python-apt frontend locking
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-apt (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Add support to python-apt for frontend locking. This is a bit more complicated, and also requires some other restructuring:
(1) The archives lock was only taken for a short time, when it should have been kept for the duration of an installation, as otherwise debs could disappear from archives/ while the install is running.
(2) There was no lock handling at all. Tools essentially acquire the lock, and then release it before commit().
The fix is based on the apt fix, which makes apt_pkg.
Cache.commit() takes care of locking itself now. It releases the inner lock as needed for dpkg invocations. It also now requires apt_pkg.SystemLock to be hold - if it is not, it will acquire it itself.
[Test case]
1. Mark a package in the cache for install/removal and commit() - FE lock should be taken while dpkg is running.
2. Mark a package in the cache for install/removal and commit() while holding the lock. Releasing the lock afterwards should still work correctly, and the FE lock should never be released
3. Observe that the archive lock is not released until the last dpkg run
The locking behavior can be observed via strace.
[Regression potential]
The dpkg lock changed the most: Some lock counting might go wrong and programs might fail as a result. Any problems will be isolated, though - dpkg still acquires its locks, and if a lock miscount happens, apt would not tell dpkg to skip acquiring the frontend lock, so even if we were losing the lock anywhere, dpkg would still try to acquire it and not run unlocked.
The archive lock done by commit(
The lists/ lock is unaffected by the changes, so there should not be any regressions when it comes to updating index files.
[Other info (1)]
CI changes: There were some improvements to type hints for mypy needed to make type checks pass, and changes to the CI's Dockerfile to pull a new apt from the apt stable PPA (as a new enough apt is only in unapproved atm). Neither of those files are used anywhere outside of the package, so they should not cause any problems.
[Other info (2)]
This is part of a wider series of SRUs for frontend locking
- dpkg (bug 1796081)
- apt (bug 1781169)
- python-apt (bug 1795407)
- packagekit (bug 1795614)
- unattended-upgrades (bug 1789637)
- aptdaemon (no bug filed yet)
Further details about frontend locking can be found in https:/
- This SRU depends on the apt SRU above, and breaks unattended-upgrades in bionic without its SRU due to a bug in the u-u code in handling the new API.
- xenial depends on unattended-upgrades SRU
Changed in python-apt (Ubuntu): | |
status: | New → Fix Released |
Changed in python-apt (Ubuntu Xenial): | |
status: | New → Triaged |
Changed in python-apt (Ubuntu Bionic): | |
status: | New → Triaged |
description: | updated |
description: | updated |
Changed in python-apt (Ubuntu Xenial): | |
status: | Triaged → In Progress |
Changed in python-apt (Ubuntu Bionic): | |
status: | Triaged → In Progress |
tags: | added: id-5bae2d1cfc953731f10adda4 |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Hello Julian, or anyone else affected,
Accepted python-apt into bionic-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ python- apt/1.6. 3 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification- needed- bionic to verification- done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed- bionic. In either case, without details of your testing we will not be able to proceed.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance for helping!
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.