Le Magourou
2019-06-19 13:59 ` [PATCH 4/4] cve-check: Consider CVE that affects versions with less than operator Pierre Le Magourou
2019-06-19 20:21 ` [PATCH 1/4] cve-update-db: New recipe to update CVE database Adrian Bunk
2019-06-20  9:36   ` Pierre Le Magourou
2019-06-21 11:03     ` Mikko.Rapeli
2019-06-21 11:42       ` Alexander Kanavin
2019-06-21 11:48         ` Mikko.Rapeli
2019-06-21 12:03           ` Alexander Kanavin
2019-06-21 12:15             ` Mikko.Rapeli
2019-06-21 12:29       ` Burton, Ross
2019-06-21 13:01         ` Mikko.Rapeli
2019-06-25  8:48           ` Pierre Le Magourou
2019-06-25 12:54             ` Burton, Ross
2019-06-24  8:32         ` Pierre Le Magourou
2019-06-24  9:46           ` Burton, Ross
2019-06-27  7:31 ` Richard Purdie [this message]
2019-06-27  9:10   ` Pierre Le Magourou
2019-07-09 23:58 Kevin Weng
2019-07-10 11:17 ` Pierre Le Magourou

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=065a68d75756f3afbc07d2229e307969cd4de386.camel@linuxfoundation.org \
    --to=richard.purdie@linuxfoundation.org \
    --cc=lemagoup@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.