summaryrefslogtreecommitdiff
path: root/test/pacman/tests/ignore001.py
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-11-15 22:16:42 -0600
committerDan McGee <dan@archlinux.org>2011-11-20 21:36:30 -0600
commit80868b0da696d16c2fdc527cdb6f7fa2c0973044 (patch)
treea1f184161c3e9e112d87c4de6713d0049882793c /test/pacman/tests/ignore001.py
parent6a9ed330551e585ce887a2bb53fb022b1c92da31 (diff)
repo-add: ensure database and signature files are always viewed in whole
This addresses a short but sweet race condition currently existing in repo-add and repo-remove. We do the smart thing and zip the database to a location in a temporary directory and not over the original database directly. However, we then proceed to move this file directly from the temporary directory to our final location, which is more than likely a cross-filesystem move (/tmp on tmpfs) and thus non-atomic. Instead, zip the file to the same directory, prefixing the filename with '.tmp.'. We then move the file into place. This move is guaranteed to be atomic, so any reader of the database file will get either the old version, the new version, or ENOENT. We also perform a hardlink if possible instead of a move when shifting the old database out of the way to '.old'; this ensures there is no chance of a database file not existing during the whole process. Only one small race condition should now be present- when the database has been fully moved into place and the signature has not, you may see a mismatch. There seems to be no good way to address this, and it existed before this patch. A final note- if someone had locked-down permissions on the directory that the database files are in (e.g., could only write to foo.db.tar.gz, foo.db, foo.db.tar.gz.old, foo.db.old, and the lock file), this would break. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'test/pacman/tests/ignore001.py')
0 files changed, 0 insertions, 0 deletions