python-apt frontend locking

Bug #1795407 reported by Julian Andres Klode on 2018-10-01
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-apt (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned

Bug Description

[Impact]
Add support to python-apt for frontend locking. This is a bit more complicated, and also requires some other restructuring:

(1) The archives lock was only taken for a short time, when it should have been kept for the duration of an installation, as otherwise debs could disappear from archives/ while the install is running.

(2) There was no lock handling at all. Tools essentially acquire the lock, and then release it before commit().

The fix is based on the apt fix, which makes apt_pkg.SystemLock() manage both the frontend and the normal lock, and allows code to call apt_pkg.pkgsystem_unlock_inner() and apt_pkg.pkgsystem_lock_inner() around dpkg invocations to release the inner lock.

Cache.commit() takes care of locking itself now. It releases the inner lock as needed for dpkg invocations. It also now requires apt_pkg.SystemLock to be hold - if it is not, it will acquire it itself.

[Test case]
1. Mark a package in the cache for install/removal and commit() - FE lock should be taken while dpkg is running.
2. Mark a package in the cache for install/removal and commit() while holding the lock. Releasing the lock afterwards should still work correctly, and the FE lock should never be released
3. Observe that the archive lock is not released until the last dpkg run

The locking behavior can be observed via strace.

[Regression potential]
The dpkg lock changed the most: Some lock counting might go wrong and programs might fail as a result. Any problems will be isolated, though - dpkg still acquires its locks, and if a lock miscount happens, apt would not tell dpkg to skip acquiring the frontend lock, so even if we were losing the lock anywhere, dpkg would still try to acquire it and not run unlocked.

The archive lock done by commit()/fetch_archives() in apt.Cache() is now hold as long as the fetcher object exists though (as it uses the fetcher's get_lock method), which might cause unexpected behavior in apps not expecting that.

The lists/ lock is unaffected by the changes, so there should not be any regressions when it comes to updating index files.

[Other info (1)]
CI changes: There were some improvements to type hints for mypy needed to make type checks pass, and changes to the CI's Dockerfile to pull a new apt from the apt stable PPA (as a new enough apt is only in unapproved atm). Neither of those files are used anywhere outside of the package, so they should not cause any problems.

[Other info (2)]
This is part of a wider series of SRUs for frontend locking

- dpkg (bug 1796081)
- apt (bug 1781169)
- python-apt (bug 1795407)
- packagekit (bug 1795614)
- unattended-upgrades (bug 1789637)
- aptdaemon (no bug filed yet)

Further details about frontend locking can be found in https://lists.debian.org/debian-dpkg/2017/01/msg00044.html

- This SRU depends on the apt SRU above, and breaks unattended-upgrades in bionic without its SRU due to a bug in the u-u code in handling the new API.

Changed in python-apt (Ubuntu):
status: New → Fix Released
Changed in python-apt (Ubuntu Xenial):
status: New → Triaged
Changed in python-apt (Ubuntu Bionic):
status: New → Triaged
description: updated
description: updated
Changed in python-apt (Ubuntu Xenial):
status: Triaged → In Progress
Changed in python-apt (Ubuntu Bionic):
status: Triaged → In Progress

Hello Julian, or anyone else affected,

Accepted python-apt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-apt/1.6.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python-apt (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Łukasz Zemczak (sil2100) wrote :

Hello Julian, or anyone else affected,

Accepted python-apt into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-apt/1.1.0~beta1ubuntu0.16.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python-apt (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
tags: added: id-5bae2d1cfc953731f10adda4
description: updated
description: updated
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers