On Mon, 2024-10-14 at 18:15 +0200, Marta Rybczynska wrote: > I've analysed the corrupted file a bit. This is somewhat complex as I > do not have a "golden" copy with the > exact same content. However, what I can see: > 1. This is not a partial download, quite new CVEs from 2024 are > there (as from other years) > 2. Damaged records come from various years (a theory to check: if > they all have been recently modified) > 3. Only part of the database is broken and both NVD and PRODUCTS > tables. You can read various CVEs depending on how you format your > SELECT (getting all cve_ids works fine, for example) > > If you suspect there are jobs accessing the file that shouldn't, what > about installing inotify hooks on the file? > > As I've never seen such a corruption on my side, I could imagine > either an external job, or an effect of a re-download of the database > during tests (but this should use locks).
That is all useful data, thanks. I can add that on the autobuilders, the file is on NFS since DL_DIR is. Any worker can therefore in theory access it and inotify could be tricky to setup and monitor correctly in that setup. In your tests, do you run multiple releases against the database? I'm wondering if older sqlite versions in one of the older releases may be triggering this somehow it if tries to update the database? Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#205788): https://lists.openembedded.org/g/openembedded-core/message/205788 Mute This Topic: https://lists.openembedded.org/mt/108946499/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
