cve-check: short-circuit checking if CVE_PRODUCT isn't set

For some recipes is is meaningless to do a CVE check, for example packagegroups or images. Check that CVE_PRODUCT is set and short-circuit the scan if it isn't. Signed-off-by: Ross Burton <ross.burton@intel.com>
author: Ross Burton <ross.burton@intel.com> 2018-02-09 12:43:17 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-02-16 18:05:25 +0000
commit: d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06 (patch)
tree: 399bc8e0cedddb7eda7caef8ee8e28799b21d3c6
parent: 36fbf96cf284acbc810ff3bf00702f1f82bc0da9 (diff)
download: openembedded-core-d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06.tar.gz
openembedded-core-d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06.tar.bz2
openembedded-core-d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061e883fa7..d8087dd7c6 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves):
     cves_patched = []
     cves_unpatched = []
     bpn = d.getVar("CVE_PRODUCT")
+    # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
+    if not bpn:
+        return ([], [])
     pv = d.getVar("CVE_VERSION").split("+git")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
author	Ross Burton <ross.burton@intel.com>	2018-02-09 12:43:17 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-02-16 18:05:25 +0000
commit	d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06 (patch)
tree	399bc8e0cedddb7eda7caef8ee8e28799b21d3c6
parent	36fbf96cf284acbc810ff3bf00702f1f82bc0da9 (diff)
download	openembedded-core-d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06.tar.gz openembedded-core-d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06.tar.bz2 openembedded-core-d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06.zip