From 767d64b86f37f5313d257b28b5fdf93159b62ffa Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 2 May 2018 17:08:34 -0400 Subject: changelog --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 9308a7bb..4d077d35 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ propellor (5.3.6) UNRELEASED; urgency=medium oldstable), to avoid needing to depend on the semigroups transitional package, but also because it's just too old to be worth supporting. * stack.yaml: Updated to lts-9.21. + * Make Schroot.overlaysInTmpfs revertable + Thanks, Sean Whitton -- Joey Hess Mon, 23 Apr 2018 13:12:25 -0400 -- cgit v1.2.3 From 94653981cab8a9e0640a8ce3eee54a186479c1e5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 3 May 2018 12:25:25 -0400 Subject: Update shim each time propellor is run in a container, to deal with library version changes. Surprised this didn't come up before, since propellor was run against progressively old versions of libraries when propelling eg, a chroot. It finally broke on an arm box, where libm got updated to a new version and propellor used a symbol from the new version. The comment says that propellor may be running from an existing shim in which case it's reused. That could be a nested chroot or other container, or perhaps propellor was deployed via a precompiled tarball which is built using a shim. The code used to use "checkAlreadyShimmed shim" which I don't see how it deals with either of those scenarios. Changed to "checkAlreadyShimmed propellorbin", which I think will deal with them, but I've not tested such scenarios. Added code to delete old versions of libraries out of the shim directory to avoid masses of old ones piling up over time. Property.Chroot sets up the shim directory and then bind mounts it into the chroot. To avoid deleting the source of a bind mount, made this only delete files in the shim directory, but not the shim directory itself. --- debian/changelog | 2 ++ src/Propellor/Property/Chroot.hs | 5 +---- src/Propellor/Shim.hs | 9 ++++++++- 3 files changed, 11 insertions(+), 5 deletions(-) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 4d077d35..39fd6cba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,8 @@ propellor (5.3.6) UNRELEASED; urgency=medium * stack.yaml: Updated to lts-9.21. * Make Schroot.overlaysInTmpfs revertable Thanks, Sean Whitton + * Update shim each time propellor is run in a container, to deal with + library version changes. -- Joey Hess Mon, 23 Apr 2018 13:12:25 -0400 diff --git a/src/Propellor/Property/Chroot.hs b/src/Propellor/Property/Chroot.hs index 0dd1f05a..5d29538c 100644 --- a/src/Propellor/Property/Chroot.hs +++ b/src/Propellor/Property/Chroot.hs @@ -169,10 +169,7 @@ propellChroot :: Chroot -> ([String] -> IO (CreateProcess, IO ())) -> Bool -> Pr propellChroot c@(Chroot loc _ _ _) mkproc systemdonly = property (chrootDesc c "provisioned") $ do let d = localdir shimdir c let me = localdir "propellor" - shim <- liftIO $ ifM (doesDirectoryExist d) - ( pure (Shim.file me d) - , Shim.setup me Nothing d - ) + shim <- liftIO $ Shim.setup me Nothing d ifM (liftIO $ bindmount shim) ( chainprovision shim , return FailedChange diff --git a/src/Propellor/Shim.hs b/src/Propellor/Shim.hs index 811ae7f0..b8ebdf46 100644 --- a/src/Propellor/Shim.hs +++ b/src/Propellor/Shim.hs @@ -16,12 +16,19 @@ import System.Posix.Files -- | Sets up a shimmed version of the program, in a directory, and -- returns its path. -- +-- If the shim was already set up, it's refreshed, in case newer +-- versions of libraries are needed. +-- -- Propellor may be running from an existing shim, in which case it's -- simply reused. setup :: FilePath -> Maybe FilePath -> FilePath -> IO FilePath -setup propellorbin propellorbinpath dest = checkAlreadyShimmed shim $ do +setup propellorbin propellorbinpath dest = checkAlreadyShimmed propellorbin $ do createDirectoryIfMissing True dest + -- Remove all old libraries inside dest, but do not delete the + -- directory itself, since it may be bind-mounted inside a chroot. + mapM_ nukeFile =<< dirContentsRecursive dest + libs <- parseLdd <$> readProcess "ldd" [propellorbin] glibclibs <- glibcLibs let libs' = nub $ libs ++ glibclibs -- cgit v1.2.3