* do_populate_cve_db: Error in executing cve-check-update
@ 2017-02-06 14:43 Sona Sarmadi
2017-02-06 14:56 ` Burton, Ross
0 siblings, 1 reply; 5+ messages in thread
From: Sona Sarmadi @ 2017-02-06 14:43 UTC (permalink / raw)
To: openembedded-core; +Cc: 'mariano.lopez@intel.com'
Hi all,
Does anyone know if there is an issue with cve-check tool on master branch?
It seems that "cve-check-update -d" fails, does anyone know why?
poky/build-cve-check$ bitbake -k -c cve_check universe
WARNING: cve-check-tool-native-5.6.4-r0 do_populate_cve_db: Error in executing cve-check-update
WARNING: cve-check-tool-native-5.6.4-r0 do_populate_cve_db: Failed to update cve-check-tool database, CVEs won't be checked
do_populate_cve_db() {
if [ "${BB_NO_NETWORK}" = "1" ] ; then
bberror "BB_NO_NETWORK is set; Can't update cve-check-tool database, CVEs won't be checked"
return
fi
# In case we don't inherit cve-check class, use default values defined in the class.
cve_dir="${CVE_CHECK_DB_DIR}"
cve_file="${CVE_CHECK_TMP_FILE}"
[ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK"
[ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check"
bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
if cve-check-update -d "$cve_dir" ; then
printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date --utc +'%F %T')" > "$cve_file"
else
bbwarn "Error in executing cve-check-update" <<<<<<<<<<<<<<<<<<<<<<<<<
if [ "${@'1' if bb.data.inherits_class('cve-check', d) else '0'}" -ne 0 ] ; then
bbwarn "Failed to update cve-check-tool database, CVEs won't be checked" <<<<<<<<<<<<<<<<<<<<<<
fi
fi
}
Thanks
//Sona
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: do_populate_cve_db: Error in executing cve-check-update
2017-02-06 14:43 do_populate_cve_db: Error in executing cve-check-update Sona Sarmadi
@ 2017-02-06 14:56 ` Burton, Ross
2017-02-06 15:17 ` Jussi Kukkonen
0 siblings, 1 reply; 5+ messages in thread
From: Burton, Ross @ 2017-02-06 14:56 UTC (permalink / raw)
To: Sona Sarmadi; +Cc: mariano.lopez, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 637 bytes --]
On 6 February 2017 at 14:43, Sona Sarmadi <sona.sarmadi@enea.com> wrote:
> bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
> if cve-check-update -d "$cve_dir" ; then
> printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date
> --utc +'%F %T')" > "$cve_file"
> else
> bbwarn "Error in executing cve-check-update"
> <<<<<<<<<<<<<<<<<<<<<<<<<
>
This definitely needs to be rewritten so you can see the output if it
fails. Just run cve-check-update -d <dir> yourself and see what it says.
Last time I had this failing it was because the mitre servers were offline.
Ross
[-- Attachment #2: Type: text/html, Size: 1212 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: do_populate_cve_db: Error in executing cve-check-update
2017-02-06 14:56 ` Burton, Ross
@ 2017-02-06 15:17 ` Jussi Kukkonen
2017-02-07 15:07 ` Mariano Lopez
0 siblings, 1 reply; 5+ messages in thread
From: Jussi Kukkonen @ 2017-02-06 15:17 UTC (permalink / raw)
To: Burton, Ross; +Cc: openembedded-core, mariano.lopez
[-- Attachment #1: Type: text/plain, Size: 934 bytes --]
On 6 February 2017 at 16:56, Burton, Ross <ross.burton@intel.com> wrote:
>
> On 6 February 2017 at 14:43, Sona Sarmadi <sona.sarmadi@enea.com> wrote:
>
>> bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
>> if cve-check-update -d "$cve_dir" ; then
>> printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date
>> --utc +'%F %T')" > "$cve_file"
>> else
>> bbwarn "Error in executing cve-check-update"
>> <<<<<<<<<<<<<<<<<<<<<<<<<
>>
>
> This definitely needs to be rewritten so you can see the output if it
> fails. Just run cve-check-update -d <dir> yourself and see what it says.
> Last time I had this failing it was because the mitre servers were offline.
>
Agreed about the error output.
I think recipe specific sysroots broke the setup somehow (so the tools are
not actually in sysroot when they're needed). I'm taking a look at this
tomorrow.
Jussi
[-- Attachment #2: Type: text/html, Size: 1912 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: do_populate_cve_db: Error in executing cve-check-update
2017-02-06 15:17 ` Jussi Kukkonen
@ 2017-02-07 15:07 ` Mariano Lopez
2017-02-07 16:49 ` Jussi Kukkonen
0 siblings, 1 reply; 5+ messages in thread
From: Mariano Lopez @ 2017-02-07 15:07 UTC (permalink / raw)
To: Jussi Kukkonen, Burton, Ross; +Cc: mariano.lopez, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1436 bytes --]
On 06/02/17 09:17, Jussi Kukkonen wrote:
>
>
> On 6 February 2017 at 16:56, Burton, Ross <ross.burton@intel.com
> <mailto:ross.burton@intel.com>> wrote:
>
>
> On 6 February 2017 at 14:43, Sona Sarmadi <sona.sarmadi@enea.com
> <mailto:sona.sarmadi@enea.com>> wrote:
>
> bbdebug 2 "Updating cve-check-tool database located in
> $cve_dir"
> if cve-check-update -d "$cve_dir" ; then
> printf "CVE database was updated on %s UTC\n\n"
> "$(LANG=C date --utc +'%F %T')" > "$cve_file"
> else
> bbwarn "Error in executing cve-check-update"
> <<<<<<<<<<<<<<<<<<<<<<<<<
>
>
> This definitely needs to be rewritten so you can see the output if
> it fails. Just run cve-check-update -d <dir> yourself and see
> what it says. Last time I had this failing it was because the
> mitre servers were offline.
>
>
> Agreed about the error output.
Also you need to patch the tool, most of the time there is no output
from it; I think Ikey would integrate those patches without hesitation.
>
> I think recipe specific sysroots broke the setup somehow (so the tools
> are not actually in sysroot when they're needed). I'm taking a look at
> this tomorrow.
I tried today, but I'm having a hard time with the proxies (like always)
so I can't really verify this. Were you able to check?
Mariano
[-- Attachment #2: Type: text/html, Size: 3937 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: do_populate_cve_db: Error in executing cve-check-update
2017-02-07 15:07 ` Mariano Lopez
@ 2017-02-07 16:49 ` Jussi Kukkonen
0 siblings, 0 replies; 5+ messages in thread
From: Jussi Kukkonen @ 2017-02-07 16:49 UTC (permalink / raw)
To: Mariano Lopez; +Cc: mariano.lopez, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1846 bytes --]
On 7 February 2017 at 17:07, Mariano Lopez <mariano.lopez@linux.intel.com>
wrote:
> On 06/02/17 09:17, Jussi Kukkonen wrote:
>
>
>
> On 6 February 2017 at 16:56, Burton, Ross <ross.burton@intel.com> wrote:
>
>>
>> On 6 February 2017 at 14:43, Sona Sarmadi <sona.sarmadi@enea.com> wrote:
>>
>>> bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
>>> if cve-check-update -d "$cve_dir" ; then
>>> printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date
>>> --utc +'%F %T')" > "$cve_file"
>>> else
>>> bbwarn "Error in executing cve-check-update"
>>> <<<<<<<<<<<<<<<<<<<<<<<<<
>>>
>>
>> This definitely needs to be rewritten so you can see the output if it
>> fails. Just run cve-check-update -d <dir> yourself and see what it says.
>> Last time I had this failing it was because the mitre servers were offline.
>>
>
> Agreed about the error output.
>
>
> Also you need to patch the tool, most of the time there is no output from
> it; I think Ikey would integrate those patches without hesitation.
>
I don't know... the branch we're using is called 'legacy-tool' and is quite
different from master (which isn't usable).
> I think recipe specific sysroots broke the setup somehow (so the tools are
> not actually in sysroot when they're needed). I'm taking a look at this
> tomorrow.
>
>
> I tried today, but I'm having a hard time with the proxies (like always)
> so I can't really verify this. Were you able to check?
>
Yes, the problem is indeed that cve-check-update is not found when
do_populate_cve_db() is run. In addition to that curl-native is currently
broken by recipe-specific sysroots as well (CA certificates are looked for
in the wrong place) and this makes all downloads in cve-check-tool fail.
TL;DR: working on it.
Jussi
[-- Attachment #2: Type: text/html, Size: 4717 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-02-07 16:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-06 14:43 do_populate_cve_db: Error in executing cve-check-update Sona Sarmadi
2017-02-06 14:56 ` Burton, Ross
2017-02-06 15:17 ` Jussi Kukkonen
2017-02-07 15:07 ` Mariano Lopez
2017-02-07 16:49 ` Jussi Kukkonen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.