Ian Jackson writes ("Bug#1125487: tag2upload service needs to be able to retry
against ftpmaster API"):
> Debian tag2upload service writes ("[tag2upload 2420] failed, ifeffit
> 2:1.2.11d-13"):
> > dgit (build host): error: fetch of
> > https://api.ftp-master.debian.org/file_in_archive/%25/ifeffit%5c_1.2.11d.orig.tar.gz
> > gave HTTP code 500
It turns out that this wasn't a transient error after all; it was
#1125668. I still think we would like to be able to survive ftpmaster
API failures.
But having looked at the code some more, it's not so easy. For
example, this particular ftpmaster API call occurs quite late, during
changes file generation.
I still think we *could* do it, but it would look something like this:
* Add a new feature to dgit rpush to allow it to synchronise with its
caller just before it starts signing things. It should do this
idempotently in `i_resp_want`.
* Have dgit-repos-server use this feature, and only do the
commit-to-public-upload dance when dgit rpush wants it.
Simplest would be if we could provide dgit rpush with the manager
connection. But we want to be able to handle dgit rpush crashing,
without losing knowledge of the o2m protocol state.
Another complication is that dgit-repos-server would, then, while it
is running dgit rpush, have to be waiting for *two* things:
(a) dgit rpush terminates (SIGCHLD/waitpid)
(b) dgit rpush wants to commit
I thought of a number of options for such an arrangement:
1. dgit-repos-server uses the self-pipe trick turning (a) into an
fd, so that it can be selected on. What a palaver, unless
there's a covnenient library we could use.
2. dgit rpush notifies dgit-repos-server by sending a signal to its
parent (!), and dgit-repos-server uses sigwait. Does perl
even have a convenient way to sigwait?
3. dgit-repos-server forks again, for littel child whose job it is to
proxy the commit-to-public-upload dance. That way if *that* child
doesn't crash, dgit-repos-server knows what the o2m protocol state
is.
4. dgit rpush writes the o2m protocol state to a file.
Before it starts the commit-to-public-upload dance it writes
UNKNOWN file. After dgit rpush exits, dgit-repos-server can read
this file to see if it can reuse the o2m connection. (dgit rpush
is very unlikely to crash during the commit-to-public-upload dance
unless it's because the o2m connection is in any case broken.)
5. Instead of modifying dgit rpush, provide a stunt wrapper for gpg.
This is *actually* the commitment point. But the last thing we
want to do is get more entangled with the gnupg CLI interface.
None of this seems entirely trivial. 4 is probably easiest but it's a
bit of a bdoge! We may want to downgrade this bug again, and postpone
this work.
Ian.
--
Ian Jackson <[email protected]> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
