From 4b9ca5a62ef1e5ecc7d0cd74ac56311ec73a0f5c Mon Sep 17 00:00:00 2001
From: Holger Levsen <holger@layer-acht.org>
Date: Sun, 19 Oct 2014 00:27:04 +0200
Subject: reproducible: add locking for reproducible schroot creation (which
 happens daily)

---
 bin/reproducible_build.sh          |  19 ++++++
 bin/reproducible_common.sh         |   4 ++
 bin/reproducible_setup.sh          |  85 --------------------------
 bin/reproducible_setup_pbuilder.sh |  85 ++++++++++++++++++++++++++
 bin/reproducible_setup_schroot.sh  | 118 +++++++++++++++++++++++++++++++++++++
 5 files changed, 226 insertions(+), 85 deletions(-)
 delete mode 100755 bin/reproducible_setup.sh
 create mode 100755 bin/reproducible_setup_pbuilder.sh
 create mode 100755 bin/reproducible_setup_schroot.sh

(limited to 'bin')

diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh
index d9b558c3..4a7fc84b 100755
--- a/bin/reproducible_build.sh
+++ b/bin/reproducible_build.sh
@@ -134,10 +134,29 @@ else
 			LOGFILE=$(ls ${SRCPACKAGE}_${EVERSION}.dsc)
 			LOGFILE=$(echo ${LOGFILE%.dsc}.debbindiff.html)
 			BUILDINFO=${SRCPACKAGE}_${EVERSION}_amd64.buildinfo
+			# the schroot for debbindiff gets updated once a day. wait patiently if that's the case
+			if [ -f $DBDCHROOT_WRITELOCK ] || [ -f $DBDCHROOT_READLOCK ] ; then
+				for i in $(seq 0 100) ; do
+					sleep 15
+					echo "sleeping 15s, debbindiff schroot is locked."
+					if [ ! -f $DBDCHROOT_WRITELOCK ] && [ ! -f $DBDCHROOT_READLOCK ] ; then
+						break
+					fi
+				done
+				if [ -f $DBDCHROOT_WRITELOCK ] || [ -f $DBDCHROOT_READLOCK ]  ; then
+					echo "Warning: lock $DBDCHROOT_WRITELOCK or [ -f $DBDCHROOT_READLOCK ] still exists, exiting."
+					exit 1
+				fi
+			else
+				# we create (more) read-lock(s) but stop on write locks...
+				# write locks are only done by the schroot setup job
+				touch $DBDCHROOT_READLOCK
+			fi
 			( timeout 15m schroot --directory /tmp -c source:jenkins-reproducible-sid debbindiff -- --html $TMPDIR/${LOGFILE} $TMPDIR/b1/${SRCPACKAGE}_${EVERSION}_amd64.changes $TMPDIR/b2/${SRCPACKAGE}_${EVERSION}_amd64.changes ) 2>&1 >> ${RBUILDLOG}
 			RESULT=$?
 			set +x
 			set -e
+			rm -f $DBDCHROOT_READLOCK
 			echo | tee -a ${RBUILDLOG}
 			if [ $RESULT -eq 124 ] ; then
 				echo "$(date) - debbindiff was killed after running into timeouot... maybe there is still $JENKINS_URL/userContent/dbd/${LOGFILE}" | tee -a ${RBUILDLOG}
diff --git a/bin/reproducible_common.sh b/bin/reproducible_common.sh
index 775033c7..f00a4797 100755
--- a/bin/reproducible_common.sh
+++ b/bin/reproducible_common.sh
@@ -100,6 +100,10 @@ elif [ ! -f ${PACKAGES_DB} ] ; then
 EOF
 fi
 
+# common variables
+DBDCHROOT_READLOCK=/var/lib/jenkins/reproducible-dbdchroot.readlock
+DBDCHROOT_WRITELOCK=/var/lib/jenkins/reproducible-dbdchroot.writelock
+
 # shop trailing slash
 JENKINS_URL=${JENKINS_URL:0:-1}
 
diff --git a/bin/reproducible_setup.sh b/bin/reproducible_setup.sh
deleted file mode 100755
index 6075789f..00000000
--- a/bin/reproducible_setup.sh
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014 Holger Levsen <holger@layer-acht.org>
-# released under the GPLv=2
-
-. /srv/jenkins/bin/common-functions.sh
-common_init "$@"
-
-# common code defining db access
-. /srv/jenkins/bin/reproducible_common.sh
-
-set +x
-# blacklist some packages
-for PKG in linux cups zurl openclipart eigen3 xmds2 ; do
-	RESULT=$(sqlite3 -init $INIT $PACKAGES_DB " SELECT name FROM source_packages WHERE status = 'blacklisted' AND name = '$PKG'")
-	if [ "$RESULT" = "" ] ; then
-		set -x
-		sqlite3 -init $INIT $PACKAGES_DB "REPLACE into source_packages VALUES ('$PKG','0','blacklisted',date('now'))"
-		set +x
-	fi
-done
-
-#
-# create script to configure a pbuilder chroot
-#
-create_setup_tmpfile() {
-	cat > ${TMPFILE} <<- EOF
-#
-# this script is run within the pbuilder environment to further customize it
-#
-echo "-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.12 (GNU/Linux)
-
-mQINBFQsy/gBEADKGF55qQpXxpTn7E0Vvqho82/HFB/yT9N2wD8TkrejhJ1I6hfJ
-zFXD9fSi8WnNpLc6IjcaepuvvO4cpIQ8620lIuONQZU84sof8nAO0LDoMp/QdN3j
-VViXRXQtoUmTAzlOBNpyb8UctAoSzPVgO3jU1Ngr1LWi36hQPvQWSYPNmbsDkGVE
-unB0p8DCN88Yq4z2lDdlHgFIy0IDNixuRp/vBouuvKnpe9zyOkijV83Een0XSUsZ
-jmoksFzLzjChlS5fAL3FjtLO5XJGng46dibySWwYx2ragsrNUUSkqTTmU7bOVu9a
-zlnQNGR09kJRM77UoET5iSXXroK7xQ26UJkhorW2lXE5nQ97QqX7igWp2u0G74RB
-e6y3JqH9W8nV+BHuaCVmW0/j+V/l7T3XGAcbjZw1A4w5kj8YGzv3BpztXxqyHQsy
-piewXLTBn8dvgDqd1DLXI5gGxC3KGGZbC7v0rQlu2N6OWg2QRbcVKqlE5HeZxmGV
-vwGQs/vcChc3BuxJegw/bnP+y0Ys5tsVLw+kkxM5wbpqhWw+hgOlGHKpJLNpmBxn
-T+o84iUWTzpvHgHiw6ShJK50AxSbNzDWdbo7p6e0EPHG4Gj41bwO4zVzmQrFz//D
-txVBvoATTZYMLF5owdCO+rO6s/xuC3s04pk7GpmDmi/G51oiz7hIhxJyhQARAQAB
-tC5EZWJpYW4gUmVwcm9kdWNpYmxlIEJ1aWxkcyBBcmNoaXZlIFNpZ25pbmcgS2V5
-iQI9BBMBCAAnBQJULMv4AhsDBQkFo5qABQsJCAcDBRUKCQgLBRYDAgEAAh4BAheA
-AAoJEF23ymfqWaMfFsMP/3jthq65H9avuM469jHcugcd0C5b7/DS+cGQ5E4NQIGL
-6tGsqv5k6Nb0MoMMEAQSmWeXRkbYYxmEkrREMNg8tPlh4NiJimH3neNfI+8fGiHY
-89FH7QDrrzGfMF9oJQ9zjWZTOs3bjJ4AfS4fkQiQ6UfO7TeMyz5Cw7kz+rS1m1tu
-+RgHxD+6A+XxkIZnw5we1MH0SAFoq4j3boR8QkFUNMZsy97xWYON4QLpYwKCbiwL
-Q4y06YTw4A7lp+B2JKLc70yRcjbixeAFlZfbhmGITTNAl3j8+48hRLLkJ+s8eT1r
-DS1UkYi2xBSNa6TVtNxbDUwVTzzxDe+b8tW2BfC7TBOX2oq6e6ebRa+ghZFVLNY1
-3y+FilXGNMB7IvZ378idHYTNaiJuYXNkrd8UGunwK4NCWdZk05L9GdKeQ6DN380Y
-L4QkKpINXSKjneWV7IITMFhvRZCgOVAmoHaq6kaGsl/FwHBA9I8hHXuSyvke8UMP
-dmvR8ggv5wiY9NDjW55h7M+UIqEaoXws1algIKB/TWm4/RnQcrxoXBX16wyidzcv
-Mb0BawlXZui0MNUSnZtxHMxrjejdvZdqtskHl9srB1QThH0jasmUqbQPxCnxMbf1
-4LhIp6XlXJFF1btgfCexNmcPuqeOMMDQ+du6Hqj2Yl5GYo2McWvjpSgkt5VmQfIz
-=X8YA
------END PGP PUBLIC KEY BLOCK-----" | apt-key add -
-echo 'deb http://reproducible.alioth.debian.org/debian/ ./' > /etc/apt/sources.list.d/reproducible.list
-apt-get update
-apt-get install -y dpkg dpkg-dev debhelper dh-python discount
-echo
-dpkg -l
-echo
-for i in \$(dpkg -l |grep ^ii |awk -F' ' '{print \$2}'); do   apt-cache madison "\$i" | head -1 | grep reproducible.alioth.debian.org || true  ; done
-echo
-EOF
-}
-
-#
-# setup pbuilder for reproducible builds
-#
-setup_pbuilder() {
-	echo "$(date) - creating /var/cache/pbuilder/${1}.tgz now..."
-	TMPFILE=$(mktemp)
-	create_setup_tmpfile
-	sudo pbuilder --create --basetgz /var/cache/pbuilder/${1}-new.tgz --distribution sid
-	sudo pbuilder --execute --save-after-exec --basetgz /var/cache/pbuilder/${1}-new.tgz -- ${TMPFILE}
-	sudo mv /var/cache/pbuilder/${1}-new.tgz /var/cache/pbuilder/${1}.tgz
-	rm ${TMPFILE}
-	echo
-}
-
-setup_pbuilder base-reproducible
diff --git a/bin/reproducible_setup_pbuilder.sh b/bin/reproducible_setup_pbuilder.sh
new file mode 100755
index 00000000..6075789f
--- /dev/null
+++ b/bin/reproducible_setup_pbuilder.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+# Copyright 2014 Holger Levsen <holger@layer-acht.org>
+# released under the GPLv=2
+
+. /srv/jenkins/bin/common-functions.sh
+common_init "$@"
+
+# common code defining db access
+. /srv/jenkins/bin/reproducible_common.sh
+
+set +x
+# blacklist some packages
+for PKG in linux cups zurl openclipart eigen3 xmds2 ; do
+	RESULT=$(sqlite3 -init $INIT $PACKAGES_DB " SELECT name FROM source_packages WHERE status = 'blacklisted' AND name = '$PKG'")
+	if [ "$RESULT" = "" ] ; then
+		set -x
+		sqlite3 -init $INIT $PACKAGES_DB "REPLACE into source_packages VALUES ('$PKG','0','blacklisted',date('now'))"
+		set +x
+	fi
+done
+
+#
+# create script to configure a pbuilder chroot
+#
+create_setup_tmpfile() {
+	cat > ${TMPFILE} <<- EOF
+#
+# this script is run within the pbuilder environment to further customize it
+#
+echo "-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+mQINBFQsy/gBEADKGF55qQpXxpTn7E0Vvqho82/HFB/yT9N2wD8TkrejhJ1I6hfJ
+zFXD9fSi8WnNpLc6IjcaepuvvO4cpIQ8620lIuONQZU84sof8nAO0LDoMp/QdN3j
+VViXRXQtoUmTAzlOBNpyb8UctAoSzPVgO3jU1Ngr1LWi36hQPvQWSYPNmbsDkGVE
+unB0p8DCN88Yq4z2lDdlHgFIy0IDNixuRp/vBouuvKnpe9zyOkijV83Een0XSUsZ
+jmoksFzLzjChlS5fAL3FjtLO5XJGng46dibySWwYx2ragsrNUUSkqTTmU7bOVu9a
+zlnQNGR09kJRM77UoET5iSXXroK7xQ26UJkhorW2lXE5nQ97QqX7igWp2u0G74RB
+e6y3JqH9W8nV+BHuaCVmW0/j+V/l7T3XGAcbjZw1A4w5kj8YGzv3BpztXxqyHQsy
+piewXLTBn8dvgDqd1DLXI5gGxC3KGGZbC7v0rQlu2N6OWg2QRbcVKqlE5HeZxmGV
+vwGQs/vcChc3BuxJegw/bnP+y0Ys5tsVLw+kkxM5wbpqhWw+hgOlGHKpJLNpmBxn
+T+o84iUWTzpvHgHiw6ShJK50AxSbNzDWdbo7p6e0EPHG4Gj41bwO4zVzmQrFz//D
+txVBvoATTZYMLF5owdCO+rO6s/xuC3s04pk7GpmDmi/G51oiz7hIhxJyhQARAQAB
+tC5EZWJpYW4gUmVwcm9kdWNpYmxlIEJ1aWxkcyBBcmNoaXZlIFNpZ25pbmcgS2V5
+iQI9BBMBCAAnBQJULMv4AhsDBQkFo5qABQsJCAcDBRUKCQgLBRYDAgEAAh4BAheA
+AAoJEF23ymfqWaMfFsMP/3jthq65H9avuM469jHcugcd0C5b7/DS+cGQ5E4NQIGL
+6tGsqv5k6Nb0MoMMEAQSmWeXRkbYYxmEkrREMNg8tPlh4NiJimH3neNfI+8fGiHY
+89FH7QDrrzGfMF9oJQ9zjWZTOs3bjJ4AfS4fkQiQ6UfO7TeMyz5Cw7kz+rS1m1tu
++RgHxD+6A+XxkIZnw5we1MH0SAFoq4j3boR8QkFUNMZsy97xWYON4QLpYwKCbiwL
+Q4y06YTw4A7lp+B2JKLc70yRcjbixeAFlZfbhmGITTNAl3j8+48hRLLkJ+s8eT1r
+DS1UkYi2xBSNa6TVtNxbDUwVTzzxDe+b8tW2BfC7TBOX2oq6e6ebRa+ghZFVLNY1
+3y+FilXGNMB7IvZ378idHYTNaiJuYXNkrd8UGunwK4NCWdZk05L9GdKeQ6DN380Y
+L4QkKpINXSKjneWV7IITMFhvRZCgOVAmoHaq6kaGsl/FwHBA9I8hHXuSyvke8UMP
+dmvR8ggv5wiY9NDjW55h7M+UIqEaoXws1algIKB/TWm4/RnQcrxoXBX16wyidzcv
+Mb0BawlXZui0MNUSnZtxHMxrjejdvZdqtskHl9srB1QThH0jasmUqbQPxCnxMbf1
+4LhIp6XlXJFF1btgfCexNmcPuqeOMMDQ+du6Hqj2Yl5GYo2McWvjpSgkt5VmQfIz
+=X8YA
+-----END PGP PUBLIC KEY BLOCK-----" | apt-key add -
+echo 'deb http://reproducible.alioth.debian.org/debian/ ./' > /etc/apt/sources.list.d/reproducible.list
+apt-get update
+apt-get install -y dpkg dpkg-dev debhelper dh-python discount
+echo
+dpkg -l
+echo
+for i in \$(dpkg -l |grep ^ii |awk -F' ' '{print \$2}'); do   apt-cache madison "\$i" | head -1 | grep reproducible.alioth.debian.org || true  ; done
+echo
+EOF
+}
+
+#
+# setup pbuilder for reproducible builds
+#
+setup_pbuilder() {
+	echo "$(date) - creating /var/cache/pbuilder/${1}.tgz now..."
+	TMPFILE=$(mktemp)
+	create_setup_tmpfile
+	sudo pbuilder --create --basetgz /var/cache/pbuilder/${1}-new.tgz --distribution sid
+	sudo pbuilder --execute --save-after-exec --basetgz /var/cache/pbuilder/${1}-new.tgz -- ${TMPFILE}
+	sudo mv /var/cache/pbuilder/${1}-new.tgz /var/cache/pbuilder/${1}.tgz
+	rm ${TMPFILE}
+	echo
+}
+
+setup_pbuilder base-reproducible
diff --git a/bin/reproducible_setup_schroot.sh b/bin/reproducible_setup_schroot.sh
new file mode 100755
index 00000000..70f40f5a
--- /dev/null
+++ b/bin/reproducible_setup_schroot.sh
@@ -0,0 +1,118 @@
+#!/bin/bash
+
+# Copyright 2012-2014 Holger Levsen <holger@layer-acht.org>
+# Copyright      2013 Antonio Terceiro <terceiro@debian.org>
+# Copyright      2014 Joachim Breitner <nomeata@debian.org>
+# released under the GPLv=2
+
+. /srv/jenkins/bin/common-functions.sh
+common_init "$@"
+
+# bootstraps a new chroot for schroot, and then moves it into the right location
+
+# $1 = schroot name
+# $2 = base distro
+# $3 $4 ... = extra packages to install
+
+if [ $# -lt 2 ]; then
+	echo "usage: $0 TARGET DISTRO [backports] CMD [ARG1 ARG2 ...]"
+	exit 1
+fi
+TARGET="$1"
+shift
+DISTRO="$1"
+shift
+
+if [ "$1" == "backports" ] ; then
+	BACKPORTS="deb $MIRROR ${DISTRO}-backports main"
+	BACKPORTSSRC="deb-src $MIRROR ${DISTRO}-backports main"
+	shift
+fi
+
+if [ ! -d "$CHROOT_BASE" ]; then
+	echo "Directory $CHROOT_BASE does not exist, aborting."
+	exit 1
+fi
+
+export CHROOT_TARGET=$(mktemp -d -p $CHROOT_BASE/ schroot-install-$TARGET-XXXX)
+if [ -z "$CHROOT_TARGET" ]; then
+	echo "Could not create a directory to create the chroot in, aborting."
+	exit 1
+fi
+
+bootstrap() {
+	mkdir -p "$CHROOT_TARGET/etc/dpkg/dpkg.cfg.d"
+	echo force-unsafe-io > "$CHROOT_TARGET/etc/dpkg/dpkg.cfg.d/02dpkg-unsafe-io"
+
+	echo "Bootstraping $DISTRO into $CHROOT_TARGET now."
+	sudo debootstrap $DISTRO $CHROOT_TARGET $MIRROR
+
+	echo -e '#!/bin/sh\nexit 101'              | sudo tee   $CHROOT_TARGET/usr/sbin/policy-rc.d >/dev/null
+	sudo chmod +x $CHROOT_TARGET/usr/sbin/policy-rc.d
+	echo 'Acquire::http::Proxy "$http_proxy";' | sudo tee    $CHROOT_TARGET/etc/apt/apt.conf.d/80proxy >/dev/null
+	echo "deb-src $MIRROR $DISTRO main"        | sudo tee -a $CHROOT_TARGET/etc/apt/sources.list > /dev/null
+	echo "${BACKPORTS}"                        | sudo tee -a $CHROOT_TARGET/etc/apt/sources.list >/dev/null
+	echo "${BACKPORTSSRC}"                     | sudo tee -a $CHROOT_TARGET/etc/apt/sources.list >/dev/null
+
+	sudo chroot $CHROOT_TARGET apt-get update
+	if [ -n "$1" ] ; then
+		sudo chroot $CHROOT_TARGET apt-get install -y --no-install-recommends "$@"
+	fi
+}
+
+cleanup() {
+	if [ -d $CHROOT_TARGET ]; then
+		sudo rm -rf --one-file-system $CHROOT_TARGET || fuser -mv $CHROOT_TARGET
+	fi
+}
+trap cleanup INT TERM EXIT
+bootstrap $@
+
+trap - INT TERM EXIT
+
+# aquire a write lock in any case
+touch $DBDCHROOT_WRITELOCK
+if [ -f $DBDCHROOT_READLOCK ] ; then
+	# patiently wait for our users to using the schroot
+	for i in $(seq 0 100) ; do
+		sleep 15
+		echo "sleeping 15s, debbindiff schroot is locked and used."
+		if [ ! -f $DBDCHROOT_READLOCK ] ; then
+			break
+		fi
+	done
+	if [ -f $DBDCHROOT_READLOCK ] ; then
+		echo "Warning: lock $DBDCHROOT_READLOCK still exists, exiting."
+		exit 1
+	fi
+fi
+
+# pivot the new schroot in place
+rand=$RANDOM
+if [ -d $SCHROOT_BASE/"$TARGET" ]
+then
+	sudo mv $SCHROOT_BASE/"$TARGET" $SCHROOT_BASE/"$TARGET"-"$rand"
+fi
+
+sudo mv $CHROOT_TARGET $SCHROOT_BASE/"$TARGET"
+
+if [ -d $SCHROOT_BASE/"$TARGET"-"$rand" ]
+then
+	sudo rm -rf --one-file-system $SCHROOT_BASE/"$TARGET"-"$rand"
+fi
+
+# write the schroot config
+echo "Writing configuration"
+sudo tee /etc/schroot/chroot.d/jenkins-"$TARGET" <<-__END__
+	[jenkins-$TARGET]
+	description=Jenkins schroot $TARGET
+	directory=$SCHROOT_BASE/$TARGET
+	type=directory
+	root-users=jenkins
+	source-root-users=jenkins
+	union-type=aufs
+	__END__
+
+# remove the lock
+rm $DBDCHROOT_WRITELOCK
+
-- 
cgit v1.2.3-70-g09d2