diff options
| author | Chris Laplante <chris.laplante@agilent.com> | 2020-09-09 16:51:07 -0400 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-09-10 13:48:26 +0100 |
| commit | 9ba2f3b8c3937bb4a3376d5537774f1dbb321bef (patch) | |
| tree | ea42009fce42ea85c7d1b1121fce5ca3ad7aac9d | |
| parent | 1b836a17ec36819f602fcdc70987f1443a969893 (diff) | |
| download | poky-9ba2f3b8c3937bb4a3376d5537774f1dbb321bef.tar.gz | |
cve-check/cve-update-db-native: use lockfile to fix usage under multiconfig
Previously CVE_CHECK_DB_FILE / CVE_CHECK_DB_DIR was the same across
multiconfigs which led to a race condition wherein multiple
cve-update-db-native:do_populate_cve_db tasks could attempt to write to
the same sqlite database. This led to the following task failure:
Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_populate_cve_db(d)
0003:
File: '/mnt/data/agent/work/74f119cccb44f133/yocto/sources/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 103, function: do_populate_cve_db
0099: if year == date.today().year:
0100: cve_f.write('CVE database update : %s\n\n' % date.today())
0101:
0102: cve_f.close()
*** 0103: conn.commit()
0104: conn.close()
0105:}
0106:
0107:def initialize_db(c):
Exception: sqlite3.OperationalError: disk I/O error
Use a lockfile to ensure multiple tasks don't step over each other.
(From OE-Core rev: 24e9380643a2ae3fcae193519cb64aedaf682153)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/cve-check.bbclass | 1 | ||||
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 0889e7544a..35b7d0f298 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -27,6 +27,7 @@ CVE_VERSION ??= "${PV}" | |||
| 27 | 27 | ||
| 28 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" | 28 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" |
| 29 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" | 29 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" |
| 30 | CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" | ||
| 30 | 31 | ||
| 31 | CVE_CHECK_LOG ?= "${T}/cve.log" | 32 | CVE_CHECK_LOG ?= "${T}/cve.log" |
| 32 | CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" | 33 | CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" |
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 2221825bf8..d22b66f6c7 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
| @@ -52,8 +52,7 @@ python do_populate_cve_db() { | |||
| 52 | 52 | ||
| 53 | cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') | 53 | cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') |
| 54 | 54 | ||
| 55 | if not os.path.isdir(db_dir): | 55 | bb.utils.mkdirhier(db_dir) |
| 56 | os.mkdir(db_dir) | ||
| 57 | 56 | ||
| 58 | # Connect to database | 57 | # Connect to database |
| 59 | conn = sqlite3.connect(db_file) | 58 | conn = sqlite3.connect(db_file) |
| @@ -114,6 +113,8 @@ python do_populate_cve_db() { | |||
| 114 | conn.close() | 113 | conn.close() |
| 115 | } | 114 | } |
| 116 | 115 | ||
| 116 | do_populate_cve_db[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" | ||
| 117 | |||
| 117 | def initialize_db(c): | 118 | def initialize_db(c): |
| 118 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") | 119 | c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") |
| 119 | 120 | ||