Add a boolean sync-rcu repos.conf setting that behaves as follows:

    Enable read-copy-update (RCU) behavior for sync operations. The
    current latest immutable version of a repository will be referenced
    by a symlink found where the repository would normally be located
    (see the location setting). Repository consumers should resolve
    the cannonical path of this symlink before attempt to access
    the repository, and all operations should be read-only, since
    the repository is considered immutable. Updates occur by atomic
    replacement of the symlink, which causes new consumers to use the
    new immutable version, while any earlier consumers continue to
    use the cannonical path that was resolved earlier. This option
    requires sync-allow-hardlinks and sync-rcu-store-dir options to
    be enabled, and currently also requires that sync-type is set
    to rsync. This option is disabled by default, since the symlink
    usage would require special handling for scenarios involving bind
    mounts and chroots.

Bug: https://bugs.gentoo.org/662070
---
 lib/portage/repository/config.py               |  36 +++-
 lib/portage/repository/storage/hardlink_rcu.py | 251 +++++++++++++++++++++++++
 lib/portage/sync/syncbase.py                   |   4 +-
 man/portage.5                                  |  35 ++++
 4 files changed, 323 insertions(+), 3 deletions(-)
 create mode 100644 lib/portage/repository/storage/hardlink_rcu.py

diff --git a/lib/portage/repository/config.py b/lib/portage/repository/config.py
index f790f9392..8cdc2a696 100644
--- a/lib/portage/repository/config.py
+++ b/lib/portage/repository/config.py
@@ -84,7 +84,7 @@ class RepoConfig(object):
                'profile_formats', 'sign_commit', 'sign_manifest', 
'strict_misc_digests',
                'sync_depth', 'sync_hooks_only_on_change',
                'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 
'thin_manifest',
-               'update_changelog', '_eapis_banned', '_eapis_deprecated',
+               'update_changelog', 'user_location', '_eapis_banned', 
'_eapis_deprecated',
                '_masters_orig', 'module_specific_options', 
'manifest_required_hashes',
                'sync_allow_hardlinks',
                'sync_openpgp_key_path',
@@ -93,6 +93,10 @@ class RepoConfig(object):
                'sync_openpgp_key_refresh_retry_delay_exp_base',
                'sync_openpgp_key_refresh_retry_delay_mult',
                'sync_openpgp_key_refresh_retry_overall_timeout',
+               'sync_rcu',
+               'sync_rcu_store_dir',
+               'sync_rcu_spare_snapshots',
+               'sync_rcu_ttl_days',
                )
 
        def __init__(self, name, repo_opts, local_config=True):
@@ -198,6 +202,22 @@ class RepoConfig(object):
                        'sync_openpgp_key_refresh_retry_overall_timeout'):
                        setattr(self, k, repo_opts.get(k.replace('_', '-'), 
None))
 
+               self.sync_rcu = repo_opts.get(
+                       'sync-rcu', 'false').lower() in ('true', 'yes')
+
+               self.sync_rcu_store_dir = repo_opts.get('sync-rcu-store-dir')
+
+               for k in ('sync-rcu-spare-snapshots', 'sync-rcu-ttl-days'):
+                       v = repo_opts.get(k, '').strip() or None
+                       if v:
+                               try:
+                                       v = int(v)
+                               except (OverflowError, ValueError):
+                                       writemsg(_("!!! Invalid %s setting for 
repo"
+                                               " %s: %s\n") % (k, name, v), 
noiselevel=-1)
+                                       v = None
+                       setattr(self, k.replace('-', '_'), v)
+
                self.module_specific_options = {}
 
                # Not implemented.
@@ -206,9 +226,14 @@ class RepoConfig(object):
                        format = format.strip()
                self.format = format
 
+               self.user_location = None
                location = repo_opts.get('location')
                if location is not None and location.strip():
                        if os.path.isdir(location) or portage._sync_mode:
+                               # The user_location is required for sync-rcu 
support,
+                               # since it manages a symlink which resides at 
that
+                               # location (and realpath is irreversible).
+                               self.user_location = location
                                location = os.path.realpath(location)
                else:
                        location = None
@@ -542,6 +567,10 @@ class RepoConfigLoader(object):
                                                        
'sync_openpgp_key_refresh_retry_delay_exp_base',
                                                        
'sync_openpgp_key_refresh_retry_delay_mult',
                                                        
'sync_openpgp_key_refresh_retry_overall_timeout',
+                                                       'sync_rcu',
+                                                       'sync_rcu_store_dir',
+                                                       
'sync_rcu_spare_snapshots',
+                                                       'sync_rcu_ttl_days',
                                                        'sync_type', 
'sync_umask', 'sync_uri', 'sync_user',
                                                        
'module_specific_options'):
                                                        v = 
getattr(repos_conf_opts, k, None)
@@ -962,7 +991,7 @@ class RepoConfigLoader(object):
                return repo_name in self.prepos
 
        def config_string(self):
-               bool_keys = ("strict_misc_digests", "sync_allow_hardlinks")
+               bool_keys = ("strict_misc_digests", "sync_allow_hardlinks", 
"sync_rcu")
                str_or_int_keys = ("auto_sync", "clone_depth", "format", 
"location",
                        "main_repo", "priority", "sync_depth", 
"sync_openpgp_key_path",
                        "sync_openpgp_key_refresh_retry_count",
@@ -970,6 +999,9 @@ class RepoConfigLoader(object):
                        "sync_openpgp_key_refresh_retry_delay_exp_base",
                        "sync_openpgp_key_refresh_retry_delay_mult",
                        "sync_openpgp_key_refresh_retry_overall_timeout",
+                       "sync_rcu_store_dir",
+                       "sync_rcu_spare_snapshots",
+                       "sync_rcu_ttl_days",
                        "sync_type", "sync_umask", "sync_uri", 'sync_user')
                str_tuple_keys = ("aliases", "eclass_overrides", "force")
                repo_config_tuple_keys = ("masters",)
diff --git a/lib/portage/repository/storage/hardlink_rcu.py 
b/lib/portage/repository/storage/hardlink_rcu.py
new file mode 100644
index 000000000..80cdbb0d7
--- /dev/null
+++ b/lib/portage/repository/storage/hardlink_rcu.py
@@ -0,0 +1,251 @@
+# Copyright 2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+import datetime
+
+import portage
+from portage import os
+from portage.repository.storage.interface import (
+       RepoStorageException,
+       RepoStorageInterface,
+)
+from portage.util.futures import asyncio
+from portage.util.futures.compat_coroutine import (
+       coroutine,
+       coroutine_return,
+)
+
+from _emerge.SpawnProcess import SpawnProcess
+
+
+class HardlinkRcuRepoStorage(RepoStorageInterface):
+       """
+       Enable read-copy-update (RCU) behavior for sync operations. The
+       current latest immutable version of a repository will be
+       reference by a symlink found where the repository would normally
+       be located.  Repository consumers should resolve the cannonical
+       path of this symlink before attempt to access the repository,
+       and all operations should be read-only, since the repository
+       is considered immutable. Updates occur by atomic replacement
+       of the symlink, which causes new consumers to use the new
+       immutable version, while any earlier consumers continue to use
+       the cannonical path that was resolved earlier.
+
+       Performance is better than HardlinkQuarantineRepoStorage,
+       since commit involves atomic replacement of a symlink. Since
+       the symlink usage would require special handling for scenarios
+       involving bind mounts and chroots, this module is not enabled
+       by default.
+
+       repos.conf parameters:
+
+               sync-rcu-store-dir
+
+                       Directory path reserved for sync-rcu storage. This
+                       directory must have a unique value for each repository
+                       (do not set it in the DEFAULT section).  This directory
+                       must not contain any other files or directories aside
+                       from those that are created automatically when sync-rcu
+                       is enabled.
+
+               sync-rcu-spare-snapshots = 1
+
+                       Number of spare snapshots for sync-rcu to retain with
+                       expired ttl. This protects the previous latest snapshot
+                       from being removed immediately after a new version
+                       becomes available, since it might still be used by
+                       running processes.
+
+               sync-rcu-ttl-days = 7
+
+                       Number of days for sync-rcu to retain previous immutable
+                       snapshots of a repository. After the ttl of a particular
+                       snapshot has expired, it will be remove automatically 
(the
+                       latest snapshot is exempt, and sync-rcu-spare-snapshots
+                       configures the number of previous snapshots that are
+                       exempt). If the ttl is set too low, then a snapshot 
could
+                       expire while it is in use by a running process.
+
+       """
+       def __init__(self, repo, spawn_kwargs):
+               # Note that repo.location cannot substitute for 
repo.user_location here,
+               # since we manage a symlink that resides at repo.user_location, 
and
+               # repo.location is the irreversible result of 
realpath(repo.user_location).
+               self._user_location = repo.user_location
+               self._spawn_kwargs = spawn_kwargs
+
+               if not repo.sync_allow_hardlinks:
+                       raise RepoStorageException("repos.conf sync-rcu setting"
+                               " for repo '%s' requires that 
sync-allow-hardlinks be enabled" % repo.name)
+
+               # Raise an exception if repo.sync_rcu_store_dir is unset, since 
the
+               # user needs to be aware of this location for bind mount and 
chroot
+               # scenarios
+               if not repo.sync_rcu_store_dir:
+                       raise RepoStorageException("repos.conf sync-rcu setting"
+                               " for repo '%s' requires that 
sync-rcu-store-dir be set" % repo.name)
+
+               self._storage_location = repo.sync_rcu_store_dir
+               if repo.sync_rcu_spare_snapshots is None or 
repo.sync_rcu_spare_snapshots < 0:
+                       self._spare_snapshots = 1
+               else:
+                       self._spare_snapshots = repo.sync_rcu_spare_snapshots
+               if self._spare_snapshots < 0:
+                       self._spare_snapshots = 0
+               if repo.sync_rcu_ttl_days is None or repo.sync_rcu_ttl_days < 0:
+                       self._ttl_days = 1
+               else:
+                       self._ttl_days = repo.sync_rcu_ttl_days
+               self._update_location = None
+               self._latest_symlink = os.path.join(self._storage_location, 
'latest')
+               self._latest_canonical = os.path.realpath(self._latest_symlink)
+               if not os.path.exists(self._latest_canonical) or 
os.path.islink(self._latest_canonical):
+                       # It doesn't exist, or it's a broken symlink.
+                       self._latest_canonical = None
+               self._snapshots_dir = os.path.join(self._storage_location, 
'snapshots')
+
+       @coroutine
+       def _check_call(self, cmd, privileged=False):
+               """
+               Run cmd and raise RepoStorageException on failure.
+
+               @param cmd: command to executre
+               @type cmd: list
+               @param privileged: run with maximum privileges
+               @type privileged: bool
+               """
+               if privileged:
+                       kwargs = 
dict(fd_pipes=self._spawn_kwargs.get('fd_pipes'))
+               else:
+                       kwargs = self._spawn_kwargs
+               p = SpawnProcess(args=cmd, scheduler=asyncio._wrap_loop(), 
**kwargs)
+               p.start()
+               if (yield p.async_wait()) != os.EX_OK:
+                       raise RepoStorageException('command exited with status 
{}: {}'.\
+                               format(p.returncode, ' '.join(cmd)))
+
+       @coroutine
+       def init_update(self):
+               update_location = os.path.join(self._storage_location, 'update')
+               yield self._check_call(['rm', '-rf', update_location])
+
+               # This assumes normal umask permissions if it doesn't exist yet.
+               portage.util.ensure_dirs(self._storage_location)
+
+               if self._latest_canonical is not None:
+                       portage.util.ensure_dirs(update_location)
+                       portage.util.apply_stat_permissions(update_location,
+                               os.stat(self._user_location))
+                       # Use  rsync --link-dest to hardlink a files into 
update_location,
+                       # since cp -l is not portable.
+                       yield self._check_call(['rsync', '-a', '--link-dest', 
self._latest_canonical,
+                               self._latest_canonical + '/', update_location + 
'/'])
+
+               elif not os.path.islink(self._user_location):
+                       yield self._migrate(update_location)
+                       update_location = (yield self.init_update())
+
+               self._update_location = update_location
+
+               coroutine_return(self._update_location)
+
+       @coroutine
+       def _migrate(self, update_location):
+               """
+               When repo.user_location is a normal directory, migrate it to
+               storage so that it can be replaced with a symlink. After 
migration,
+               commit the content as the latest snapshot.
+               """
+               try:
+                       os.rename(self._user_location, update_location)
+               except OSError:
+                       portage.util.ensure_dirs(update_location)
+                       portage.util.apply_stat_permissions(update_location,
+                               os.stat(self._user_location))
+                       # It's probably on a different device, so copy it.
+                       yield self._check_call(['rsync', '-a',
+                               self._user_location + '/', update_location + 
'/'])
+
+                       # Remove the old copy so that symlink can be created. 
Run with
+                       # maximum privileges, since removal requires write 
access to
+                       # the parent directory.
+                       yield self._check_call(['rm', '-rf', user_location], 
privileged=True)
+
+               self._update_location = update_location
+
+               # Make this copy the latest snapshot
+               yield self.commit_update()
+
+       @property
+       def current_update(self):
+               if self._update_location is None:
+                       raise RepoStorageException('current update does not 
exist')
+               return self._update_location
+
+       @coroutine
+       def commit_update(self):
+               update_location = self.current_update
+               self._update_location = None
+               try:
+                       snapshots = [int(name) for name in 
os.listdir(self._snapshots_dir)]
+               except OSError:
+                       snapshots = []
+                       portage.util.ensure_dirs(self._snapshots_dir)
+                       portage.util.apply_stat_permissions(self._snapshots_dir,
+                               os.stat(self._storage_location))
+               if snapshots:
+                       new_id = max(snapshots) + 1
+               else:
+                       new_id = 1
+               os.rename(update_location, os.path.join(self._snapshots_dir, 
str(new_id)))
+               new_symlink = self._latest_symlink + '.new'
+               try:
+                       os.unlink(new_symlink)
+               except OSError:
+                       pass
+               os.symlink('snapshots/{}'.format(new_id), new_symlink)
+               os.rename(new_symlink, self._latest_symlink)
+
+               try:
+                       user_location_correct = 
os.path.samefile(self._user_location, self._latest_symlink)
+               except OSError:
+                       user_location_correct = False
+
+               if not user_location_correct:
+                       new_symlink = self._user_location + '.new'
+                       try:
+                               os.unlink(new_symlink)
+                       except OSError:
+                               pass
+                       os.symlink(self._latest_symlink, new_symlink)
+                       os.rename(new_symlink, self._user_location)
+
+               coroutine_return()
+               yield None
+
+       @coroutine
+       def abort_update(self):
+               if self._update_location is not None:
+                       update_location = self._update_location
+                       self._update_location = None
+                       yield self._check_call(['rm', '-rf', update_location])
+
+       @coroutine
+       def garbage_collection(self):
+               snap_ttl = datetime.timedelta(days=self._ttl_days)
+               snapshots = sorted(int(name) for name in 
os.listdir(self._snapshots_dir))
+               # always preserve the latest snapshot
+               protect_count = self._spare_snapshots + 1
+               while snapshots and protect_count:
+                       protect_count -= 1
+                       snapshots.pop()
+               for snap_id in snapshots:
+                       snap_path = os.path.join(self._snapshots_dir, 
str(snap_id))
+                       try:
+                               st = os.stat(snap_path)
+                       except OSError:
+                               continue
+                       snap_timestamp = 
datetime.datetime.utcfromtimestamp(st.st_mtime)
+                       if (datetime.datetime.utcnow() - snap_timestamp) < 
snap_ttl:
+                               continue
+                       yield self._check_call(['rm', '-rf', snap_path])
diff --git a/lib/portage/sync/syncbase.py b/lib/portage/sync/syncbase.py
index 1d2a00b7c..5d9455f93 100644
--- a/lib/portage/sync/syncbase.py
+++ b/lib/portage/sync/syncbase.py
@@ -86,7 +86,9 @@ class SyncBase(object):
                @rtype: str
                @return: name of the selected repo storage constructor
                '''
-               if self.repo.sync_allow_hardlinks:
+               if self.repo.sync_rcu:
+                       mod_name = 
'portage.repository.storage.hardlink_rcu.HardlinkRcuRepoStorage'
+               elif self.repo.sync_allow_hardlinks:
                        mod_name = 
'portage.repository.storage.hardlink_quarantine.HardlinkQuarantineRepoStorage'
                else:
                        mod_name = 
'portage.repository.storage.inplace.InplaceRepoStorage'
diff --git a/man/portage.5 b/man/portage.5
index cd9d5036d..20f9aae7a 100644
--- a/man/portage.5
+++ b/man/portage.5
@@ -1025,6 +1025,41 @@ If set to true, then sync of a given repository will not 
trigger postsync
 hooks unless hooks would have executed for a master repository or the
 repository has changed since the previous sync operation.
 .TP
+.B sync\-rcu = yes|no
+Enable read\-copy\-update (RCU) behavior for sync operations. The current
+latest immutable version of a repository will be referenced by a symlink
+found where the repository would normally be located (see the \fBlocation\fR
+setting). Repository consumers should resolve the cannonical path of this
+symlink before attempt to access the repository, and all operations should
+be read\-only, since the repository is considered immutable. Updates occur
+by atomic replacement of the symlink, which causes new consumers to use the
+new immutable version, while any earlier consumers continue to use the
+cannonical path that was resolved earlier. This option requires
+sync\-allow\-hardlinks and sync\-rcu\-store\-dir options to be enabled, and
+currently also requires that sync\-type is set to rsync. This option is
+disabled by default, since the symlink usage would require special handling
+for scenarios involving bind mounts and chroots.
+.TP
+.B sync\-rcu\-store\-dir
+Directory path reserved for sync\-rcu storage. This directory must have a
+unique value for each repository (do not set it in the DEFAULT section).
+This directory must not contain any other files or directories aside from
+those that are created automatically when sync\-rcu is enabled.
+.TP
+.B sync\-rcu\-spare\-snapshots = 1
+Number of spare snapshots for sync\-rcu to retain with expired ttl. This
+protects the previous latest snapshot from being removed immediately after
+a new version becomes available, since it might still be used by running
+processes.
+.TP
+.B sync\-rcu\-ttl\-days = 7
+Number of days for sync\-rcu to retain previous immutable snapshots of
+a repository. After the ttl of a particular snapshot has expired, it
+will be remove automatically (the latest snapshot is exempt, and
+sync\-rcu\-spare\-snapshots configures the number of previous snapshots
+that are exempt). If the ttl is set too low, then a snapshot could
+expire while it is in use by a running process.
+.TP
 .B sync\-type
 Specifies type of synchronization performed by `emerge \-\-sync`.
 .br
-- 
2.16.4


Reply via email to