cve-check: short-circuit checking if CVE_PRODUCT isn't set

For some recipes is is meaningless to do a CVE check, for example packagegroups or images. Check that CVE_PRODUCT is set and short-circuit the scan if it isn't. (From OE-Core rev: d1e7cb5c9e0d5d253b6bb5c968fa58944ea42d06) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-02-25 19:09:41 +01:00 · 2018-02-09 12:43:17 +00:00
parent 4873716c0c
commit 325096cd2a
1 changed files with 3 additions and 0 deletions
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves):
    cves_patched = []
    cves_unpatched = []
    bpn = d.getVar("CVE_PRODUCT")
+    # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
+    if not bpn:
+        return ([], [])
    pv = d.getVar("CVE_VERSION").split("+git")[0]
    cves = " ".join(patched_cves)
    cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")