From: Jussi Kukkonen <jussi.kukkonen@intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 0/3] Fix cve-check (for recipe sysroots)
Date: Thu, 9 Feb 2017 21:38:15 +0200 [thread overview]
Message-ID: <cover.1486668313.git.jussi.kukkonen@intel.com> (raw)
Recipe sysroots broke cve-check in several places, this patch set
should get it running again.
The CA cert fix is a workaround really: Native libcurl is broken
and looks for CA cert bundle in the wrong place.
Note that the NVD CVE database is flaky: I have serious problems
getting populate_cve_db to succeed during mornings in Europe as the
xml files and their metadata does not match for hours. I've reported
this to NVD.
I mentioned error output improvements in email but did not implement
as that requires more upstream changes: I'll talk to the maintainer
about them.
Jussi
The following changes since commit e758547db9048d4aa1c1415d6af8072f519fae24:
nss: Fix nss-native so the checksum doesn't change with BUILD_ARCH (2017-02-09 10:52:03 +0000)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib jku/cve-check
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jku/cve-check
Jussi Kukkonen (3):
cve-check.bbclass: Fix dependencies
cve-check-tool: Fixes for recipe sysroots
cve-check-tool: Use CA cert bundle in correct sysroot
meta/classes/cve-check.bbclass | 2 +-
.../cve-check-tool/cve-check-tool_5.6.4.bb | 7 +-
...ow-overriding-default-CA-certificate-file.patch | 215 +++++++++++++++++++++
3 files changed, 221 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch
--
2.1.4
next reply other threads:[~2017-02-09 19:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-09 19:38 Jussi Kukkonen [this message]
2017-02-09 19:38 ` [PATCH 1/3] cve-check.bbclass: Fix dependencies Jussi Kukkonen
2017-02-09 19:38 ` [PATCH 2/3] cve-check-tool: Fixes for recipe sysroots Jussi Kukkonen
2017-02-09 19:38 ` [PATCH 3/3] cve-check-tool: Use CA cert bundle in correct sysroot Jussi Kukkonen
2017-11-21 8:04 ` native CA cert bundles (was: Re: [PATCH 3/3] cve-check-tool: Use CA cert bundle in correct sysroot) Patrick Ohly
2017-11-21 12:06 ` Otavio Salvador
2017-11-21 12:21 ` Patrick Ohly
2017-11-21 12:52 ` Otavio Salvador
2017-02-09 19:59 ` ✗ patchtest: failure for Fix cve-check (for recipe sysroots) Patchwork
2017-02-09 21:41 ` Leonardo Sandoval
2017-02-10 11:55 ` [PATCH 0/3] " Alexander Kanavin
2017-02-10 13:04 ` Burton, Ross
2017-02-10 13:11 ` Alexander Kanavin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1486668313.git.jussi.kukkonen@intel.com \
--to=jussi.kukkonen@intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.