diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb')
| -rw-r--r-- | import-layers/yocto-poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb b/import-layers/yocto-poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb index 1baadea8e..1f906ee0a 100644 --- a/import-layers/yocto-poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb +++ b/import-layers/yocto-poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb @@ -9,18 +9,22 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e8c1458438ead3c34974bc0be3a03ed6" SRC_URI = "https://github.com/ikeydoherty/${BPN}/releases/download/v${PV}/${BP}.tar.xz \ file://check-for-malloc_trim-before-using-it.patch \ file://0001-print-progress-in-percent-when-downloading-CVE-db.patch \ + file://0001-curl-allow-overriding-default-CA-certificate-file.patch \ + file://0001-update-Compare-computed-vs-expected-sha256-digit-str.patch \ " SRC_URI[md5sum] = "c5f4247140fc9be3bf41491d31a34155" SRC_URI[sha256sum] = "b8f283be718af8d31232ac1bfc10a0378fb958aaaa49af39168f8acf501e6a5b" +UPSTREAM_CHECK_URI = "https://github.com/ikeydoherty/cve-check-tool/releases" + DEPENDS = "libcheck glib-2.0 json-glib curl libxml2 sqlite3 openssl ca-certificates" RDEPENDS_${PN} = "ca-certificates" inherit pkgconfig autotools -EXTRA_OECONF = "--disable-coverage" +EXTRA_OECONF = "--disable-coverage --enable-relative-plugins" CFLAGS_append = " -Wno-error=pedantic" do_populate_cve_db() { @@ -37,7 +41,8 @@ do_populate_cve_db() { [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check" bbdebug 2 "Updating cve-check-tool database located in $cve_dir" - if cve-check-update -d "$cve_dir" ; then + # --cacert works around curl-native not finding the CA bundle + if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date --utc +'%F %T')" > "$cve_file" else bbwarn "Error in executing cve-check-update" @@ -48,6 +53,7 @@ do_populate_cve_db() { } addtask populate_cve_db after do_populate_sysroot +do_populate_cve_db[depends] = "cve-check-tool-native:do_populate_sysroot" do_populate_cve_db[nostamp] = "1" do_populate_cve_db[progress] = "percent" |