|author||Joey Hess||2018-05-03 12:25:25 -0400|
|committer||Joey Hess||2018-05-03 12:25:25 -0400|
Update shim each time propellor is run in a container, to deal with library version changes.
Surprised this didn't come up before, since propellor was run against progressively old versions of libraries when propelling eg, a chroot. It finally broke on an arm box, where libm got updated to a new version and propellor used a symbol from the new version. The comment says that propellor may be running from an existing shim in which case it's reused. That could be a nested chroot or other container, or perhaps propellor was deployed via a precompiled tarball which is built using a shim. The code used to use "checkAlreadyShimmed shim" which I don't see how it deals with either of those scenarios. Changed to "checkAlreadyShimmed propellorbin", which I think will deal with them, but I've not tested such scenarios. Added code to delete old versions of libraries out of the shim directory to avoid masses of old ones piling up over time. Property.Chroot sets up the shim directory and then bind mounts it into the chroot. To avoid deleting the source of a bind mount, made this only delete files in the shim directory, but not the shim directory itself.
Diffstat (limited to 'src/Propellor')
2 files changed, 9 insertions, 5 deletions
diff --git a/src/Propellor/Property/Chroot.hs b/src/Propellor/Property/Chroot.hs
index 0dd1f05a..5d29538c 100644
@@ -169,10 +169,7 @@ propellChroot :: Chroot -> ([String] -> IO (CreateProcess, IO ())) -> Bool -> Pr
propellChroot c@(Chroot loc _ _ _) mkproc systemdonly = property (chrootDesc c "provisioned") $ do
let d = localdir </> shimdir c
let me = localdir </> "propellor"
- shim <- liftIO $ ifM (doesDirectoryExist d)
- ( pure (Shim.file me d)
- , Shim.setup me Nothing d
+ shim <- liftIO $ Shim.setup me Nothing d
ifM (liftIO $ bindmount shim)
( chainprovision shim
, return FailedChange
diff --git a/src/Propellor/Shim.hs b/src/Propellor/Shim.hs
index 811ae7f0..b8ebdf46 100644
@@ -16,12 +16,19 @@ import System.Posix.Files
-- | Sets up a shimmed version of the program, in a directory, and
-- returns its path.
+-- If the shim was already set up, it's refreshed, in case newer
+-- versions of libraries are needed.
-- Propellor may be running from an existing shim, in which case it's
-- simply reused.
setup :: FilePath -> Maybe FilePath -> FilePath -> IO FilePath
-setup propellorbin propellorbinpath dest = checkAlreadyShimmed shim $ do
+setup propellorbin propellorbinpath dest = checkAlreadyShimmed propellorbin $ do
createDirectoryIfMissing True dest
+ -- Remove all old libraries inside dest, but do not delete the
+ -- directory itself, since it may be bind-mounted inside a chroot.
+ mapM_ nukeFile =<< dirContentsRecursive dest
libs <- parseLdd <$> readProcess "ldd" [propellorbin]
glibclibs <- glibcLibs
let libs' = nub $ libs ++ glibclibs