diff options
author | Julian Andres Klode <jak@debian.org> | 2017-01-29 13:05:18 +0100 |
---|---|---|
committer | Julian Andres Klode <julian.klode@canonical.com> | 2018-09-28 13:25:32 +0200 |
commit | 8a9a2147bc4346c7e3da8a08719b8f2686d65887 (patch) | |
tree | f886d60b1e6e1c171d0274d9f9e333e20c53d3ec | |
parent | 8e28398f3bc9cc9e8c5a038ef26823fc41dc5910 (diff) |
Add support for dpkg frontend lock
The dpkg frontend lock is a lock dpkg tries to acquire
except if the frontend already acquires it.
This fixes a race condition in the install command where the
dpkg lock is not held for a short period of time between
different dpkg invocations.
For this reason we also define an environment variable
DPKG_FRONTEND_LOCKED for dpkg invocations so dpkg knows
not to try to acquire the frontend lock because it's held
by a parent process.
We can set DPKG_FRONTEND_LOCKED only if the frontend lock
really is held; that is, if our lock count is greater than 0
- otherwise an apt client not using the LockInner family of
functions would run dpkg without the frontend lock set, but
with DPKG_FRONTEND_LOCKED set. Such a process has a weaker
guarantee: Because dpkg would not lock the frontend lock
either, the process is prone to the existing races, and,
more importantly, so is a new style process.
Closes: #869546
[fixups: fix error messages, add public IsLocked() method, and
make {Un,}LockInner return an error on !debSystem]
(cherry picked from commit c2c8b4787b0882234ba2772ec7513afbf97b563a)
LP: #1781169
(cherry picked from commit 6c0c94ed32b8e679b14b0f89b51c1c336dc0ab9c)
-rw-r--r-- | apt-pkg/deb/debsystem.cc | 55 | ||||
-rw-r--r-- | apt-pkg/deb/debsystem.h | 4 | ||||
-rw-r--r-- | apt-pkg/deb/dpkgpm.cc | 5 | ||||
-rw-r--r-- | apt-pkg/pkgsystem.cc | 25 | ||||
-rw-r--r-- | apt-pkg/pkgsystem.h | 12 | ||||
-rw-r--r-- | apt-private/private-install.cc | 6 |
6 files changed, 97 insertions, 10 deletions
diff --git a/apt-pkg/deb/debsystem.cc b/apt-pkg/deb/debsystem.cc index 7118b534b..c087d6914 100644 --- a/apt-pkg/deb/debsystem.cc +++ b/apt-pkg/deb/debsystem.cc @@ -46,10 +46,11 @@ debSystem debSys; class APT_HIDDEN debSystemPrivate { public: - debSystemPrivate() : LockFD(-1), LockCount(0), StatusFile(0) + debSystemPrivate() : FrontendLockFD(-1), LockFD(-1), LockCount(0), StatusFile(0) { } // For locking support + int FrontendLockFD; int LockFD; unsigned LockCount; @@ -86,22 +87,30 @@ bool debSystem::Lock() } // Create the lockfile - string AdminDir = flNotFile(_config->Find("Dir::State::status")); - d->LockFD = GetLock(AdminDir + "lock"); - if (d->LockFD == -1) + string AdminDir = flNotFile(_config->FindFile("Dir::State::status")); + string FrontendLockFile = AdminDir + "lock-frontend"; + d->FrontendLockFD = GetLock(FrontendLockFile); + if (d->FrontendLockFD == -1) { if (errno == EACCES || errno == EAGAIN) - return _error->Error(_("Unable to lock the administration directory (%s), " - "is another process using it?"),AdminDir.c_str()); + return _error->Error(_("Unable to acquire the dpkg frontend lock (%s), " + "is another process using it?"),FrontendLockFile.c_str()); else - return _error->Error(_("Unable to lock the administration directory (%s), " - "are you root?"),AdminDir.c_str()); + return _error->Error(_("Unable to acquire the dpkg frontend lock (%s), " + "are you root?"),FrontendLockFile.c_str()); + } + if (LockInner() == false) + { + close(d->FrontendLockFD); + return false; } // See if we need to abort with a dirty journal if (CheckUpdates() == true) { close(d->LockFD); + close(d->FrontendLockFD); + d->FrontendLockFD = -1; d->LockFD = -1; const char *cmd; if (getenv("SUDO_USER") != NULL) @@ -118,6 +127,21 @@ bool debSystem::Lock() return true; } + +bool debSystem::LockInner() { + string AdminDir = flNotFile(_config->FindFile("Dir::State::status")); + d->LockFD = GetLock(AdminDir + "lock"); + if (d->LockFD == -1) + { + if (errno == EACCES || errno == EAGAIN) + return _error->Error(_("Unable to lock the administration directory (%s), " + "is another process using it?"),AdminDir.c_str()); + else + return _error->Error(_("Unable to lock the administration directory (%s), " + "are you root?"),AdminDir.c_str()); + } + return true; +} /*}}}*/ // System::UnLock - Drop a lock /*{{{*/ // --------------------------------------------------------------------- @@ -131,12 +155,27 @@ bool debSystem::UnLock(bool NoErrors) return _error->Error(_("Not locked")); if (--d->LockCount == 0) { + close(d->FrontendLockFD); close(d->LockFD); d->LockCount = 0; } return true; } +bool debSystem::UnLockInner(bool NoErrors) { + (void) NoErrors; + close(d->LockFD); + return true; +} + /*}}}*/ +// System::IsLocked - Check if system is locked /*{{{*/ +// --------------------------------------------------------------------- +/* This checks if the frontend lock is hold. The inner lock might be + * released. */ +bool debSystem::IsLocked() +{ + return d->LockCount > 0; +} /*}}}*/ // System::CheckUpdates - Check if the updates dir is dirty /*{{{*/ // --------------------------------------------------------------------- diff --git a/apt-pkg/deb/debsystem.h b/apt-pkg/deb/debsystem.h index 5185c92d8..2eb22a40f 100644 --- a/apt-pkg/deb/debsystem.h +++ b/apt-pkg/deb/debsystem.h @@ -52,6 +52,10 @@ class debSystem : public pkgSystem APT_HIDDEN static pid_t ExecDpkg(std::vector<std::string> const &sArgs, int * const inputFd, int * const outputFd, bool const DiscardOutput); APT_HIDDEN static bool SupportsMultiArch(); APT_HIDDEN static std::vector<std::string> SupportedArchitectures(); + + APT_HIDDEN bool LockInner(); + APT_HIDDEN bool UnLockInner(bool NoErrors=false); + APT_HIDDEN bool IsLocked(); }; extern debSystem debSys; diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc index 533d9b367..37452f3d3 100644 --- a/apt-pkg/deb/dpkgpm.cc +++ b/apt-pkg/deb/dpkgpm.cc @@ -1521,6 +1521,11 @@ bool pkgDPkgPM::Go(APT::Progress::PackageManager *progress) _exit(100); } + if (dynamic_cast<debSystem*>(_system) != nullptr + && dynamic_cast<debSystem*>(_system)->IsLocked() == true) { + setenv("DPKG_FRONTEND_LOCKED", "true", 1); + } + execvp(Args[0], (char**) &Args[0]); cerr << "Could not exec dpkg!" << endl; _exit(100); diff --git a/apt-pkg/pkgsystem.cc b/apt-pkg/pkgsystem.cc index 530150221..99d104310 100644 --- a/apt-pkg/pkgsystem.cc +++ b/apt-pkg/pkgsystem.cc @@ -13,6 +13,7 @@ #include<config.h> #include <apt-pkg/debsystem.h> +#include <apt-pkg/error.h> #include <apt-pkg/pkgsystem.h> #include <apt-pkg/macros.h> @@ -64,4 +65,28 @@ std::vector<std::string> pkgSystem::ArchitecturesSupported() const /*{{{*/ } /*}}}*/ +bool pkgSystem::LockInner() /*{{{*/ +{ + debSystem * const deb = dynamic_cast<debSystem *>(this); + if (deb != NULL) + return deb->LockInner(); + return _error->Error("LockInner is not implemented"); +} + /*}}}*/ +bool pkgSystem::UnLockInner(bool NoErrors) /*{{{*/ +{ + debSystem * const deb = dynamic_cast<debSystem *>(this); + if (deb != NULL) + return deb->UnLockInner(NoErrors); + return _error->Error("UnLockInner is not implemented"); +} + /*}}}*/ +bool pkgSystem::IsLocked() /*{{{*/ +{ + debSystem * const deb = dynamic_cast<debSystem *>(this); + if (deb != NULL) + return deb->IsLocked(); + return true; +} + /*}}}*/ pkgSystem::~pkgSystem() {} diff --git a/apt-pkg/pkgsystem.h b/apt-pkg/pkgsystem.h index 55bdeec70..8c7c300fb 100644 --- a/apt-pkg/pkgsystem.h +++ b/apt-pkg/pkgsystem.h @@ -116,6 +116,18 @@ class pkgSystem pkgSystem(char const * const Label, pkgVersioningSystem * const VS); virtual ~pkgSystem(); + + + /* companions to Lock()/UnLock + * + * These functions can be called prior to calling dpkg to release an inner + * lock without releasing the overall outer lock, so that dpkg can run + * correctly but no other APT instance can acquire the system lock. + */ + bool LockInner(); + bool UnLockInner(bool NoErrors = false); + /// checks if the system is currently locked + bool IsLocked(); private: void * const d; }; diff --git a/apt-private/private-install.cc b/apt-private/private-install.cc index 0377955ae..356d1cd36 100644 --- a/apt-private/private-install.cc +++ b/apt-private/private-install.cc @@ -346,7 +346,7 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool Safety) return _error->Error(_("Aborting install.")); } - _system->UnLock(); + _system->UnLockInner(); APT::Progress::PackageManager *progress = APT::Progress::PackageManagerProgressFactory(); pkgPackageManager::OrderResult Res = PM->DoInstall(progress); @@ -356,7 +356,9 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool Safety) return false; if (Res == pkgPackageManager::Completed) break; - + + _system->LockInner(); + // Reload the fetcher object and loop again for media swapping Fetcher.Shutdown(); if (PM->GetArchives(&Fetcher,List,&Recs) == false) |