diff mbox series

[dunfell,04/16] cve-update-db-native: show IP on failure

Message ID 48c0e427675f4c99c395cc0a75743ac70eb64802.1674657501.git.steve@sakoman.com
State New, archived
Headers show
Series [dunfell,01/16] cve-update-db-native: Allow to overrule the URL in a bbappend. | expand

Commit Message

Steve Sakoman Jan. 25, 2023, 2:41 p.m. UTC 
From: Ross Burton <ross.burton@arm.com>

We get random SSL failures when fetching the CVE database, and it's
notable that the NVD server is behind a DNS round-robin or geographically
diverse servers.

On a hunch that there is one misconfigured server, dump the IP that we
connected to.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91f46d431dc8f40e8c6475c800bb61cb08b82b0a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-db-native.bb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 28605bc13b..efc32470d3 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -129,7 +129,10 @@  def update_db_file(db_tmp_file, d):
                 response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout)
             except urllib.error.URLError as e:
                 cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
-                bb.warn("Failed to fetch CVE data (%s)" % e.reason)
+                bb.warn("Failed to fetch CVE data (%s)" % e)
+                import socket
+                result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP)
+                bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result)))
                 return False
 
             if response: