diff options
| author | Ross Burton <ross@burtonini.com> | 2022-02-23 12:54:31 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-02-25 12:41:23 +0000 |
| commit | 440f07d211841147f2d2b6016a20b75747f45752 (patch) | |
| tree | 3767082d11ec8aec79e79ec4b9e5becde9d13fb5 /meta/classes/cve-check.bbclass | |
| parent | fa1721d3af13bd9d8f484ab72205be121bcebc93 (diff) | |
| download | poky-440f07d211841147f2d2b6016a20b75747f45752.tar.gz | |
cve-check: get_cve_info should open the database read-only
All of the function in cve-check should open the database read-only, as
the only writer is the fetch task in cve-update-db. However,
get_cve_info() was failing to do this, which might be causing locking
issues with sqlite.
(From OE-Core rev: 8de517238f1f418d9af1ce312d99de04ce2e26fc)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 2d69aeba4b..d715fbf4d8 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -265,7 +265,8 @@ def get_cve_info(d, cves): | |||
| 265 | import sqlite3 | 265 | import sqlite3 |
| 266 | 266 | ||
| 267 | cve_data = {} | 267 | cve_data = {} |
| 268 | conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE")) | 268 | db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") |
| 269 | conn = sqlite3.connect(db_file, uri=True) | ||
| 269 | 270 | ||
| 270 | for cve in cves: | 271 | for cve in cves: |
| 271 | for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): | 272 | for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): |