[oe-commits] [openembedded-core] 25/29: cve-check.bbclass: do not download the CVE DB in package-specific tasks

git at git.openembedded.org git at git.openembedded.org
Thu Sep 27 11:18:30 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch sumo
in repository openembedded-core.

commit 2f84939b0e17dfba1fc43bf053871ea930d9a04c
Author: Konstantin Shemyak <konstantin.shemyak at ge.com>
AuthorDate: Mon Aug 13 10:23:28 2018 +0300

    cve-check.bbclass: do not download the CVE DB in package-specific tasks
    
    Disable downloading of the vulnerability DB in do_check_cves() task.
    
    When invoked in this task, cve-check-tool attempts re-download of the CVE DB
    if the latter is older than certain threshold. While reasonable for a
    stand-alone CVE checker, this behavior can cause errors in parallel builds
    if the build time is longer than this threshold:
    * Other tasks might be using the DB.
    * Several packages can start the download of the same file at the same time.
    
    This check is not really needed, as the DB has been downloaded by
    cve_check_tool:do_populate_cve_db() which is a prerequisite of any do_build().
    The DB will be at most (threshold + build_time) old.
    
    (From OE-Core rev: 125789b6ee6d47ab84192230f63971c4e22418ba)
    
    Signed-off-by: Konstantin Shemyak <konstantin.shemyak at ge.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 meta/classes/cve-check.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 4d99838..12ad3e5 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -179,7 +179,7 @@ def check_cves(d, patched_cves):
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
     cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))
     cve_cmd = "cve-check-tool"
-    cmd = [cve_cmd, "--no-html", "--csv", "--not-affected", "-t", "faux", "-d", cve_db_dir]
+    cmd = [cve_cmd, "--no-html", "--skip-update", "--csv", "--not-affected", "-t", "faux", "-d", cve_db_dir]
 
     # If the recipe has been whitlisted we return empty lists
     if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split():

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list