From ed6995508336f294f226b494e156b7a77f5c3e60 Mon Sep 17 00:00:00 2001
From: Chris Laplante <chris.laplante@agilent.com>
Date: Wed, 9 Sep 2020 16:51:07 -0400
Subject: cve-check/cve-update-db-native: use lockfile to fix usage under
 multiconfig

Previously CVE_CHECK_DB_FILE / CVE_CHECK_DB_DIR was the same across
multiconfigs which led to a race condition wherein multiple
cve-update-db-native:do_populate_cve_db tasks could attempt to write to
the same sqlite database. This led to the following task failure:

    Error executing a python function in exec_python_func() autogenerated:

    The stack trace of python calls that resulted in this exception/failure was:
    File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
         0001:
     *** 0002:do_populate_cve_db(d)
         0003:
    File: '/mnt/data/agent/work/74f119cccb44f133/yocto/sources/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 103, function: do_populate_cve_db
         0099:        if year == date.today().year:
         0100:            cve_f.write('CVE database update : %s\n\n' % date.today())
         0101:
         0102:    cve_f.close()
     *** 0103:    conn.commit()
         0104:    conn.close()
         0105:}
         0106:
         0107:def initialize_db(c):
    Exception: sqlite3.OperationalError: disk I/O error

Use a lockfile to ensure multiple tasks don't step over each other.

(From OE-Core rev: f08604d27ecacfd37bd37bfaf4c76f17b8f65604)

Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 24e9380643a2ae3fcae193519cb64aedaf682153)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes/cve-check.bbclass                 | 1 +
 meta/recipes-core/meta/cve-update-db-native.bb | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 0889e7544a..35b7d0f298 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -27,6 +27,7 @@ CVE_VERSION ??= "${PV}"
 
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
+CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 2221825bf8..d22b66f6c7 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -52,8 +52,7 @@ python do_populate_cve_db() {
 
     cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
 
-    if not os.path.isdir(db_dir):
-        os.mkdir(db_dir)
+    bb.utils.mkdirhier(db_dir)
 
     # Connect to database
     conn = sqlite3.connect(db_file)
@@ -114,6 +113,8 @@ python do_populate_cve_db() {
         conn.close()
 }
 
+do_populate_cve_db[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+
 def initialize_db(c):
     c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
 
-- 
cgit v1.2.3-54-g00ecf