Patch fakeroot in buildroot to avoid build hanging #22432
Conversation
When running in docker, there could be a large range of file descriptors causing "faked" to hang at the end. Apply the same workaround for this as was done in apt, as posted on the mailing list. Debian Bug no: 920913
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: afbjorklund The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
k8s-ci-robot
added
cncf-cla: yes
|
/ok-to-build-iso |
There was a problem hiding this comment.
Pull request overview
This PR adds a patch for fakeroot 1.36 to optimize file descriptor closing in containers where ulimit may be very high. The patch implements an optimization that iterates through /proc/self/fd to close only open file descriptors, instead of blindly iterating through all possible file descriptor numbers up to the ulimit.
Changes:
- Added a new patch file for fakeroot 1.36 that implements fd-closing optimization based on the approach used in APT
- The patch adds logic to read actual open file descriptors from
/proc/self/fdbefore falling back to the original approach
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| + if (dir != NULL) { | ||
| + struct dirent *ent; | ||
| + int dfd = dirfd(dir); | ||
| + while (ent = readdir(dir)) { |
There was a problem hiding this comment.
The while loop assignment lacks parentheses around the assignment expression. The C compiler will issue a warning for this pattern. The condition should be while ((ent = readdir(dir))) instead of while (ent = readdir(dir)) to make the assignment-as-condition pattern explicit and suppress compiler warnings.
| + while (ent = readdir(dir)) { | |
| + while ((ent = readdir(dir)) != NULL) { |
| + fl = atoi(ent->d_name); | ||
| + if (fl >= 0 && fl != dfd) |
There was a problem hiding this comment.
The use of atoi on directory entry names is problematic. When readdir encounters "." or ".." entries, atoi will return 0, which would incorrectly attempt to close stdin (fd 0). Additionally, fl >= 0 allows closing fd 0. The condition should check fl > 0 to avoid closing stdin, and should verify the entry name consists only of digits before calling atoi to avoid issues with non-numeric directory entries.
| + fl = atoi(ent->d_name); | |
| + if (fl >= 0 && fl != dfd) | |
| + const char *name = ent->d_name; | |
| + int is_numeric = 1; | |
| + const char *p; | |
| + | |
| + for (p = name; *p != '\0'; ++p) { | |
| + if (!isdigit((unsigned char)*p)) { | |
| + is_numeric = 0; | |
| + break; | |
| + } | |
| + } | |
| + if (!is_numeric) | |
| + continue; | |
| + | |
| + fl = atoi(name); | |
| + if (fl > 0 && fl != dfd) |
| + if (fl >= 0 && fl != dfd) | ||
| +#ifdef FAKEROOT_FAKENET | ||
| + if (fl != sd) | ||
| +#endif /* FAKEROOT_FAKENET */ | ||
| + close(fl); |
There was a problem hiding this comment.
The control flow structure with nested preprocessor conditionals creates ambiguous logic. When FAKEROOT_FAKENET is defined, there are two consecutive if statements without proper bracing, making it unclear which conditions must be met for the close call to execute. This should use proper logical operators (&&) or explicit bracing to clarify that both conditions (fl != dfd AND fl != sd) must be true before closing the file descriptor.
| + if (fl >= 0 && fl != dfd) | |
| +#ifdef FAKEROOT_FAKENET | |
| + if (fl != sd) | |
| +#endif /* FAKEROOT_FAKENET */ | |
| + close(fl); | |
| + if (fl >= 0 && fl != dfd | |
| +#ifdef FAKEROOT_FAKENET | |
| + && fl != sd | |
| +#endif /* FAKEROOT_FAKENET */ | |
| + ) | |
| + close(fl); |
|
This 2021 patch is not yet accepted upstream, when it is it might be more worthwhile to spend time on "fixing" it there. https://salsa.debian.org/clint/fakeroot (and https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=fakeroot) |
|
Hi @afbjorklund, building a new ISO failed for Commit b2c401f |
|
Fakeroot package built OK, then Jenkins ran out of disk or something:
|
|
/ok-to-build-iso |
|
@afbjorklund do you mind checking the copilot's comments to see if they are relevant ? |
|
I did (#22432 (comment)), but I'm not sure I want to go about "fixing" whitespace in every patch |
|
Hi @afbjorklund, we have updated your PR with the reference to newly built ISO. Pull the changes locally if you want to test with them or update your PR further. |
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@afbjorklund: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
4 participants
When running in docker, there could be a large range of file descriptors causing "
faked" to hang at the end...Apply the same workaround for this as was done in apt, as posted on the mailing list. Debian Bug no: 920913
EDIT: Seems like this issue was reported to buildroot too:
https://gitlab.com/buildroot.org/buildroot/-/issues/115
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920913;msg=25
I rebased it to fakeroot 1.36, and minimized the patch by ignoring whitespace.
Fixes the issue when you might have increased the limits, on a real Linux host.
The official "fix" in 1.35 only adds
close_range, which still takes too long time...