This one is odd...
After scrolling through the log that I can get from a github pipeline
(sorry no runner log available) - I noticed
2022-03-03T05:39:23.2334189Z WARNING: cve-update-db-native-1.0-r0
do_fetch: Failed to fetch CVE data ([Errno 99] Cannot assign requested
address)
2022-03-03T05:39:23.2569941Z NOTE: recipe cve-update-db-native-1.0-r0:
task do_fetch: Succeeded
and then do_cve_check run on that recipe
2022-03-03T05:39:56.6239005Z NOTE: Running task 4428 of 5120
(/opt/build/sources/poky/meta/recipes-core/meta/cve-update-db-native.bb:do_cve_check)
before failing with 2022-03-03T05:39:56.8063851Z Exception:
sqlite3.OperationalError: attempt to write a readonly database
this doesn't look right to me - maybe there's something special about my
settings - I will try to recreate that locally
On 03.03.22 12:27, Ross Burton wrote:
:tableflip:
Thanks, I guess!
Can you share the full bitbake log from that run? I'd like to see what
jobs are running in parallel.
Ross
On Thu, 3 Mar 2022 at 11:10, Konrad Weihmann <[email protected]> wrote:
Single from scratch build of core-image-minimal
On 03.03.22 12:07, Ross Burton wrote:
What's the scenario where this is happening? Multiple build
directories using the same DL_DIR? Or was this a single build?
Ross
On Thu, 3 Mar 2022 at 08:10, Konrad Weihmann <[email protected]> wrote:
Sadly I encountered this here last night
NOTE: recipe cve-update-db-native-1.0-r0: task do_cve_check: Started
ERROR: cve-update-db-native-1.0-r0 do_cve_check: Error executing a
python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_cve_check(d)
0003:
File: '/opt/build/sources/poky/meta/classes/cve-check.bbclass', lineno:
104, function: do_cve_check
0100: try:
0101: patched_cves = get_patched_cves(d)
0102: except FileNotFoundError:
0103: bb.fatal("Failure in searching patches")
*** 0104: whitelisted, patched, unpatched = check_cves(d,
patched_cves)
0105: if patched or unpatched:
0106: cve_data = get_cve_info(d, patched + unpatched)
0107: cve_write_data(d, patched, unpatched,
whitelisted, cve_data)
0108: else:
File: '/opt/build/sources/poky/meta/classes/cve-check.bbclass', lineno:
198, function: check_cves
0194: else:
0195: vendor = "%"
0196:
0197: # Find all relevant CVE IDs.
*** 0198: for cverow in conn.execute("SELECT DISTINCT ID FROM
PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
0199: cve = cverow[0]
0200:
0201: if cve in cve_whitelist:
0202: bb.note("%s-%s has been whitelisted for %s" %
(product, pv, cve))
Exception: sqlite3.OperationalError: attempt to write a readonly database
So it seems your patch doesn't solve the issue
On 23.02.22 13:54, Ross Burton wrote:
All of the function in cve-check should open the database read-only, as
the only writer is the fetch task in cve-update-db. However,
get_cve_info() was failing to do this, which might be causing locking
issues with sqlite.
Signed-off-by: Ross Burton <[email protected]>
---
meta/classes/cve-check.bbclass | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 2d69aeba4b..d715fbf4d8 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -265,7 +265,8 @@ def get_cve_info(d, cves):
import sqlite3
cve_data = {}
- conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE"))
+ db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
+ conn = sqlite3.connect(db_file, uri=True)
for cve in cves:
for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162653):
https://lists.openembedded.org/g/openembedded-core/message/162653
Mute This Topic: https://lists.openembedded.org/mt/89339702/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
