From patchwork Fri Jan 5 06:04:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuta Hayama X-Patchwork-Id: 37360 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3CB2C3DA6E for ; Fri, 5 Jan 2024 06:04:33 +0000 (UTC) Received: from JPN01-TYC-obe.outbound.protection.outlook.com (JPN01-TYC-obe.outbound.protection.outlook.com [40.107.114.111]) by mx.groups.io with SMTP id smtpd.web10.18133.1704434668195978860 for ; Thu, 04 Jan 2024 22:04:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@lineo.co.jp header.s=selector2 header.b=kdOu0IzN; spf=pass (domain: lineo.co.jp, ip: 40.107.114.111, mailfrom: hayama@lineo.co.jp) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GTeQwo9EDaKu7TAbtRrDLvbTD5deq48R6aUxKq4usQutJyMrUDCKLhMN4x1lVyepU+55FUBX2oEFz6tlahO6LV/m3erJHY4225chk0qiRx8wxjlRoesNirTAcY0CUnEM6elPoGRa0P6/qtcg2ZZH42q7gzo5vwhkL8hkSaeOyZukKzBN0ma6cnBZbhCEuuQVBvRtEsYupOQgbnIF4c09KlQvyqqfXMheTTbL4kpBzJzqbiwgqhvPnE9rCFWgOWghUpvIOCgkoWpahBbWUEWL3YKYOS3BP5EE4Mq2aDToQLSlYol+urfEig/ftlSLXzKWQJfDn1pC2NWcYkQ7ngvgPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d4EB0daYa4j15LWSgENBmQ+WVv724mudHh9XWq3oNfE=; b=gdIX1Y3p93z9YbPkxj6wYUaQAvUQvvqzjCife/LL1Iw1ie0Lm6L2p7s9h2S3XTxUxXdBeESXXLlEyyp/vYDi+XWe6RxLtO+k0lx1nUhj6a0w3ziKLb2dwuRmSDV7ROIb/CVwEGQWOrOemGU5ocQw+CQeVBVwljW6G7q2ni5nprvxWlCv76W0CbrLuJbqkcKk+GAJIUpT70GktaMes2tpPN+8vXs4kY7A1yl38b3m6Di4jcyFNHfqs7QH+7crWboe0Zh7T7wqJZ7UGiC9DGxsd79ZStGI8ZwA9wIB/QMi0ze9tjDOxTeI5g4BmGPD5NGM5nxdOM8hKE7mg+79zUF0og== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=lineo.co.jp; dmarc=pass action=none header.from=lineo.co.jp; dkim=pass header.d=lineo.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lineo.co.jp; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d4EB0daYa4j15LWSgENBmQ+WVv724mudHh9XWq3oNfE=; b=kdOu0IzN/exiKi/3FG1RdgxeAMmbdJYEMzZ5HhvSWhoIUAyNDg/rfOlWu9ejW0g7eJInIaT30gDDX7tvzHQdqzjNdzNZL1ewXOybaD6KV2j3+EN1XvXUym8VEB1638v7vyNYOufFuUN5AKfwyJeQ8cvMna9loKMMr5EELVnSFpTN518CUGmWIZcD/Z0rc7X8lAdwzKMdY6ikYir5IXlSV/REZH+NX3xALPdbtKsJiqp6ju+oUwsD58BSmVwYaVg5L7823zjVmEzgOG4bFsZU604dZVcaaWXXyR6kmx366MWt4lLvaMXBCCJcHPvamHraSH+Xn8wmIRUSRyJ9SpW7mg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=lineo.co.jp; Received: from OSZPR01MB6309.jpnprd01.prod.outlook.com (2603:1096:604:ef::13) by OSZPR01MB8564.jpnprd01.prod.outlook.com (2603:1096:604:18d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.9; Fri, 5 Jan 2024 06:04:23 +0000 Received: from OSZPR01MB6309.jpnprd01.prod.outlook.com ([fe80::4568:90d:4341:e58a]) by OSZPR01MB6309.jpnprd01.prod.outlook.com ([fe80::4568:90d:4341:e58a%7]) with mapi id 15.20.7181.009; Fri, 5 Jan 2024 06:04:23 +0000 Message-ID: <83cc3534-87e4-441c-8d2c-5d26df7cacd2@lineo.co.jp> Date: Fri, 5 Jan 2024 15:04:22 +0900 User-Agent: Mozilla Thunderbird Content-Language: en-US From: Yuta Hayama To: "openembedded-core@lists.openembedded.org" Subject: [RFC PATCH] cve-update-nvd2-native: make an error if the DB file is not present at the end of do_fetch X-ClientProxiedBy: TYAPR01CA0151.jpnprd01.prod.outlook.com (2603:1096:404:7e::19) To OSZPR01MB6309.jpnprd01.prod.outlook.com (2603:1096:604:ef::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: OSZPR01MB6309:EE_|OSZPR01MB8564:EE_ X-MS-Office365-Filtering-Correlation-Id: 92ddfac8-a528-4e1f-76cf-08dc0db42a57 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9rBucMEhNU6UVU0qSJ1Mz+pjM628IxLemlXlel8+PK/A5b0FTr7ZUV2tEK8aWjxOUdTsGKswhz9+jnDvyaLctd5pFq3VL8DEcEoSMhL3+YNgH+hXssYMcOEWdf7ND2b4fYJ/V8UpmAxiYqTqZosBH6ggK2l04CKLvgOv2ABH/M6P6dxx0maEWIzP3TJ652HgaLlz3WPrBFhs3PYzbdRzsLkTB4FElcdZ8P/mG0kC5w31BOLL6KV6oHc1xqOx/B1OHfkTz52eospYi4yF8uEKIHpfSc6Sm4rODoS17jTqcPheAXPDkw8sAzX/HxPusRafPL/xxA0/SODDIYzC3XYrklXKnpsVjsCmpW6KuYj2BIOwA8JPCHDi0WtVpnjf7a1DmxlxpoUzEB47kOyLxIKbdKy10zAqthgfpqYZ19gZ3hfKRF4X+sUFMNG2jtuGHs92i7G1jHwaK17YVEwZWm+ApSfDR1v7MmvF77zg0qUAfkvN8+SARg/YOJyXe/up4OMFUyZ4XXCC5EOqeXYhyVoHydKOOhE+Cvn0oxwSkkuzvfgz1gpUA7HaZW/ybGSewp3z15XsSHVJ+7k4Pt/MAaalUpFZPzb2y67p+hoSHllyivA3Q01g4oYU8ELB1lvqxeirxttRjIL23+i9SfjZCingdw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:OSZPR01MB6309.jpnprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(39840400004)(396003)(346002)(366004)(376002)(136003)(230922051799003)(64100799003)(451199024)(1800799012)(186009)(38100700002)(36756003)(31686004)(86362001)(31696002)(83380400001)(6506007)(6512007)(8676002)(8936002)(316002)(966005)(478600001)(6486002)(26005)(6916009)(66556008)(66946007)(66476007)(2616005)(41300700001)(2906002)(5660300002)(15650500001)(45980500001)(43740500002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?GAV4Xv8ZQ28Cucmjsznc5zOHSlRE?= =?utf-8?q?QrBdoKIljHZptNcOFSc1yGS/zMpfYLCpGBFXXmSfB8DjttrQBVFH/NVtmPmM3hkpk?= =?utf-8?q?V6ElmATH4ZpNqDyusrbkmNVOkohn3R+L1HRQvzceAWGjBoZjlixWm/xz2Gz+hy3mI?= =?utf-8?q?zbt2g2MLcmwTwBspBgnoduv7+D8cJQspXFBeU6d3lWf1znGymkgpzE7LsDZS9Ztf0?= =?utf-8?q?32AQv9hQNHOXJBUOrgZKkEWAUIuQVMA1C1GB+WQJ56chK2XwCDKg6aIFTIxpCtxha?= =?utf-8?q?O1YF1AJiCn3REOLShFyekEBDZndUaVKMQBECd8dJEdue6CeNLaljEi41qMMVGtWs1?= =?utf-8?q?IgxYQwr3abaReOxNcXT9IkXHSTkOcJ0Hm9sArPJMi5fuDJyYEzqigqiORIkcewQY5?= =?utf-8?q?hCRdFf7/5MLNCM3KM/JJ0W0MKSAwBd/oEeKeMoozJRZROOCUEAZuXpgM1F8RNyFFb?= =?utf-8?q?Es+1lSazuqjxU0C7ssL5sdw5gz8N2l0TO2Ew96TXmk/Kkg2GrrgKXByGi7YqJYLwi?= =?utf-8?q?5PJ0m/FC8iRnreHvvcutscO+9Jf49+0sqjNd+hggWNXaihCq5IBvZF3ECROhY1vDq?= =?utf-8?q?VMmeqSVJWGxWgYmRdU7uxLx8i9uk8CPiIUfIoYZrXI5dR9Kr1/w6CtZEI1gWWOs1z?= =?utf-8?q?8Wyda1Zbuci3eS8Peg0g9rnWofYji1rvjR3M0XHzjKY+agenBDiawF4YGRkNfJ9xU?= =?utf-8?q?/zjmTQrI/Zw86SKggfG8iQh2uPpGuABYr1sUMRMcm+uO+xj182Mf8xje1dY96Vu/f?= =?utf-8?q?wu//t4t5/r8SmtocEot+0BXvYWov3IoAcgCpfO6cim9qWZzyPtBhpMcqyF9CHlvSj?= =?utf-8?q?SOLLk2Bz6PQmhMF+/JBxyWnMNwoRWILP6ct8dx1o4X2o0BxsajTeo6GhlP3MJMJU/?= =?utf-8?q?sGFuT7k/RC8QhwiWap1hBz4vSVTjtLvIqY4v3voEbK3TJl0/q/IfVWITO4oBT0Xl8?= =?utf-8?q?2C+KOqIZ0udzSvjqtum5TP/8O94f+7EM8Nn+snJ9HlCJfrxGsnhZoN+oJrIlHQtmF?= =?utf-8?q?70MV/FN/BL8XW58Mx44WhttaH3LnD7O+r97JxR9L8NYnTLHbIeKYEPhBbrQjcS8RG?= =?utf-8?q?gf2YfpMtDPSRU438jVIoII2hiLVUAeSEfjf+OEdwQxetDFThPNchL2nXTpbYFiv9T?= =?utf-8?q?VlUaXvQHmAyvK6B5hfnrryHwuPpUUtY8ZCrC1vRc+50Ld3/2IU7NxjZXChK6r1NK3?= =?utf-8?q?p5m8dLKX/8u5xwlfASCeUHfOJzUyiHPq8EMh5+BZ5xc9obLDJ8m1xGofCLxUAEZEx?= =?utf-8?q?mGiKC9+hUbDYGtpNoMGfctfv9WEbqcQy9pC8KY5nOuvANKG9dQoHG/ja5dEgFdo/I?= =?utf-8?q?ayuUapf+ExejCzvMzkbBH2yjiZooKeYtzhzbQgG589Z6cZDbn7f8kcbik8yofK434?= =?utf-8?q?CCFd3NnzZfJv6CS7+3URH0RKkugPAjm9uqxQSpQ3o+fujHVpqCRIEhOUY2XYlif6+?= =?utf-8?q?yViPO9Y3NnvXGXxw7zEXa6dLaWTNN2TMyOvVtla6B6ux3N7z9/jJaMT0QS2TSiYir?= =?utf-8?q?fTt2Ol4T4/zL?= X-OriginatorOrg: lineo.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 92ddfac8-a528-4e1f-76cf-08dc0db42a57 X-MS-Exchange-CrossTenant-AuthSource: OSZPR01MB6309.jpnprd01.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2024 06:04:23.6350 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 850e1ad4-d43d-42a8-82ab-c68675f36887 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Il95kSVYsjDqomfI0qd+wQMoxo94cJjkG4862UX1g/gBY5mU5k+dsLwou3zWKkoCw+fXd2IOJPGBr8MeiwsuMw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: OSZPR01MB8564 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jan 2024 06:04:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/193342 From: Yuta Hayama Signed-off-by: Yuta Hayama --- Please do not apply this. For now, this is just my question. I think the issue of [YOCTO #14929] is partially still there. https://bugzilla.yoctoproject.org/show_bug.cgi?id=14929 Certainly, now that 8efe99214d has been applied, do_cve_check no longer runs on broken DB file. However, if the first cve-update-nvd2-native:do_fetch run after creating the build environment fails to save CVE_CHECK_DB_FILE, do_fetch will have succeeded even though the DB file does not exist. This may be confusing. * do_cve_check seems to exit without doing anything if CVE_CHECK_DB_FILE is not existing. At this time, do_cve_check only logs in bb.note() and nothing seems to appear in the console. This may make it difficult for the user to understand what happened. * Similar to cve-update-nvd2-native:do_fetch, do_cve_check is also successful even though it does not actually do anything. Yes, a check like this patch may be needed for cve-check.bbclass... I have written a task in our own recipe (sorry, we can't publish it) that depends on do_cve_check and expects ${WORKDIR}/temp/cve.log to be present, but I have found that the task may not work because of this. I don't know if I didn't understand do_cve_check well or if the current behavior is not good... First, I would like to ask why cve-update-nvd2-native:do_fetch and do_cve_check are completing successfully even when the DB file does not exist. Well, NVD API frequently fails with errors, so I don't think it is necessary to fail the do_fetch task if it "just failed to update". But other than that, I feel it's better to make an error... Thanks, meta/recipes-core/meta/cve-update-nvd2-native.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index bfe48b27e7..42e50d9cd1 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -83,6 +83,9 @@ python do_fetch() { # Update failed, do not modify the database bb.warn("CVE database update failed") os.remove(db_tmp_file) + + if not os.path.isfile(db_file): + bb.error("Failed to fetch the CVE DB. do_cve_check run after this will not work.") } do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"