Message ID | 20220427132228.1179532-1-ross.burton@arm.com |
---|---|
State | Accepted, archived |
Commit | 2c9b3186d3b7c18cbea239ab9b06e85b7c243b54 |
Headers | show |
Series | cve-check: no need to depend on the fetch task | expand |
On Wed, Apr 27, 2022 at 3:22 PM Ross Burton <ross.burton@arm.com> wrote: > The only part of the cve-check task which needs files is the patch > examination, and typically these patches are local so fetch isn't needed. > > Signed-off-by: Ross Burton <ross.burton@arm.com> > --- > meta/classes/cve-check.bbclass | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/classes/cve-check.bbclass > b/meta/classes/cve-check.bbclass > index 78516d0bb6..7cf206299b 100644 > --- a/meta/classes/cve-check.bbclass > +++ b/meta/classes/cve-check.bbclass > @@ -126,7 +126,7 @@ python do_cve_check () { > > } > > -addtask cve_check before do_build after do_fetch > +addtask cve_check before do_build > do_cve_check[depends] = "cve-update-db-native:do_fetch" > do_cve_check[nostamp] = "1" > > -- > 2.25.1 > > A side-effect of this change is that we seem to not be downloading the NVD database anymore... This is probably not exactly what we want right now. Kind regards, Marta
> On 28 Apr 2022, at 09:16, Marta Rybczynska <rybczynska@gmail.com> wrote: > A side-effect of this change is that we seem to not be downloading the NVD database > anymore... This is probably not exactly what we want right now. That’s unexpected, as the NVD fetch is in another recipe entirely. Note that the NVD fetch only happens once a day, so it’s possible it just executed very fast. Ross
On Thu, Apr 28, 2022 at 11:17 AM Ross Burton <Ross.Burton@arm.com> wrote: > > > > On 28 Apr 2022, at 09:16, Marta Rybczynska <rybczynska@gmail.com> wrote: > > A side-effect of this change is that we seem to not be downloading the > NVD database > > anymore... This is probably not exactly what we want right now. > > > That’s unexpected, as the NVD fetch is in another recipe entirely. > > Note that the NVD fetch only happens once a day, so it’s possible it just > executed very fast. > This patch is fine. The error I'm seeing is a different one: the condition of one hour between the fetches does not always work. Under debug right now, will post a fix when I have it. Marta
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 78516d0bb6..7cf206299b 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -126,7 +126,7 @@ python do_cve_check () { } -addtask cve_check before do_build after do_fetch +addtask cve_check before do_build do_cve_check[depends] = "cve-update-db-native:do_fetch" do_cve_check[nostamp] = "1"
The only part of the cve-check task which needs files is the patch examination, and typically these patches are local so fetch isn't needed. Signed-off-by: Ross Burton <ross.burton@arm.com> --- meta/classes/cve-check.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)