From 8e6aaed8ffc9ff823056ad38ccc57c56f0afea26 Mon Sep 17 00:00:00 2001 From: Caner Altinbasak Date: Wed, 13 Oct 2021 13:14:41 +0100 Subject: bitbake: npmsw: Avoid race condition with multiple npm fetchers If multiple npmsw fetchers are trying to download the same npm file, one of them can try to download the file while other is calling verify. npmsw methods gets called without holding the lock, which causes race conditions in fetching and verification etc. Lock the lockfile before calling proxy fetcher methods. (Bitbake rev: fa39e6689d0f0fff772e1c81682698f4b1587b8a) Signed-off-by: Caner Altinbasak Signed-off-by: Richard Purdie --- bitbake/lib/bb/fetch2/npmsw.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bitbake/lib/bb/fetch2/npmsw.py b/bitbake/lib/bb/fetch2/npmsw.py index 9523cece1a..426a139653 100644 --- a/bitbake/lib/bb/fetch2/npmsw.py +++ b/bitbake/lib/bb/fetch2/npmsw.py @@ -30,6 +30,8 @@ from bb.fetch2.npm import npm_integrity from bb.fetch2.npm import npm_localfile from bb.fetch2.npm import npm_unpack from bb.utils import is_semver +from bb.utils import lockfile +from bb.utils import unlockfile def foreach_dependencies(shrinkwrap, callback=None, dev=False): """ @@ -195,7 +197,9 @@ class NpmShrinkWrap(FetchMethod): proxy_ud = ud.proxy.ud[proxy_url] proxy_d = ud.proxy.d proxy_ud.setup_localpath(proxy_d) + lf = lockfile(proxy_ud.lockfile) returns.append(handle(proxy_ud.method, proxy_ud, proxy_d)) + unlockfile(lf) return returns def verify_donestamp(self, ud, d): -- cgit v1.2.3-54-g00ecf