diff options
author | Joshua Watt <JPEWhacker@gmail.com> | 2022-08-03 09:04:41 -0500 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2022-09-28 06:47:55 -1000 |
commit | 63bb5591e833de0e7b552963ad9bc4b39e56fda9 (patch) | |
tree | acd1e281949f009ecbc4b84e96c99432c2aed71b /lib/bb/exceptions.py | |
parent | f386298fc056ef130c2eb6dabf25eafbd55f55ca (diff) | |
download | bitbake-contrib-63bb5591e833de0e7b552963ad9bc4b39e56fda9.tar.gz |
siggen: Fix insufficent entropy in sigtask file names
Signature generation uses mkstemp() to get a file descriptor to a unique
file and then write the signature into it. However, the unique file name
generation in glibc is based on the system timestamp, which means that
with highly parallel builds it is more likely than one might expect
expected that a conflict will occur between two different builder nodes.
When operating over NFS (such as a shared sstate cache), this can cause
race conditions and rare failures (particularly with NFS servers that
may not correctly implement O_EXCL).
The signature generation code is particularly susceptible to races since
a single "sigtask." prefix used for all signatures from all tasks, which
makes collision even more likely.
To work around this, add an internal implementation of mkstemp() that
adds additional truly random entropy to the file name to eliminate
conflicts.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 97955f3c1c738aa4b4478a6ec10a08094ffc689d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'lib/bb/exceptions.py')
0 files changed, 0 insertions, 0 deletions