From 1085d57ef374364f06b4162493b5262afc6f5bf3 Mon Sep 17 00:00:00 2001 From: Alexis Mousset Date: Mon, 28 Oct 2024 10:39:57 +0100 Subject: [PATCH] Fixes #25745: db error about pid column (#5968) --- policies/module-types/system-updates/README.md | 6 +++++- policies/module-types/system-updates/src/db.rs | 16 +++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/policies/module-types/system-updates/README.md b/policies/module-types/system-updates/README.md index 82330648a7..0f311534cd 100644 --- a/policies/module-types/system-updates/README.md +++ b/policies/module-types/system-updates/README.md @@ -170,4 +170,8 @@ The APT support is enabled with the `apt` feature: ```shell cargo build --release --features=apt -``` \ No newline at end of file +``` + +### Security + +This module needs to run as root, and protects its database with `600` permissions. diff --git a/policies/module-types/system-updates/src/db.rs b/policies/module-types/system-updates/src/db.rs index 991051254f..1bf526bc4b 100644 --- a/policies/module-types/system-updates/src/db.rs +++ b/policies/module-types/system-updates/src/db.rs @@ -122,11 +122,15 @@ impl PackageDatabase { rudder_debug!("Running pid migration"); let r = self .conn - .execute("select pid from update_events limit 1", ()); - if r.is_err() { - rudder_debug!("Adding the pid column"); - self.conn - .execute("alter table update_events add pid integer", ())?; + .query_row("select pid from update_events limit 1", [], |_| Ok(())); + match r { + Ok(_) => (), + Err(rusqlite::Error::QueryReturnedNoRows) => (), + Err(_) => { + rudder_debug!("Adding the pid column"); + self.conn + .execute("alter table update_events add pid integer", ())?; + } } Ok(()) } @@ -372,6 +376,8 @@ mod tests { let mut db = PackageDatabase::open_existing(conn); db.migration_add_pid().unwrap(); + // can run twice + db.migration_add_pid().unwrap(); let conn = db.into_connection(); let r = conn.execute("select pid from update_events", ());