From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mail.openembedded.org (Postfix) with ESMTP id 3A0366011B for ; Tue, 7 Feb 2017 15:06:29 +0000 (UTC) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP; 07 Feb 2017 07:06:30 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,346,1477983600"; d="scan'208,217";a="56210687" Received: from unknown (HELO [10.219.4.164]) ([10.219.4.164]) by orsmga004.jf.intel.com with ESMTP; 07 Feb 2017 07:06:29 -0800 To: Jussi Kukkonen , "Burton, Ross" References: <3230301C09DEF9499B442BBE162C5E48AC31CBF7@SESTOEX04.enea.se> From: Mariano Lopez Message-ID: <8ab28120-012b-4f16-e812-a06ad8b351b9@linux.intel.com> Date: Tue, 7 Feb 2017 09:07:46 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 In-Reply-To: Cc: "mariano.lopez@intel.com" , "openembedded-core@lists.openembedded.org" Subject: Re: do_populate_cve_db: Error in executing cve-check-update X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2017 15:06:33 -0000 Content-Type: multipart/alternative; boundary="------------C3F0F0C2008F2CD86CCA717F" --------------C3F0F0C2008F2CD86CCA717F Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 06/02/17 09:17, Jussi Kukkonen wrote: > > > On 6 February 2017 at 16:56, Burton, Ross > wrote: > > > On 6 February 2017 at 14:43, Sona Sarmadi > wrote: > > bbdebug 2 "Updating cve-check-tool database located in > $cve_dir" > if cve-check-update -d "$cve_dir" ; then > printf "CVE database was updated on %s UTC\n\n" > "$(LANG=C date --utc +'%F %T')" > "$cve_file" > else > bbwarn "Error in executing cve-check-update" > <<<<<<<<<<<<<<<<<<<<<<<<< > > > This definitely needs to be rewritten so you can see the output if > it fails. Just run cve-check-update -d yourself and see > what it says. Last time I had this failing it was because the > mitre servers were offline. > > > Agreed about the error output. Also you need to patch the tool, most of the time there is no output from it; I think Ikey would integrate those patches without hesitation. > > I think recipe specific sysroots broke the setup somehow (so the tools > are not actually in sysroot when they're needed). I'm taking a look at > this tomorrow. I tried today, but I'm having a hard time with the proxies (like always) so I can't really verify this. Were you able to check? Mariano --------------C3F0F0C2008F2CD86CCA717F Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit



On 06/02/17 09:17, Jussi Kukkonen wrote:


On 6 February 2017 at 16:56, Burton, Ross <ross.burton@intel.com> wrote:

On 6 February 2017 at 14:43, Sona Sarmadi <sona.sarmadi@enea.com> wrote:
    bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
    if cve-check-update -d "$cve_dir" ; then
        printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date --utc +'%F %T')" > "$cve_file"
    else
        bbwarn "Error in executing cve-check-update"  <<<<<<<<<<<<<<<<<<<<<<<<<

This definitely needs to be rewritten so you can see the output if it fails.  Just run cve-check-update -d <dir> yourself and see what it says.  Last time I had this failing it was because the mitre servers were offline.

Agreed about the error output.

Also you need to patch the tool, most of the time there is no output from it; I think Ikey would integrate those patches without hesitation.


I think recipe specific sysroots broke the setup somehow (so the tools are not actually in sysroot when they're needed). I'm taking a look at this tomorrow.

I tried today, but I'm having a hard time with the proxies (like always) so I can't really verify this. Were you able to check?

Mariano --------------C3F0F0C2008F2CD86CCA717F--