From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <isar-users+bncBCHIPONZWECRBEWWSS5QMGQERU74JAY@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Fri, 20 Dec 2024 09:30:18 +0100
X-Sieve: CMU Sieve 2.4
Received: from mail-lj1-f184.google.com (mail-lj1-f184.google.com [209.85.208.184])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 4BK8UHnZ014256
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupi@ilbers.de>; Fri, 20 Dec 2024 09:30:18 +0100
Received: by mail-lj1-f184.google.com with SMTP id 38308e7fff4ca-30221227ec8sf9481801fa.0
        for <iupi@ilbers.de>; Fri, 20 Dec 2024 00:30:18 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1734683412; cv=pass;
        d=google.com; s=arc-20240605;
        b=GwsjMnzcrSQNf5gLgoKbMD8LHO0YZHDaTYxNCzXPOul3F5GYAU9IlQmYcaypOlhLlj
         V9EI7MyerYK9v4TV3QtVmuSQjuQK4D2ADviYEslXyVBOiOs9ZFcTDoPXKPtwitEA0W0X
         xdyiSz3b5n4Zo/6y8R4QcqUKrU0gpdZZy7GWew1y0epP1trl/x28zn0K7fM3B2Nu9tiB
         kfHlI3tolEu6S6dsiKkeR+hhlB3um2LZoBGXdZt0vkQL4wF4JsX7e2IovHPDLkN2DcWE
         iSBh9zFfYAc2PVgpgxjFH20Ct7Q5vW/zFbUpjiBw6jBsdTfD8XCRcuGP3mnqrLB6mobd
         bnhQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=VHen90Xy6sjH9SFtAdO5y13eg3kS00eChTVpGgya+7o=;
        fh=/OTnTeOc5wLsu5Pmc6NcElFbpANqZq4dssLKugIuYLI=;
        b=WxllUapJNvJ6b1/5YGZ6duWR0+araJdVa8wuZJp/pm1ucAMX/vQpbRoq30YnDnM5M3
         BST1HlbFFNqf7hevfjvHLzALgjdDfca67eu1yWv7LqQwm20Jdhape/Z++4bT5If1+zbx
         RjsDjf5o/H6alfSvgmcvy1EqEJhdVnZZYp5SoVk8n0xGiBcPw8kIcR93rIz8WglNzYPG
         JkqryeIdDiPt4ThpyCEBRIdJGf1luDfEdzluPAx0j+vy0HzhtQokUlb9fgjgwUhImXKH
         LxnfGLyOK52yj5/1cyGmZPND11onbCMsQVlzQztQf9kRRwgG89aPlQm7Eyf9w/pjpXkU
         DThw==;
        darn=ilbers.de
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1734683412; x=1735288212; darn=ilbers.de;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VHen90Xy6sjH9SFtAdO5y13eg3kS00eChTVpGgya+7o=;
        b=YaL9/z0vDBcNsyiRo5e8K0jGV4/5r6vIyAq1B/tCg/nyNpJJlfalXZ+Bbqjm5MAvT6
         yhAu+e1NtyxfFn8XRz+ni8FK2+o/QtcOw0Ct7HBPogSzCrJnxaQkb1AaaY5XS87rau2u
         GH7z3nWnbX5crUpwTacAMItLNeZYzzEV+MABOZ8ML7EG9NYsehHL0smgnXb1GpfP3MFm
         8K/eMu3jZKG9nuP1JVlZPWm6zqduHukGFmPqD4QVbOYS7Qq/2tGmTdAYSNSNdZSMeh+C
         hA6FZ6OOnDjxQVUyF9Lx2Cv5zSSy74Hv9LJaPtWEfGNApftB0hShAiuFYJ2wXLKSpGXh
         Vq8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734683412; x=1735288212;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence
         :x-original-authentication-results:x-original-sender:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
         :message-id:reply-to;
        bh=VHen90Xy6sjH9SFtAdO5y13eg3kS00eChTVpGgya+7o=;
        b=aS4oFLZeo7WmKUaIJRnTkP0sitk5hRXL2KUyGtGQ1/t5eM4Q/52eGuExEY7w0cKEfh
         Qjo3n2XWlPfWcfP91ugybCHWT/hb/zgZlVsD9wamNbBBsA8+nibDVkUdnyKYvcTx5OKz
         OzRVpv8t7Crn3pgFszIhFLV0SWXh+jLO/A3Y5wsPMQr30/lf3w9kP/ZqmJBxyIWfErb6
         llUJrwCIIOBeYP1FJPWWwRkrIaLYmMzx7JYQj++mqG4UJBTHFUYz+ZhZb/cYURLNDlPp
         H51A7D+Pl8u7gZhVbDTgQG8Agow0IQHMUTAZsrm84H0Pt2z5Uomgya6ZKNUsDw85E8h8
         hwtQ==
Sender: isar-users@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCWtuRb3t3eCuHuAD2SBMv/+eqxvS8vInunYkVEq7dO8LqeSJoF2Ui9fNXUCPyv402l+R8zq@ilbers.de
X-Gm-Message-State: AOJu0YwQ9wbkNgeiEsuW1ThHfK4HssLxY/vAzAmmvJ1E8zXyEumo5WbF
	Nw0RevStT7YMlEPbsGoisqarc3CW5DuuXzaY4Yx/ODsNQYQJBebd
X-Google-Smtp-Source: AGHT+IHTCQX8XIDLY+0pIH8xpHKpBM1vKz5w7PnENcI0l1Ky/F+pk/A4QjgXJjGekvYtdnXJB0eXOg==
X-Received: by 2002:a05:651c:199e:b0:302:17e7:e176 with SMTP id 38308e7fff4ca-3046850a20emr5497391fa.5.1734683410877;
        Fri, 20 Dec 2024 00:30:10 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a2e:7005:0:b0:302:1cfa:245c with SMTP id 38308e7fff4ca-30457ee23c5ls1601361fa.0.-pod-prod-04-eu;
 Fri, 20 Dec 2024 00:30:08 -0800 (PST)
X-Received: by 2002:a05:6512:3e2a:b0:540:2311:28c5 with SMTP id 2adb3069b0e04-5422956c4c7mr481632e87.57.1734683408488;
        Fri, 20 Dec 2024 00:30:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1734683408; cv=none;
        d=google.com; s=arc-20240605;
        b=d/iB23uLefjDZtmB/o6On2myq8Yjt1YIm/KbvCWn4+YGcFA2ZEIVnXWUkQsYtu9tuo
         LgO+JenytJutRxoyqJn10k52Y9jBE4KKNHOF5NhRBidGKcapzRgmjNNiFDaDBlcWik6H
         9tlUug6YogdVRN0Y5L0UyiSwEPrRKFH1dthL5v9gQsJ4BxNtxAny+2ay6nR803tq/HcX
         Nheamergfiz+mzR6wqq5gHgOLddWpe+9yIYgHpuFzXfIidrNhydCnPLZnybbkd7P7/ey
         2TXOSXsFS4qtdF+3EfH4e23p+6ZqvnJQ2GiFIcEswPYtvYrxm8bvtE4r5Whts+MV4Caq
         /eKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=tHdwPlg4d3qjN8utUjj4nm/N+ArKyWfsfaqK9Ptw3P4=;
        fh=/h9QQkzJ8EboVkWg45aWwpaUro6WMavIVd2OhN45RtE=;
        b=BBlME53uWYpYGbxg1SXvIrnoOmESY6fNTlSaxjer4D7wGbS/mS1CXW5QdDtUw21JlY
         UtEbfm9FD3Z1auPk0mO4SoqUtg0xAguQfyQiddSusIylPW/vzA03Mb88RgJ5iLSHrJEt
         peP7vom4FejarNPjpYLdgYxv/sFfLf3fm+gU4gLBW9oAaOZWr4ua7gKMZUdzbWxQhdGg
         Acw5SfrXR8XrU/oz6yuzqLRX0t2Nyit6hcLvUCAbdihUCUE8el7DLsoXDuSPUj5H3NFM
         YDdxggCPL/Nt+BwOe/gAx0D2gYCAVhpypvzyaujJlMR+C2LT6HCwctXjsxEk/5bbikfB
         HNuA==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-542235eb74fsi72172e87.3.2024.12.20.00.30.08
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Fri, 20 Dec 2024 00:30:08 -0800 (PST)
Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Received: from user-B660.promwad.corp ([159.148.83.114])
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 4BK8U6J4014233
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Fri, 20 Dec 2024 09:30:07 +0100
From: Anton Mikanovich <amikan@ilbers.de>
To: isar-users@googlegroups.com
Cc: Anton Mikanovich <amikan@ilbers.de>
Subject: [PATCH 1/1] meta: Protect schroot config management
Date: Fri, 20 Dec 2024 10:29:59 +0200
Message-Id: <20241220082959.3123651-2-amikan@ilbers.de>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20241220082959.3123651-1-amikan@ilbers.de>
References: <20241220082959.3123651-1-amikan@ilbers.de>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,
	RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-Original-Sender: amikan@ilbers.de
X-Original-Authentication-Results: gmr-mx.google.com;       spf=pass
 (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as
 permitted sender) smtp.mailfrom=amikan@ilbers.de
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>, <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>, <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-TUID: 4BMQzm+xewaF

As schroot itself is not thread safe and can fail in case of reading
chroot/session config files when other instance removing those files,
we need to add external locking for race protection.
Run schroot through flock protected script provided via PATH by
default. Also protect with the same lock removing of configs.

Signed-off-by: Anton Mikanovich <amikan@ilbers.de>
---
 meta/classes/dpkg.bbclass   |  3 +++
 meta/classes/sbuild.bbclass |  6 ++++++
 scripts/schroot             | 43 +++++++++++++++++++++++++++++++++++++
 3 files changed, 52 insertions(+)
 create mode 100755 scripts/schroot

diff --git a/meta/classes/dpkg.bbclass b/meta/classes/dpkg.bbclass
index ef85890a..64404103 100644
--- a/meta/classes/dpkg.bbclass
+++ b/meta/classes/dpkg.bbclass
@@ -96,6 +96,9 @@ dpkg_runbuild() {
 
     export SBUILD_CONFIG="${SBUILD_CONFIG}"
 
+    # Provide locking filter for schroot
+    sbuild_add_env_filter "PATH"
+
     for envvar in http_proxy HTTP_PROXY https_proxy HTTPS_PROXY \
         ftp_proxy FTP_PROXY no_proxy NO_PROXY; do
         sbuild_add_env_filter "$envvar"
diff --git a/meta/classes/sbuild.bbclass b/meta/classes/sbuild.bbclass
index f68e8735..1ab72aad 100644
--- a/meta/classes/sbuild.bbclass
+++ b/meta/classes/sbuild.bbclass
@@ -14,6 +14,9 @@ SCHROOT_CONF_FILE ?= "${SCHROOT_CONF}/chroot.d/${SBUILD_CHROOT}"
 
 SBUILD_CONFIG="${WORKDIR}/sbuild.conf"
 
+# Lockfile available for all the users
+SCHROOT_LOCKFILE = "/tmp/schroot.lock"
+
 schroot_create_configs() {
     mkdir -p "${TMPDIR}/schroot-overlay"
     echo "Creating ${SCHROOT_CONF_FILE}"
@@ -54,6 +57,8 @@ EOSUDO
 }
 
 schroot_delete_configs() {
+    (flock -x 9
+    set -e
     sudo -s <<'EOSUDO'
         set -e
         if [ -d "${SBUILD_CONF_DIR}" ]; then
@@ -63,6 +68,7 @@ schroot_delete_configs() {
         echo "Removing ${SCHROOT_CONF_FILE}"
         rm -f "${SCHROOT_CONF_FILE}"
 EOSUDO
+    ) 9>"${SCHROOT_LOCKFILE}"
 }
 
 sbuild_add_env_filter() {
diff --git a/scripts/schroot b/scripts/schroot
new file mode 100755
index 00000000..f5320a6a
--- /dev/null
+++ b/scripts/schroot
@@ -0,0 +1,43 @@
+#!/bin/bash
+#
+# This software is a part of ISAR.
+# Copyright (C) 2024 ilbers GmbH
+#
+# SPDX-License-Identifier: MIT
+
+set -e
+
+# Save command line
+OPTS=("$@")
+
+# Analyze used flags
+while [ $# -gt 0 ]
+do
+    key="$1"
+
+    case $key in
+    -b|--begin-session)
+        BEGIN="1"
+        ;;
+    -r|--run-session)
+        RUN="1"
+        ;;
+    -e|--end-session)
+        END="1"
+        ;;
+    esac
+
+    shift
+done
+
+# Use exclusive lock for configs rm, shared for any other calls
+TYPE="-s"
+if [ "$END" == "1" ]; then
+    TYPE="-x"
+fi
+
+# A place for lock available for all the users
+LOCKDIR="/tmp"
+
+# Run schroot protected with lock
+flock $TYPE $LOCKDIR/schroot.lock /usr/bin/schroot "${OPTS[@]}"
-- 
2.34.1

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20241220082959.3123651-2-amikan%40ilbers.de.