diff options
author | Ross Burton <ross@burtonini.com> | 2022-02-23 12:54:31 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-09 17:30:48 +0000 |
commit | 99bb7a2d3083c7ed1e10261a6c0cd872cf9947f6 (patch) | |
tree | 454cded197ba9597e21b12265c2c38bc6818bd8f | |
parent | 18161d9e478011bd0e651afcbf2dd780022f26be (diff) | |
download | poky-99bb7a2d3083c7ed1e10261a6c0cd872cf9947f6.tar.gz |
cve-check: get_cve_info should open the database read-only
All of the function in cve-check should open the database read-only, as
the only writer is the fetch task in cve-update-db. However,
get_cve_info() was failing to do this, which might be causing locking
issues with sqlite.
(From OE-Core rev: 2b3d13a451e99db669977d4d1172653b736ae6e1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8de517238f1f418d9af1ce312d99de04ce2e26fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/classes/cve-check.bbclass | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 6b627464a0..5369b7074c 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -323,7 +323,8 @@ def get_cve_info(d, cves): | |||
323 | import sqlite3 | 323 | import sqlite3 |
324 | 324 | ||
325 | cve_data = {} | 325 | cve_data = {} |
326 | conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE")) | 326 | db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") |
327 | conn = sqlite3.connect(db_file, uri=True) | ||
327 | 328 | ||
328 | for cve in cves: | 329 | for cve in cves: |
329 | for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): | 330 | for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): |