cve-check: short-circuit checking if CVE_PRODUCT isn't set

For some recipes is is meaningless to do a CVE check, for example packagegroups
or images.  Check that CVE_PRODUCT is set and short-circuit the scan if it
isn't.

Signed-off-by: Ross Burton <ross.burton@intel.com>

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061e883fa7b1b1e06d290d2a8544bdc7342c3dae..d8087dd7c6816ffcb635cbe50a3bebd983d3e90c 100644 (file)
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves):
     cves_patched = []
     cves_unpatched = []
     bpn = d.getVar("CVE_PRODUCT")
+    # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
+    if not bpn:
+        return ([], [])
     pv = d.getVar("CVE_VERSION").split("+git")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")