buildah icon indicating copy to clipboard operation
buildah copied to clipboard

Published 20 hours ago verified publisher icon containers

Fix conflict on heredoc temp files

Open kmichel-aiven opened this issue 1 year ago • 3 comments
trafficstars

What type of PR is this?

/kind bug

What this PR does / why we need it:

If two image builds start concurrently and they both use an heredoc with the same EOF marker, then they will use the same filename and overwrite each other.

It's possible for concurrent builds to either use the wrong heredoc content or to fail because the file of one build is deleted by the other, leading to this error message:

STEP 13/21: COPY <<EOF /file.conf

Error: building at STEP "COPY <<EOF /file.conf": reading "/var/tmp/EOF": copier: get: globs [/EOF] matched nothing (0 filtered out): no such file or directory

How to verify it

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

kmichel-aiven avatar Sep 05 '24 06:09 kmichel-aiven

I would like to add tests but I'm not familiar with the project, what would be the best place to add these ?

(I've tried adding to bud.bats but run_buildah doesn't seem ready to test concurrent operations.)

kmichel-aiven avatar Sep 05 '24 07:09 kmichel-aiven

A friendly reminder that this PR had no activity for 30 days.

github-actions[bot] avatar Oct 06 '24 00:10 github-actions[bot]

@edsantiago thoughts on tests ?

TomSweeneyRedHat avatar Nov 01 '24 21:11 TomSweeneyRedHat

I see no reason for tests. However, @kmichel-aiven , could you please clean up your git commit, and rebase?

edsantiago avatar Nov 04 '24 17:11 edsantiago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kmichel-aiven Once this PR has been reviewed and has the lgtm label, please assign tomsweeneyredhat for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Nov 04 '24 23:11 openshift-ci[bot]

@flouthoc if you get a minute to look at this one, I'd appreciate it.

TomSweeneyRedHat avatar Nov 20 '24 22:11 TomSweeneyRedHat

This isn't going to work as intended when the destination for a COPY with a heredoc is a directory - the destination file's name should be the same as the delimiter, and os.CreateTemp() will create a file with a name that has a suffix added to ensure that it's unique. If it used os.MkdirTemp(), and placed the file in the resulting directory (deferring removal of the directory as well as the file), I think it would work as intended. ~The "bud build with heredoc content" integration test should suffice to catch that, so I'll add the no-new-tests-needed label so that it can be run.~

nalind avatar Nov 21 '24 21:11 nalind

This isn't going to work as intended when the destination for a COPY with a heredoc is a directory - the destination file's name should be the same as the delimiter, and os.CreateTemp() will create a file with a name that has a suffix added to ensure that it's unique. If it used os.MkdirTemp(), and placed the file in the resulting directory (deferring removal of the directory as well as the file), I think it would work as intended. ~The "bud build with heredoc content" integration test should suffice to catch that, so I'll add the no-new-tests-needed label so that it can be run.~

@kmichel-aiven Could you please do the changes as suggested above. So we can move ahead with this PR.

flouthoc avatar Jan 14 '25 22:01 flouthoc

A friendly reminder that this PR had no activity for 30 days.

github-actions[bot] avatar Feb 14 '25 00:02 github-actions[bot]

Obsoleted by https://github.com/containers/buildah/pull/5959, closing.

nalind avatar Mar 26 '25 14:03 nalind