dpkg frontend locking

Bug #1796081 reported by Julian Andres Klode on 2018-10-04
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
dpkg (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

[Impact]
Frontends of dpkg such as apt and programs using the apt libraries currently acquire the dpkg "lock" lock file. They need to release it before running dpkg, as dpkg also acquires it. Therefore, there is a race condition: In case the application needs to run dpkg multiple times, another application could steal the lock from under it, and the running application would fail in the middle of the install, potentially rendering the system broken.

This fixes the problem by introducing an additional "lock-frontend" file that frontends do not release when calling dpkg. When dpkg is not called by a frontend using that file, it will try to acquire the frontend lock as well, preventing it from interfering with such frontends.

[Test case]
1. Hold lock, check that dpkg fails to run
2. Hold frontend lock, check that dpkg fails to run
3. Hold frontend lock, run dpkg with DPKG_FRONTEND_LOCKED set, it should succeed

[Regression potential]
This is an isolated change adding a new lock file. Therefore, regressions can only be expected in the form of that locking failing.

[Other info]
This is part of a wider series of SRUs for frontend locking

- dpkg (bug 1796081)
- apt (bug 1781169)
- python-apt (bug 1795407)
- packagekit (bug 1795614)
- unattended-upgrades (bug 1789637)
- aptdaemon (no bug filed yet)

Further details about frontend locking can be found in https://lists.debian.org/debian-dpkg/2017/01/msg00044.html

description: updated
Changed in dpkg (Ubuntu Cosmic):
status: New → Fix Released
Changed in dpkg (Ubuntu Bionic):
status: New → Triaged
Changed in dpkg (Ubuntu Xenial):
status: New → Triaged
tags: added: id-5bae2d332620381fc09f9f9c
Changed in dpkg (Ubuntu Bionic):
status: Triaged → In Progress
Changed in dpkg (Ubuntu Xenial):
status: Triaged → In Progress
description: updated

Hello Julian, or anyone else affected,

Accepted dpkg into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dpkg/1.18.4ubuntu1.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in dpkg (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-xenial
Changed in dpkg (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed-bionic
Brian Murray (brian-murray) wrote :

Hello Julian, or anyone else affected,

Accepted dpkg into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dpkg/1.19.0.5ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Julian Andres Klode (juliank) wrote :

Before:

1. with /var/lib/dpkg/lock locked:
   dpkg: error: dpkg status database is locked by another process
2. with lock-frontend locked (not yet recognized):
   dpkg: error: --install needs at least one package archive file argument
3. same as 2

after upgrade to 1.18.4ubuntu1.5:

1.
root@xxx:~# dpkg -i /var/cache/apt/archives/dpkg_1.18.4ubuntu1.5_amd64.deb
dpkg: error: dpkg status database is locked by another process

2.
root@xxx:~# dpkg -i /var/cache/apt/archives/dpkg_1.18.4ubuntu1.5_amd64.deb
dpkg: error: dpkg frontend is locked by another process

3.
root@xxx:~# DPKG_FRONTEND_LOCKED=1 dpkg -i /var/cache/apt/archives/dpkg_1.18.4ubuntu1.5_amd64.deb
(Reading database ... 25800 files and directories currently installed.)
Preparing to unpack .../dpkg_1.18.4ubuntu1.5_amd64.deb ...
Unpacking dpkg (1.18.4ubuntu1.5) over (1.18.4ubuntu1.5) ...
Setting up dpkg (1.18.4ubuntu1.5) ...
Processing triggers for man-db (2.7.5-1) ...

=> Verified.

tags: added: verification-done-xenial
removed: verification-needed-xenial
Julian Andres Klode (juliank) wrote :

Same with bionic (1.19.0.5ubuntu2.1)

1. lock locked:
root@bbb:~# dpkg -i /var/cache/apt/archives/dpkg_1.19.0.5ubuntu2.1_amd64.deb
dpkg: error: dpkg status database is locked by another process

2. Frontend locked
root@bbb:~# dpkg -i /var/cache/apt/archives/dpkg_1.19.0.5ubuntu2.1_amd64.deb
dpkg: error: dpkg frontend is locked by another process

3. Frontend locked, but overriden by env:

root@bbb:~# DPKG_FRONTEND_LOCKED=1 dpkg -i /var/cache/apt/archives/dpkg_1.19.0.5ubuntu2.1_amd64.deb
(Reading database ... 28496 files and directories currently installed.)
Preparing to unpack .../dpkg_1.19.0.5ubuntu2.1_amd64.deb ...
Unpacking dpkg (1.19.0.5ubuntu2.1) over (1.19.0.5ubuntu2.1) ...
Setting up dpkg (1.19.0.5ubuntu2.1) ...
Processing triggers for man-db (2.8.3-2) ...

=> verified

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Julian Andres Klode (juliank) wrote :

I have confirmed that the autopkgtest regressions in xenial are not actual regressions from that upload, but in release. (bionic next)

Julian Andres Klode (juliank) wrote :

Same in bionic. In both cases, not all errors are exactly regressions in release, but some (sbuild, pbuilder) fail because they want to do stuff with devel, but there is no devel yet:

Please check for an update for distro-info-data. See /usr/share/doc/distro-info-data/README.Debian for details.

The verification of the Stable Release Update for dpkg has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dpkg - 1.18.4ubuntu1.5

---------------
dpkg (1.18.4ubuntu1.5) xenial; urgency=medium

  * Apply patch from upstream to add frontend locking (LP: #1796081):
    - Add support for frontend locking. This makes it possible for frontends
      using this new protocol, to safely lock the dpkg database w/o risk of
      race conditions with other dpkg instances or frontends supporting the
      same protocol.

 -- Julian Andres Klode <email address hidden> Thu, 04 Oct 2018 14:21:49 +0200

Changed in dpkg (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dpkg - 1.19.0.5ubuntu2.1

---------------
dpkg (1.19.0.5ubuntu2.1) bionic; urgency=medium

  * Apply patch from upstream to add frontend locking (LP: #1796081):
    - Add support for frontend locking. This makes it possible for frontends
      using this new protocol, to safely lock the dpkg database w/o risk of
      race conditions with other dpkg instances or frontends supporting the
      same protocol.

 -- Julian Andres Klode <email address hidden> Thu, 04 Oct 2018 14:21:49 +0200

Changed in dpkg (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers