summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorKonstantin Shemyak <konstantin.shemyak@ge.com>2018-08-13 10:23:28 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-09-27 12:17:46 +0100
commitaf42d0cae434c8f95c2d6c543e54c7d2b9bd65a5 (patch)
tree7a8e5505631fd40e79fb448ad256b352aaf7abcf /meta
parentac94652d02dff6a8a15d97d722b1a9d1b72560e5 (diff)
downloadpoky-af42d0cae434c8f95c2d6c543e54c7d2b9bd65a5.tar.gz
cve-check.bbclass: do not download the CVE DB in package-specific tasks
Disable downloading of the vulnerability DB in do_check_cves() task. When invoked in this task, cve-check-tool attempts re-download of the CVE DB if the latter is older than certain threshold. While reasonable for a stand-alone CVE checker, this behavior can cause errors in parallel builds if the build time is longer than this threshold: * Other tasks might be using the DB. * Several packages can start the download of the same file at the same time. This check is not really needed, as the DB has been downloaded by cve_check_tool:do_populate_cve_db() which is a prerequisite of any do_build(). The DB will be at most (threshold + build_time) old. (From OE-Core rev: 125789b6ee6d47ab84192230f63971c4e22418ba) (From OE-Core rev: 2f84939b0e17dfba1fc43bf053871ea930d9a04c) Signed-off-by: Konstantin Shemyak <konstantin.shemyak@ge.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/classes/cve-check.bbclass2
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 4d998388b4..12ad3e5c5c 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -179,7 +179,7 @@ def check_cves(d, patched_cves):
179 cve_db_dir = d.getVar("CVE_CHECK_DB_DIR") 179 cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
180 cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST")) 180 cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))
181 cve_cmd = "cve-check-tool" 181 cve_cmd = "cve-check-tool"
182 cmd = [cve_cmd, "--no-html", "--csv", "--not-affected", "-t", "faux", "-d", cve_db_dir] 182 cmd = [cve_cmd, "--no-html", "--skip-update", "--csv", "--not-affected", "-t", "faux", "-d", cve_db_dir]
183 183
184 # If the recipe has been whitlisted we return empty lists 184 # If the recipe has been whitlisted we return empty lists
185 if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): 185 if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split():