cve_check: skip remote patches that haven't been fetched when searching for CVE tags

If a remote patch is compressed we need to have run the unpack task for
the file to exist locally.  Currently cve_check only depends on fetch so
instead of erroring out, emit a warning that this file won't be scanned
for CVE references.

Typically, remote compressed patches won't contain our custom tags, so
this is unlikely to be an issue.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/lib/oe/cve_check.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

On Wed, Apr 27, 2022 at 1:43 PM Ross Burton <ross.burton@arm.com> wrote:

> If a remote patch is compressed we need to have run the unpack task for
> the file to exist locally.  Currently cve_check only depends on fetch so
> instead of erroring out, emit a warning that this file won't be scanned
> for CVE references.
>
> Typically, remote compressed patches won't contain our custom tags, so
> this is unlikely to be an issue.
>
> Signed-off-by: Ross Burton <ross.burton@arm.com>
> ---
>  meta/lib/oe/cve_check.py | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
> index e445b7a6ae..dc7d2e2826 100644
> --- a/meta/lib/oe/cve_check.py
> +++ b/meta/lib/oe/cve_check.py
> @@ -89,9 +89,10 @@ def get_patched_cves(d):
>      for url in oe.patch.src_patches(d):
>          patch_file = bb.fetch.decodeurl(url)[2]
>
> +        # Remote compressed patches may not be unpacked, so silently
> ignore them
>          if not os.path.isfile(patch_file):
> -            bb.error("File Not found: %s" % patch_file)
> -            raise FileNotFoundError
> +            bb.warn("%s does not exist, cannot extract CVE list" %
> patch_file)
> +            continue
>
>          # Check patch file name for CVE ID
>          fname_match = cve_file_name_match.search(patch_file)
> --
> 2.25.1
>
> Tested-by: Marta Rybczynska <marta.rybczynska@huawei.com>