deb-s3-lock-fix 0.11.8.fix0.6 → 0.11.8.fix1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4adef09b894b92582b5cceeaddddcf77282d6ca042071c0231a7b59c5c8e3000
-  data.tar.gz: 30cfff54c7f98238ec3190ded8e617ba981946ad30af4f5c573e97882e52bd2f
+  metadata.gz: 180e005ba32e429abe5a462bb81cd03d6897b02fb10e079a655008589fa687df
+  data.tar.gz: df8aeb29f17894bdfca5f82caaaf5ad6576d07de0fed3789d532de3c93486a13
 SHA512:
-  metadata.gz: b92554e2f5573e41a8fcb3c5dcdec4c013cd8d6d3dd1f1c4398f0bc705fa449cebc6b917355cf293925c4bbce536aa1ed6a9f43bf4b61e6020462dc28e286cdc
-  data.tar.gz: fb679c6b500598a25ec76aaf253dcbdb1c0d35608fed399987b1c553c19e57186c829220207208344bbbb917fbadd144791f45a3e84081ddc70eeb898b17ec01
+  metadata.gz: '09eaff5677bd51d239794dd5b5bcf9f9ac18275593cd51088f22a0bded0bdd1c2bc4c82cf771aaa8c32d7fd525c973919ac6a5fe4b85818923922e576fa75b13'
+  data.tar.gz: c463aba5d27113100687654aebd7952ca32142f2835190038dfaf401918d004cdf9bdca74e641866b4e90e5ec91cacbd94bde28c504d0ea637c798181d35e9aa

data/README.md

@@ -1,18 +1,8 @@
-# deb-s3-lock-fix
+# deb-s3
 
 [![Build Status](https://travis-ci.org/deb-s3/deb-s3.svg?branch=master)](https://travis-ci.org/deb-s3/deb-s3)
 
-**This repository is a fork of [deb-s3](https://github.com/deb-s3/deb-s3).**
-
-Note: The locking mechanism in the original deb-s3 library does not prevent race conditions.
-It relies on S3 for distributed locking, which will not work consistently due to S3's eventual
-consistency model. This fork uses DynamoDB for distributed locking, since it ensures atomic
-conditional put operations on the lock.
-
-To use this library create a DynamoDB table and export the following three env variables:
-`DEB_S3_ACCESS_KEY_ID`
-`DEB_S3_SECRET_ACCESS_KEY`
-`AWS_BUILDERS_REGION`
+**This repository is a fork of [krobertson/deb-s3](https://github.com/krobertson/deb-s3).**
 
 `deb-s3` is a simple utility to make creating and managing APT repositories on
 S3.

data/lib/deb/s3/cli.rb

@@ -165,7 +165,7 @@ class Deb::S3::CLI < Thor
       if options[:lock]
         log("Checking for existing lock file")
         log("Locking repository for updates")
-        Deb::S3::Lock.lock(options[:bucket], options[:codename])
+        Deb::S3::Lock.lock(options[:codename], component, options[:arch], options[:cache_control])
         @lock_acquired = true
       end
 
@@ -242,22 +242,18 @@ class Deb::S3::CLI < Thor
       log("Uploading packages and new manifests to S3")
       manifests.each_value do |manifest|
         begin
-          manifest.write_to_s3 do |f|
-            sublog("Transferring #{f} at #{Time.now.strftime('%Y-%m-%d %H:%M:%S')}")
-          end
+          manifest.write_to_s3 { |f| sublog("Transferring #{f}") }
         rescue Deb::S3::Utils::AlreadyExistsError => e
           error("Uploading manifest failed because: #{e}")
         end
         release.update_manifest(manifest)
       end
-      release.write_to_s3 do |f|
-        sublog("Transferring #{f} at #{Time.now.strftime('%Y-%m-%d %H:%M:%S')}")
-      end
+      release.write_to_s3 { |f| sublog("Transferring #{f}") }
 
       log("Update complete.")
     ensure
       if options[:lock] && @lock_acquired
-        Deb::S3::Lock.unlock(options[:bucket], options[:codename])
+        Deb::S3::Lock.unlock(options[:codename], component, options[:arch], options[:cache_control])
         log("Lock released.")
       end
     end
@@ -406,7 +402,7 @@ class Deb::S3::CLI < Thor
       if options[:lock]
         log("Checking for existing lock file")
         log("Locking repository for updates")
-        Deb::S3::Lock.lock(options[:bucket], options[:codename])
+        Deb::S3::Lock.lock(options[:codename], to_component, options[:arch], options[:cache_control])
         @lock_acquired = true
       end
 
@@ -448,7 +444,7 @@ class Deb::S3::CLI < Thor
       log "Copy complete."
     ensure
       if options[:lock] && @lock_acquired
-        Deb::S3::Lock.unlock(options[:bucket], options[:codename])
+        Deb::S3::Lock.unlock(options[:codename], component, options[:arch], options[:cache_control])
         log("Lock released.")
       end
     end
@@ -501,7 +497,7 @@ class Deb::S3::CLI < Thor
       if options[:lock]
         log("Checking for existing lock file")
         log("Locking repository for updates")
-        Deb::S3::Lock.lock(options[:bucket], options[:codename])
+        Deb::S3::Lock.lock(options[:codename], component, options[:arch], options[:cache_control])
         @lock_acquired = true
       end
 
@@ -549,7 +545,7 @@ class Deb::S3::CLI < Thor
       end
     ensure
       if options[:lock] && @lock_acquired
-        Deb::S3::Lock.unlock(options[:bucket], options[:codename])
+        Deb::S3::Lock.unlock(options[:codename], component, options[:arch], options[:cache_control])
         log("Lock released.")
       end
     end
@@ -615,7 +611,7 @@ class Deb::S3::CLI < Thor
       if options[:lock]
         log("Checking for existing lock file")
         log("Locking repository for updates")
-        Deb::S3::Lock.lock(options[:bucket], options[:codename])
+        Deb::S3::Lock.lock(options[:codename], component, options[:arch], options[:cache_control])
         @lock_acquired = true
       end
 
@@ -679,7 +675,7 @@ class Deb::S3::CLI < Thor
       end
     ensure
       if options[:lock] && @lock_acquired
-        Deb::S3::Lock.unlock(options[:bucket], options[:codename])
+        Deb::S3::Lock.unlock(options[:codename], component, options[:arch], options[:cache_control])
         log("Lock released.")
       end
     end

data/lib/deb/s3/lock.rb

@@ -1,139 +1,125 @@
-require "aws-sdk-dynamodb"
-require "securerandom"
+# -*- encoding : utf-8 -*-
+require "base64"
+require "digest/md5"
 require "etc"
-require "time"
+require "socket"
+require "tempfile"
+require "securerandom"
 
 class Deb::S3::Lock
-  attr_reader :user, :host_with_uuid
-
-  DYNAMODB_TABLE_NAME = 'deb-s3-lock'
+  attr_reader :user
+  attr_reader :host
 
-  def initialize(user, host_with_uuid)
+  def initialize(user, host)
     @user = user
-    @host_with_uuid = host_with_uuid
-  end
-
-  def self.dynamodb
-    @dynamodb ||= begin
-      validate_environment_variables!
-      Aws::DynamoDB::Client.new(
-        access_key_id: ENV['DEB_S3_ACCESS_KEY_ID'],
-        secret_access_key: ENV['DEB_S3_SECRET_ACCESS_KEY'],
-        region: ENV['AWS_BUILDERS_REGION']
-      )
-    end
-  end
-
-  def self.validate_environment_variables!
-    %w[DEB_S3_ACCESS_KEY_ID DEB_S3_SECRET_ACCESS_KEY AWS_BUILDERS_REGION].each do |var|
-      raise "Environment variable #{var} not set." unless ENV[var]
-    end
+    @host = host
   end
 
   class << self
-    def lock(bucket, codename, max_attempts = 60, max_wait_interval = 10)
+    #
+    # 2-phase mutual lock mechanism based on `s3:CopyObject`.
+    #
+    # This logic isn't relying on S3's enhanced features like Object Lock
+    # because it imposes some limitation on using other features like
+    # S3 Cross-Region replication. This should work more than good enough 
+    # with S3's strong read-after-write consistency which we can presume
+    # in all region nowadays.
+    #
+    # This is relying on S3 to set object's ETag as object's MD5 if an
+    # object isn't comprized from multiple parts. We'd be able to presume
+    # it as the lock file is usually an object of some smaller bytes.
+    #
+    # acquire lock:
+    # 1. call `s3:HeadObject` on final lock object
+    #   1. If final lock object exists, restart from the beginning
+    #   2. Otherwise, call `s3:PutObject` to create initial lock object
+    # 2. Perform `s3:CopyObject` to copy from initial lock object
+    #    to final lock object with specifying ETag/MD5 of the initial
+    #    lock object
+    #   1. If copy object fails as `PreconditionFailed`, restart
+    #      from the beginning
+    #   2. Otherwise, lock has been acquired
+    #
+    # release lock:
+    # 1. remove final lock object by `s3:DeleteObject`
+    #
+    def lock(codename, component = nil, architecture = nil, cache_control = nil, max_attempts=60, max_wait_interval=10)
       uuid = SecureRandom.uuid
-      lock_body = "#{Etc.getlogin}@#{Socket.gethostname}-#{uuid}"
-      lock_key = "#{bucket}/#{codename}"
+      lockbody = "#{Etc.getlogin}@#{Socket.gethostname}-#{uuid}"
 
-      $stderr.puts("Current job's hostname with UUID: #{lock_body}")
+      initial_lockfile = initial_lock_path(codename, component, architecture, cache_control)
+      final_lockfile = lock_path(codename, component, architecture, cache_control)
 
+      md5_b64 = Base64.encode64(Digest::MD5.digest(lockbody))
+      md5_hex = Digest::MD5.hexdigest(lockbody)
       max_attempts.times do |i|
-        delete_expired_lock(bucket, codename)
-        wait_interval = [2**i, max_wait_interval].min
-
-        expiration_time = Time.now.to_i + 45
-        begin
-          dynamodb.put_item({
-            table_name: DYNAMODB_TABLE_NAME,
-            item: {
-              'lock_key' => "52",
-              'lock_body' => lock_body,
-              'ttl' => expiration_time
-            },
-            condition_expression: "attribute_not_exists(lock_key)"
-          })
-          return
-        rescue Aws::DynamoDB::Errors::ConditionalCheckFailedException
-          lock_holder = current_lock_holder(bucket, codename)
-          current_time = Time.now.strftime("%Y-%m-%d %H:%M:%S")
-          $stderr.puts("[#{current_time}] Repository is locked by another user: #{lock_holder.user} at host #{lock_holder.host_with_uuid}")
-          $stderr.puts("Attempting to obtain a lock after #{wait_interval} second(s).")
+        wait_interval = [(1<<i)/10, max_wait_interval].min
+        if Deb::S3::Utils.s3_exists?(final_lockfile)
+          lock = current(codename, component, architecture, cache_control)
+          $stderr.puts("Repository is locked by another user: #{lock.user} at host #{lock.host} (phase-1)")
+          $stderr.puts("Attempting to obtain a lock after #{wait_interval} secound(s).")
           sleep(wait_interval)
+        else
+          # upload the file
+          Deb::S3::Utils.s3.put_object(
+            bucket: Deb::S3::Utils.bucket,
+            key: Deb::S3::Utils.s3_path(initial_lockfile),
+            body: lockbody,
+            content_type: "text/plain",
+            content_md5: md5_b64,
+            metadata: {
+              "md5" => md5_hex,
+            },
+          )
+          begin
+            Deb::S3::Utils.s3.copy_object(
+              bucket: Deb::S3::Utils.bucket,
+              key: Deb::S3::Utils.s3_path(final_lockfile),
+              copy_source: "/#{Deb::S3::Utils.bucket}/#{Deb::S3::Utils.s3_path(initial_lockfile)}",
+              copy_source_if_match: md5_hex,
+            )
+            return
+          rescue Aws::S3::Errors::PreconditionFailed => error
+            lock = current(codename, component, architecture, cache_control)
+            $stderr.puts("Repository is locked by another user: #{lock.user} at host #{lock.host} (phase-2)")
+            $stderr.puts("Attempting to obtain a lock after #{wait_interval} second(s).")
+            sleep(wait_interval)
+          end
         end
       end
-
-      raise "Unable to obtain a lock after #{max_attempts} attemtps, giving up."
+      # TODO: throw appropriate error class
+      raise("Unable to obtain a lock after #{max_attempts}, giving up.")
     end
 
-    def unlock(bucket, codename)
-      # dynamodb.delete_item({
-      #   table_name: DYNAMODB_TABLE_NAME,
-      #   key: {
-      #     'lock_key' => "#{bucket}/#{codename}"
-      #   }
-      # })
+    def unlock(codename, component = nil, architecture = nil, cache_control = nil)
+      Deb::S3::Utils.s3_remove(initial_lock_path(codename, component, architecture, cache_control))
+      Deb::S3::Utils.s3_remove(lock_path(codename, component, architecture, cache_control))
     end
 
-    def current_lock_holder(bucket, codename)
-      response = dynamodb.get_item({
-        table_name: DYNAMODB_TABLE_NAME,
-        key: {
-          'lock_key' => "#{bucket}/#{codename}"
-        }
-      })
-
-      if response.item
-        lockdata = response.item['lock_body']
-        user, host_with_uuid = lockdata.split("@", 2)
-        Deb::S3::Lock.new(user, host_with_uuid)
+    def current(codename, component = nil, architecture = nil, cache_control = nil)
+      lockbody = Deb::S3::Utils.s3_read(lock_path(codename, component, architecture, cache_control))
+      if lockbody
+        user, host_with_uuid = lockbody.to_s.split("@", 2)
+        lock = Deb::S3::Lock.new(user, host_with_uuid)
       else
-        Deb::S3::Lock.new("unknown", "unknown")
+        lock = Deb::S3::Lock.new("unknown", "unknown")
       end
+      lock
     end
 
-    def delete_expired_lock(bucket, codename)
-      response = dynamodb.get_item({
-        table_name: DYNAMODB_TABLE_NAME,
-        key: {
-          'lock_key' => "52"
-        }
-      })
-      $stderr.puts("hi: #{response.item['ttl']} #{response.item['lock_body']} #{response.item['lock_key']}]")
-      
-      return unless response.item
-      
-      if response.item['ttl'] && Time.now.to_i > response.item['ttl'].to_i
-        lockdata = response.item['lock_body']
-        user, _ = lockdata.split("@", 2)
-        $stderr.puts("hello")
-        
-        delete_response = nil
-    
-        begin
-          delete_response = dynamodb.delete_item({
-            table_name: DYNAMODB_TABLE_NAME,
-            key: {
-              'lock_key' => "52"
-            },
-            return_values: 'ALL_OLD'
-          })
-        rescue Aws::DynamoDB::Errors::ServiceError => e
-          $stderr.puts("Error deleting lock: #{e.message}")
-          return
-        end
-        $stderr.puts("Expired lock detected and deleted for #{bucket}/#{codename}. Lock was held by user: #{user}.")
-    
-        if delete_response.attributes
-          current_time = Time.now.strftime("%Y-%m-%d %H:%M:%S")
-          $stderr.puts("[#{current_time}] Expired lock detected and deleted for #{bucket}/#{codename}. Lock was held by user: #{user}.")
-        end
-      end
+    private
+    def initial_lock_path(codename, component = nil, architecture = nil, cache_control = nil)
+      "dists/#{codename}/lockfile.lock"
     end
-    
-    
-       
 
-    private :dynamodb, :validate_environment_variables!
+    def lock_path(codename, component = nil, architecture = nil, cache_control = nil)
+      #
+      # Acquire repository lock at `codename` level to avoid race between concurrent upload attempts.
+      #
+      # * `deb-s3 upload --arch=all` touchs multiples of `dists/{codename}/{component}/binary-*/Packages*`
+      # * All `deb-s3 upload` touchs `dists/{codename}/Release`
+      #
+      "dists/#{codename}/lockfile"
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: deb-s3-lock-fix
 version: !ruby/object:Gem::Version
-  version: 0.11.8.fix0.6
+  version: 0.11.8.fix1
 platform: ruby
 authors:
 - Braeden Wolf & Ken Robertson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-10-17 00:00:00.000000000 Z
+date: 2023-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -38,20 +38,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1'
-- !ruby/object:Gem::Dependency
-  name: aws-sdk-dynamodb
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -80,8 +66,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '11'
-description: Fork of deb-s3 with fix for locking. Original work by Ken Robertson.
-email: braeden.wolf@sanctuary.ai & ken@invalidlogic.com
+description: Fork of deb-s3 with a specific fix for locking. Original work by Ken
+  Robertson.
+email: braedenwolf@outlook.com & ken@invalidlogic.com
 executables:
 - deb-s3
 extensions: []
@@ -98,7 +85,7 @@ files:
 - lib/deb/s3/templates/package.erb
 - lib/deb/s3/templates/release.erb
 - lib/deb/s3/utils.rb
-homepage: https://gitlab.com/sanctuaryai/precog2/infrastructure/deb-s3-lock-fix
+homepage: https://github.com/braedenwolf/deb-s3-lock-fix
 licenses:
 - MIT
 metadata: {}
@@ -120,5 +107,5 @@ requirements: []
 rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
-summary: Easily create and manage an APT repository on S3 with lock fix.
+summary: Easily create and manage an APT repository on S3 (with specific lock fix).
 test_files: []