[Git][security-tracker-team/security-tracker][master] 2 commits: attempt at fixing the security.db migration
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Tue Mar 18 09:25:42 GMT 2025
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7c614f7 by Helmut Grohne at 2025-02-27T05:44:50+01:00
attempt at fixing the security.db migration
The schema migration merged via the precomputed /data/json did not
practically work. When coming from version 23, dropping the
debsecan_data table results in:
apsw.LockedError: LockedError: database table is locked
While the root cause is not clear, the use of multiple concurrent
cursors is related. The ctor first creates a cursor and then every
_init* method creates its own cursor. Sharing the cursors makes the
error go away. This can also be partially seen in the migration from
schema version 21 where the drop code shares the cursor rather than
having its own _init* method like every other schema migration.
To structurally address this, pass the initial cursor to every schema
initialization method.
Fixes: f1fa755e8217 ("precompute /data/json and store it in side security.db")
- - - - -
bad56aea by Emilio Pozuelo Monfort at 2025-03-18T09:25:38+00:00
Merge branch 'helmutg/fix-db-migration' into 'master'
attempt at fixing the security.db migration
See merge request security-tracker-team/security-tracker!207
- - - - -
1 changed file:
- lib/python/security_db.py
Changes:
=====================================
lib/python/security_db.py
=====================================
@@ -272,9 +272,9 @@ class DB:
for (v,) in c.execute("PRAGMA user_version"):
if v == 0:
- self.initSchema()
+ self.initSchema(c)
elif v == 20:
- self._initSchema20()
+ self._initSchema20(c)
elif v == 21:
# Remove legacy views.
for view in ('testing_status', 'stable_status',
@@ -285,9 +285,9 @@ class DB:
pass
c.execute("PRAGMA user_version = 22")
elif v == 22:
- self._initSchema22()
+ self._initSchema22(c)
elif v == 23:
- self._initSchema23()
+ self._initSchema23(c)
elif v != self.schema_version:
if self.verbose:
print("DB: schema version mismatch: expected %d, got %d"
@@ -325,10 +325,8 @@ class DB:
"""Undos the changes in the transaction."""
cursor.execute("ROLLBACK")
- def initSchema(self):
+ def initSchema(self, cursor):
"""Creates the database schema."""
- cursor = self.cursor()
-
# Set the schema version to an invalid value which is
# different from zero. We can use this to detect a partially
# created schema.
@@ -467,9 +465,7 @@ class DB:
cursor.execute("PRAGMA user_version = %d" % self.schema_version)
- def _initSchema20(self):
- cursor = self.db.cursor()
-
+ def _initSchema20(self, cursor):
cursor.execute("PRAGMA user_version = 1")
self._initNoDSA(cursor)
self._initViews(cursor)
@@ -487,9 +483,7 @@ class DB:
PRIMARY KEY (bug_name, package, release))
""")
- def _initSchema22(self):
- cursor = self.db.cursor()
-
+ def _initSchema22(self, cursor):
cursor.execute("PRAGMA user_version = 1")
self._initNextPointRelease(cursor)
self._initExporters(cursor)
@@ -503,8 +497,7 @@ class DB:
PRIMARY KEY (cve_name, release))
""")
- def _initSchema23(self):
- cursor = self.db.cursor()
+ def _initSchema23(self, cursor):
cursor.execute("PRAGMA user_version = 1")
self._initExporters(cursor)
cursor.execute("PRAGMA user_version = %d" % self.schema_version)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/84469fa1d8ea67df1b6ade04ee66b12264343f99...bad56aea014b9d322c3384ab3df27a92e565fd72
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/84469fa1d8ea67df1b6ade04ee66b12264343f99...bad56aea014b9d322c3384ab3df27a92e565fd72
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250318/5c532d6d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list