Page MenuHomeFreeBSD

etcupdate: Always extract to a temporary tree.
ClosedPublic

Authored by jhb on Apr 19 2021, 9:20 PM.
Tags
None
Referenced Files
F107124571: D29843.id87745.diff
Fri, Jan 10, 12:13 PM
Unknown Object (File)
Wed, Jan 8, 11:25 AM
Unknown Object (File)
Wed, Jan 8, 11:24 AM
Unknown Object (File)
Tue, Jan 7, 11:20 AM
Unknown Object (File)
Nov 21 2024, 6:35 AM
Unknown Object (File)
Nov 14 2024, 3:52 AM
Unknown Object (File)
Nov 4 2024, 7:51 PM
Unknown Object (File)
Nov 2 2024, 8:54 PM
Subscribers

Details

Summary

etcupdate has had a somewhat nasty race condition since its creation
in that its state machine can get very confused if it is interrupted
while building the tree to compare against. This is exacerbated by
the fact that etcupdate doesn't emit any output while building the
tree which can take several seconds (especially in recent years with
the addition of the tree-wide buildconfig/installconfig passes).

To mitigate this, always install a new tree into a temporary directory
created via mktemp as was previously done only for dry-runs via -n.
The existing trees are only rotated and the new tree installed as
/var/db/etcupdate/current after the update command has completed.

MFC after: 2 weeks

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 38695
Build 35584: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Apr 19 2021, 9:20 PM

I think this looks good...
However, one thought did occur to me: do we need a t"rap X rm -rf $newdir" for some value of X so the tree is removed when etcupdate is interrupted?

This revision is now accepted and ready to land.Apr 19 2021, 9:29 PM

Ah yes, please! This has been a pet peeve for a while...

In D29843#669799, @imp wrote:

I think this looks good...
However, one thought did occur to me: do we need a t"rap X rm -rf $newdir" for some value of X so the tree is removed when etcupdate is interrupted?

The callers of the various routines cleanup explicitly when it fails. There is a followup change to trap for SIGINT which fixes Ctrl-C to trigger the cleanups.

This revision was automatically updated to reflect the committed changes.