diff options
author | Konstantin Shemyak <konstantin.shemyak@ge.com> | 2018-08-13 10:23:28 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-27 12:17:46 +0100 |
commit | af42d0cae434c8f95c2d6c543e54c7d2b9bd65a5 (patch) | |
tree | 7a8e5505631fd40e79fb448ad256b352aaf7abcf /bitbake/LICENSE | |
parent | ac94652d02dff6a8a15d97d722b1a9d1b72560e5 (diff) | |
download | poky-af42d0cae434c8f95c2d6c543e54c7d2b9bd65a5.tar.gz |
cve-check.bbclass: do not download the CVE DB in package-specific tasks
Disable downloading of the vulnerability DB in do_check_cves() task.
When invoked in this task, cve-check-tool attempts re-download of the CVE DB
if the latter is older than certain threshold. While reasonable for a
stand-alone CVE checker, this behavior can cause errors in parallel builds
if the build time is longer than this threshold:
* Other tasks might be using the DB.
* Several packages can start the download of the same file at the same time.
This check is not really needed, as the DB has been downloaded by
cve_check_tool:do_populate_cve_db() which is a prerequisite of any do_build().
The DB will be at most (threshold + build_time) old.
(From OE-Core rev: 125789b6ee6d47ab84192230f63971c4e22418ba)
(From OE-Core rev: 2f84939b0e17dfba1fc43bf053871ea930d9a04c)
Signed-off-by: Konstantin Shemyak <konstantin.shemyak@ge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'bitbake/LICENSE')
0 files changed, 0 insertions, 0 deletions