cve-check: get_cve_info should open the database read-only

All of the function in cve-check should open the database read-only, as the only writer is the fetch task in cve-update-db. However, get_cve_info() was failing to do this, which might be causing locking issues with sqlite. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8de517238f1f418d9af1ce312d99de04ce2e26fc) Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Ross Burton <ross@burtonini.com> 2022-02-23 12:54:31 +0000
committer: Steve Sakoman <steve@sakoman.com> 2022-03-03 07:43:07 -1000
commit: 2b3d13a451e99db669977d4d1172653b736ae6e1 (patch)
tree: 08c0aa057fabb8f2bb327428762af6204bfc1ddf
parent: c50688e1d0839d71e05a0d15dd948113d2ef83f6 (diff)
download: openembedded-core-contrib-2b3d13a451e99db669977d4d1172653b736ae6e1.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 6b627464a0..5369b7074c 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -323,7 +323,8 @@ def get_cve_info(d, cves):
     import sqlite3
 
     cve_data = {}
-    conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE"))
+    db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
+    conn = sqlite3.connect(db_file, uri=True)
 
     for cve in cves:
         for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
author	Ross Burton <ross@burtonini.com>	2022-02-23 12:54:31 +0000
committer	Steve Sakoman <steve@sakoman.com>	2022-03-03 07:43:07 -1000
commit	2b3d13a451e99db669977d4d1172653b736ae6e1 (patch)
tree	08c0aa057fabb8f2bb327428762af6204bfc1ddf
parent	c50688e1d0839d71e05a0d15dd948113d2ef83f6 (diff)
download	openembedded-core-contrib-2b3d13a451e99db669977d4d1172653b736ae6e1.tar.gz