Package: pbuilder Version: 0.229.3 Severity: wishlist Tags: patch I've written a small patch which isolates processes from a build into a cgroup (named like system-pbuilder-NNNNN.slice where NNNNN comes from the pbuilder PID). Then, if it sees after the build is done that there are still stray processes left over, it will print a warning to the log along with a list of these processes, and then kill them. (Of course, this will only work on Linux systems running systemd.)
The attached patch is the output of "git diff" against the current contents of https://salsa.debian.org/pbuilder-team/pbuilder.git . -- Daniel
diff --git a/debian/changelog b/debian/changelog index 3521bc57..866116d3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,9 @@ pbuilder (0.229.4) UNRELEASED; urgency=medium * WIP. + [ Daniel Schepler ] + * Clean up stray processes from builds on Linux systems running systemd. + -- Mattia Rizzolo <mat...@debian.org> Sun, 29 Jul 2018 15:44:12 +0200 pbuilder (0.229.3) unstable; urgency=medium diff --git a/pbuilder-checkparams b/pbuilder-checkparams index f02c88ee..526d1993 100755 --- a/pbuilder-checkparams +++ b/pbuilder-checkparams @@ -83,6 +83,10 @@ while [ -n "$1" ]; do USENETWORK="$2" shift 2 ;; + --use-cgroup) + USECGROUP="$2" + shift 2 + ;; --distribution) DISTRIBUTION="$2"; OVERRIDE_APTLINES_WARN=yes @@ -384,6 +388,14 @@ if [ -z "${CHROOTEXEC}" ]; then EATMYDATA=not-available fi fi + if [ "$USECGROUP" = "yes" ]; then + if systemctl is-system-running --quiet >/dev/null 2>&1 ; then + CHROOTEXEC="systemd-run --quiet --scope --slice=system-pbuilder-$$.slice $CHROOTEXEC" + else + log.w "cgroups are not available on the host, not using them." + USECGROUP=not-available + fi + fi fi # handle 'experimental' specially. -- required for raw pbuilder (create/update) only. diff --git a/pbuilder-modules b/pbuilder-modules index e7cad591..ca0037c9 100644 --- a/pbuilder-modules +++ b/pbuilder-modules @@ -529,6 +529,19 @@ function cleanbuildplace () { fi unloadhooks if [ "${INTERNAL_BUILD_UML}" != "yes" ]; then + if [ "${USECGROUP}" = "yes" ]; then + tasks="$(systemctl show system-pbuilder-$$.slice --property=TasksCurrent | tr -d '\n')" + if [ "$tasks" != "TasksCurrent=0" -a "$tasks" != "TasksCurrent=[not set]" ]; then + log.d "Waiting for systemd to register process exits" + sleep 0.1s + tasks="$(systemctl show system-pbuilder-$$.slice --property=TasksCurrent | tr -d '\n')" + if [ "$tasks" != "TasksCurrent=0" -a "$tasks" != "TasksCurrent=[not set]" ]; then + log.w "Cleaning up stray processes from build" + systemctl status system-pbuilder-$$.slice + systemctl stop system-pbuilder-$$.slice + fi + fi + fi if [ -d "$BUILDPLACE" ]; then # A directory on the same partition as $BUILDPLACE, bind-mounted # into $BUILDPLACE, will be cleaned out by clean_subdirectories diff --git a/pbuilderrc b/pbuilderrc index bcd1d883..d0513c55 100644 --- a/pbuilderrc +++ b/pbuilderrc @@ -33,6 +33,7 @@ USEDEVFS=no USEDEVPTS=yes USESYSFS=yes USENETWORK=no +USECGROUP=yes BUILDRESULT=/var/cache/pbuilder/result/ # specifying the distribution forces the distribution on "pbuilder update" diff --git a/pbuilderrc.5 b/pbuilderrc.5 index 05b907ab..1c597e61 100644 --- a/pbuilderrc.5 +++ b/pbuilderrc.5 @@ -481,6 +481,13 @@ Network is not available on a Debian buildd, so you might want to keep the default. Disabling network access currently only works on Linux. .TP +.BI "USECGROUP=" "yes" +Specify +.B yes +to use a cgroup to isolate build processes, so that any stray processes +from the build can be cleaned up afterwords. +This currently only works on Linux systems running systemd. +.TP .BI "USESHM=" "yes" Specify .B yes