diff options
author | Joshua Watt <JPEWhacker@gmail.com> | 2022-08-30 10:59:39 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-09-12 08:41:47 +0100 |
commit | 8856232de42099654a5d2cc8bc422d1e430a0ab4 (patch) | |
tree | 725369f73bb94e97a0147afbccf60f1f5d4653dd /meta | |
parent | 72aa63fcf5f1b877f71d6f3ef6201f9058aa54f0 (diff) | |
download | poky-8856232de42099654a5d2cc8bc422d1e430a0ab4.tar.gz |
classes: cve-check: Get shared database lock
The CVE check database needs to have a shared lock acquired on it before
it is accessed. This to prevent cve-update-db-native from deleting the
database file out from underneath it.
[YOCTO #14899]
(From OE-Core rev: 655bc5acdebdee9b4dfd3c964104a84b6845b2d4)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 20a9911b73df62a0d0d1884e57085f13ac5016dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes/cve-check.bbclass | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index da7f93371c..b751c986ef 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -139,17 +139,18 @@ python do_cve_check () { | |||
139 | """ | 139 | """ |
140 | from oe.cve_check import get_patched_cves | 140 | from oe.cve_check import get_patched_cves |
141 | 141 | ||
142 | if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): | 142 | with bb.utils.fileslocked([d.getVar("CVE_CHECK_DB_FILE_LOCK")], shared=True): |
143 | try: | 143 | if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): |
144 | patched_cves = get_patched_cves(d) | 144 | try: |
145 | except FileNotFoundError: | 145 | patched_cves = get_patched_cves(d) |
146 | bb.fatal("Failure in searching patches") | 146 | except FileNotFoundError: |
147 | ignored, patched, unpatched, status = check_cves(d, patched_cves) | 147 | bb.fatal("Failure in searching patches") |
148 | if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): | 148 | ignored, patched, unpatched, status = check_cves(d, patched_cves) |
149 | cve_data = get_cve_info(d, patched + unpatched + ignored) | 149 | if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): |
150 | cve_write_data(d, patched, unpatched, ignored, cve_data, status) | 150 | cve_data = get_cve_info(d, patched + unpatched + ignored) |
151 | else: | 151 | cve_write_data(d, patched, unpatched, ignored, cve_data, status) |
152 | bb.note("No CVE database found, skipping CVE check") | 152 | else: |
153 | bb.note("No CVE database found, skipping CVE check") | ||
153 | 154 | ||
154 | } | 155 | } |
155 | 156 | ||