diff options
| author | Joshua Watt <JPEWhacker@gmail.com> | 2022-08-30 10:59:39 -0500 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-09-12 08:41:47 +0100 |
| commit | 8856232de42099654a5d2cc8bc422d1e430a0ab4 (patch) | |
| tree | 725369f73bb94e97a0147afbccf60f1f5d4653dd /meta/classes | |
| parent | 72aa63fcf5f1b877f71d6f3ef6201f9058aa54f0 (diff) | |
| download | poky-8856232de42099654a5d2cc8bc422d1e430a0ab4.tar.gz | |
classes: cve-check: Get shared database lock
The CVE check database needs to have a shared lock acquired on it before
it is accessed. This to prevent cve-update-db-native from deleting the
database file out from underneath it.
[YOCTO #14899]
(From OE-Core rev: 655bc5acdebdee9b4dfd3c964104a84b6845b2d4)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 20a9911b73df62a0d0d1884e57085f13ac5016dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index da7f93371c..b751c986ef 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -139,17 +139,18 @@ python do_cve_check () { | |||
| 139 | """ | 139 | """ |
| 140 | from oe.cve_check import get_patched_cves | 140 | from oe.cve_check import get_patched_cves |
| 141 | 141 | ||
| 142 | if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): | 142 | with bb.utils.fileslocked([d.getVar("CVE_CHECK_DB_FILE_LOCK")], shared=True): |
| 143 | try: | 143 | if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): |
| 144 | patched_cves = get_patched_cves(d) | 144 | try: |
| 145 | except FileNotFoundError: | 145 | patched_cves = get_patched_cves(d) |
| 146 | bb.fatal("Failure in searching patches") | 146 | except FileNotFoundError: |
| 147 | ignored, patched, unpatched, status = check_cves(d, patched_cves) | 147 | bb.fatal("Failure in searching patches") |
| 148 | if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): | 148 | ignored, patched, unpatched, status = check_cves(d, patched_cves) |
| 149 | cve_data = get_cve_info(d, patched + unpatched + ignored) | 149 | if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): |
| 150 | cve_write_data(d, patched, unpatched, ignored, cve_data, status) | 150 | cve_data = get_cve_info(d, patched + unpatched + ignored) |
| 151 | else: | 151 | cve_write_data(d, patched, unpatched, ignored, cve_data, status) |
| 152 | bb.note("No CVE database found, skipping CVE check") | 152 | else: |
| 153 | bb.note("No CVE database found, skipping CVE check") | ||
| 153 | 154 | ||
| 154 | } | 155 | } |
| 155 | 156 | ||