requires root privileges and touches /var during build

[baude]

Fixes issue #963

#963

[baude]

bot, retest this please

[baude]

bot, retest this please

[rhatdan]

Tests still failing?

[rhatdan]

LGTM if you fix tests failing.

[baude]

bot, retest this please

[cgwalters]

I don't understand why we create an empty file explicitly. It's not valid JSON. Why not simply have "absence of file" = empty? Basically we don't explicitly write it when we're just opening for read.

[jlebon]

Won't this leak though? Don't we want to close() in release_lock()?

[jlebon]

Here too.

[jlebon]

This is already caught by _read_install_data, no? So you should already be getting {} back in that case.

[jlebon]

Does this need to be a function? Seems like we can just merge it into _read_install_data() so that you can just use context managers there to open and close, e.g.:

try:
  with open(ATOMIC_INSTALL_JSON, 'r') as f:
    return json.load(f)
except IOError as e:
  if e.errno == errno.ENOENT:
    return {}
  raise e

?

[cgwalters]

Agree with this, except I think for backcompat with the previous "empty file" model we should make it something like:

try:
  with open(ATOMIC_INSTALL_JSON, 'r') as f:
    if os.fstat(f.fileno).st_size == 0:
      return {}
    return json.load(f)
except IOError as e:
  if e.errno == errno.ENOENT:
    return {}
  raise e

[cgwalters]

I went ahead and patched things up as above - there were more fixes required in the decorator, and I didn't run any tests other than simply doing as non-root:

$ python setup.py build

We clearly need to tweak the redhat-ci default build process to be more mock-like.

[jlebon]

Won't this lock be released when f is closed though?
Just tried this out:

with open("lockfile", "r") as f:
    fcntl.flock(f, fcntl.LOCK_EX | fcntl.LOCK_NB)
with open("lockfile", "r") as f:
    fcntl.flock(f, fcntl.LOCK_EX | fcntl.LOCK_NB)

which works without issue. Whereas

f = open("lockfile", "r")
fcntl.flock(f, fcntl.LOCK_EX | fcntl.LOCK_NB)

g = open("lockfile", "r")
fcntl.flock(g, fcntl.LOCK_EX | fcntl.LOCK_NB)

throws a BlockingIOError as expected.

[cgwalters]

OK, let's try making it a context manager. There is also https://pypi.python.org/pypi/flockcontext ...dunno about adding the dep.

[cgwalters]

OK, this passes the tests now.

[jlebon]

Can we yield the file handle here, so that... (continued in next comment)

[jlebon]

here, we can do the whole read, update, write under lock?

[jlebon]

Wait, this won't take effect, right? The write methods (both old and new) are merging entries, so can deletes actually occur?

[cgwalters]

Probably, but that's not a regression from this patch.

I could think of many more things to do to improve this, not least of which is moving it to its own file with documentation, and such...but can we do that kind of thing in a separate PR?

I'd really like to get FAHC going again.

(And really, do we even really need this InstallData thing? Can't we (for system containers) use the ostree commit metadata?)

[jlebon]

Seems like this line and the rest below are supposed to be unindented by one level?

[cgwalters]

Hah, yes.

[cgwalters]

Pushed a fixup for that ⬇️

[cgwalters]

As far as I can tell right now, the only place that reads (not writes) InstallData right now is:

        if iobject.get_label('INSTALL') and not args.ignore and not util.InstallData.image_installed(iobject):

And that's just for a warning. How about we just delete this code? I'd like to deprecate the INSTALL label anyways in favor of the system container approach.

[rhatdan]

I am fine with moving that way.

[baude]

@rhatdan you are in favor not honoring the INSTALL label? What's going to happen to all the images already out there?

[rhatdan]

I am fine with de-emphasizing it, not removing it.

[cgwalters]

#969

[cgwalters]

A good chunk of the INSTALL use cases should be system containers. The rest I think are more in the system extensions case - and there the underlying data store tracking content is RPM. So in neither case do we need our own data store. Right?

[baude]

so the current RHEL rsyslog container is not a use case? same with the openscap image? We have spent years trying to get people to use labels. Maybe I am missing something.

[cgwalters]

Yeah, we need to make the rsyslog container a system container.

[rhatdan]

I think we will need to continue to support INSTALL Labels but we really want to move most cases where an app is dropping content on the host to use something like system containers. INSTALL Labels begin to fall apart when you don't require docker.

[cgwalters]

INSTALL also forces the container author to own problems like SELinux labeling, handling any conflicts with files they're trying to install. And the existence of the UNINSTALL label gets into deep issues around things like "what happens if I pull a newer version of the container with a different UNINSTALL?

Basically INSTALL was a good start at having something but I think we're past the prototype stage and need to have a more rigorous model. Basically, rigorous = using RPM to track installed files and handle config files in /etc. That way one centralized place is also taking care of SELinux labeling as well. We already have a database for content installed on the host - RPM.

[cgwalters]

There were things blocking this before, like rpm-ostree not supporting local RPM installs, etc. that we've fixed now. Though to really complete that picture we need livefs which I'm working on.

[cgwalters]

Anyways I think this PR is in an OK state - it could be a lot better but I'd really like to just get FAHC going and revisit this in later PRs.

[baude]

LGTM

[rhatdan]

@rh-atomic-bot r+ 4e6de1f

[rh-atomic-bot]

🙀 4e6de1f is not a valid commit SHA. Please try again with 8d9f4db.

[rhatdan]

@rh-atomic-bot r+ 8d9f4db

[rh-atomic-bot]

⌛ Testing commit 8d9f4db with merge 12d674f...

[cgwalters]

Note CI is currently down projectatomic/papr#33

[rh-atomic-bot]

☀️ Test successful - status-redhatci
Approved by: rhatdan
Pushing 12d674f to master...