Debian Bug report logs - #642608
/usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds

version graph

Package: dpkg-dev; Maintainer for dpkg-dev is Dpkg Developers <debian-dpkg@lists.debian.org>; Source for dpkg-dev is src:dpkg.

Reported by: James Vega <jamessan@debian.org>

Date: Sat, 24 Sep 2011 13:27:02 UTC

Severity: important

Found in versions 1.16.1, dpkg/1.16.2~really1.16.1.2

Fixed in versions dpkg/1.16.2~wipmultiarch, dpkg/1.16.2

Done: Guillem Jover <guillem@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Sat, 24 Sep 2011 13:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to James Vega <jamessan@debian.org>:
New Bug report received and forwarded. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Sat, 24 Sep 2011 13:27:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: James Vega <jamessan@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Sat, 24 Sep 2011 09:25:44 -0400
[Message part 1 (text/plain, inline)]
Package: dpkg-dev
Version: 1.16.1
Severity: important
File: /usr/bin/dpkg-gencontrol
User: dpkg@packages.debian.org
Usertags: dpkg-gencontrol

dpkg-gencontrol generates a tempfile, debian/files.new, and then
attempts to rename that back to debian/files when it's done generating
the files.new.  This can easily break when parallel builds are happening
as independent dpkg-gencontrol runs may rename files.new out from
underneath each other.  This happened in a recent build of the Vim
package[0].

dpkg-distaddfile has a similar problem, although I think that's less
likely to be encountered since it's not used as much.

[0]: https://buildd.debian.org/status/fetch.php?pkg=vim&arch=amd64&ver=2%3A7.3.315-1&stamp=1316428720

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (100, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dpkg-dev depends on:
ii  base-files    6.5                  
ii  binutils      2.21.53.20110910-1   
ii  bzip2         1.0.5-7              
ii  libdpkg-perl  1.16.1               
ii  make          3.81-8.1             
ii  patch         2.6.1.85-423d-3      
ii  xz-utils      5.1.1alpha+20110809-2

Versions of packages dpkg-dev recommends:
ii  build-essential          11.5     
ii  fakeroot                 1.18-1   
ii  gcc [c-compiler]         4:4.6.1-2
ii  gcc-4.4 [c-compiler]     4.4.6-11 
ii  gcc-4.5 [c-compiler]     4.5.3-9  
ii  gcc-4.6 [c-compiler]     4.6.1-11 
ii  gnupg                    1.4.11-3 
ii  gpgv                     1.4.11-3 
ii  libalgorithm-merge-perl  0.08-2   

Versions of packages dpkg-dev suggests:
ii  debian-keyring  2011.08.07

-- no debconf information

-- 
James
GPG Key: 1024D/61326D40 2003-09-02 James Vega <jamessan@debian.org>
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Mon, 10 Oct 2011 13:06:20 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Mon, 10 Oct 2011 13:06:22 GMT) Full text and rfc822 format available.

Message #10 received at 642608@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: James Vega <jamessan@debian.org>, 642608@bugs.debian.org
Subject: Re: Bug#642608: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Mon, 10 Oct 2011 15:05:31 +0200
On Sat, 24 Sep 2011, James Vega wrote:
> dpkg-gencontrol generates a tempfile, debian/files.new, and then
> attempts to rename that back to debian/files when it's done generating
> the files.new.  This can easily break when parallel builds are happening
> as independent dpkg-gencontrol runs may rename files.new out from
> underneath each other.  This happened in a recent build of the Vim
> package[0].

I wonder what's the best way to fix this. Using flock() on
debian/files.new is not really enough since the file is renamed
at the end of the process.

Ideally we should use a persistent debian/files.lck that can be safely
flock()ed but this temporary file would not be cleaned by any current
package, meaning that it would lead to cruft in source packages.

The cleanest approach I see is to try to lock the file in a loop
until the file is still here (meaning there was no contention and thus
no other instance that dropped the file after we opened it and while we
were waiting for the lock):

while (1) {
    open(LOCK, ">>", "debian/files.lck");
    flock(LOCK, LOCK_EX);
    last if -e "debian/files.lck";
    close(LOCK);
}
# Put code updating debian/files here
unlink("debian/files.lck");
flock(LOCK, LOCK_UN);
close(LOCK);

(Ignore the lack of error checking, it's only to explain)

Does anyone see possible problems with this approach? Or has anyone
something cleaner to suggest?

Would it make sense to factorize the logic above in 2 functions
in Dpkg::Path?

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Pre-order a copy of the Debian Administrator's Handbook and help
liberate it: http://debian-handbook.info/go/ulule-rh/




Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Mon, 10 Oct 2011 20:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guillem Jover <guillem@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Mon, 10 Oct 2011 20:42:03 GMT) Full text and rfc822 format available.

Message #15 received at 642608@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: Raphael Hertzog <hertzog@debian.org>, 642608@bugs.debian.org
Cc: James Vega <jamessan@debian.org>
Subject: Re: Bug#642608: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Mon, 10 Oct 2011 22:39:19 +0200
On Mon, 2011-10-10 at 15:05:31 +0200, Raphael Hertzog wrote:
> On Sat, 24 Sep 2011, James Vega wrote:
> > dpkg-gencontrol generates a tempfile, debian/files.new, and then
> > attempts to rename that back to debian/files when it's done generating
> > the files.new.  This can easily break when parallel builds are happening
> > as independent dpkg-gencontrol runs may rename files.new out from
> > underneath each other.  This happened in a recent build of the Vim
> > package[0].
> 
> I wonder what's the best way to fix this. Using flock() on
> debian/files.new is not really enough since the file is renamed
> at the end of the process.
>
> Ideally we should use a persistent debian/files.lck that can be safely
> flock()ed but this temporary file would not be cleaned by any current
> package, meaning that it would lead to cruft in source packages.
> 
> The cleanest approach I see is to try to lock the file in a loop
> until the file is still here (meaning there was no contention and thus
> no other instance that dropped the file after we opened it and while we
> were waiting for the lock):
> 
> while (1) {
>     open(LOCK, ">>", "debian/files.lck");
>     flock(LOCK, LOCK_EX);
>     last if -e "debian/files.lck";
>     close(LOCK);
> }
> # Put code updating debian/files here
> unlink("debian/files.lck");
> flock(LOCK, LOCK_UN);
> close(LOCK);

> Does anyone see possible problems with this approach? Or has anyone
> something cleaner to suggest?

This is inherently racy, if a process A is modifying the file, and
process B waiting on the lock, when A removes the file, a process C
could create and lock a new file, which would not share the lock with
B, and both C and B would proceed to stomp on each other. In addition
this might not support NFS on some systems.

The correct solution would be to lock a file we know must be there, so
that there's no race condition and no possible cruft leftover. For
example debian/control or debian/changelog (or the file arguments
specified on the command line). Also we should be using fcntl(2)
instead of flock(2) to get NFS support, but this seems tricky on perl?

> Would it make sense to factorize the logic above in 2 functions
> in Dpkg::Path?

I guess it depends on the complexity of the stuff we end up with.

regards,
guillem




Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Tue, 11 Oct 2011 06:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Tue, 11 Oct 2011 06:39:04 GMT) Full text and rfc822 format available.

Message #20 received at 642608@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Guillem Jover <guillem@debian.org>
Cc: 642608@bugs.debian.org, James Vega <jamessan@debian.org>
Subject: Re: Bug#642608: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Tue, 11 Oct 2011 08:34:48 +0200
On Mon, 10 Oct 2011, Guillem Jover wrote:
> The correct solution would be to lock a file we know must be there, so
> that there's no race condition and no possible cruft leftover. For
> example debian/control or debian/changelog (or the file arguments
> specified on the command line).

What do you mean with "file arguments"? if you mean "debian/files" then
it won't work as that file is replaced with rename() so we're back to the
initial situation where you can have a lock on the now deleted/replaced
file.

Using debian/control would work but it doesn't seem very clean.

> Also we should be using fcntl(2) instead of flock(2) to get NFS support,
> but this seems tricky on perl?

Not really, it's a built-in function on systems that support it. The
question is whether we have to care about systems that do not support it.

Perl's flock() is the recommended interface because it will use whatever
is supported among flock(), fnctl() and lockf() so it's more
portable.


I have another idea to propose. Create "debian/files.new" with
O_CREAT|O_EXCL and if it fails with EEXIST, sleep for Xms and try again.
It's not optimal in the sense that we're not going to sleep
exactly the required amount of time, but at least it doesn't involve
messing with unrelated files.

A third solution would be to use semaphores...

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Pre-order a copy of the Debian Administrator's Handbook and help
liberate it: http://debian-handbook.info/go/ulule-rh/




Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Tue, 11 Oct 2011 07:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Nieder <jrnieder@gmail.com>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Tue, 11 Oct 2011 07:36:03 GMT) Full text and rfc822 format available.

Message #25 received at 642608@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: Raphael Hertzog <hertzog@debian.org>
Cc: 642608@bugs.debian.org, James Vega <jamessan@debian.org>
Subject: Re: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Tue, 11 Oct 2011 02:28:24 -0500
Raphael Hertzog wrote:

> I have another idea to propose. Create "debian/files.new" with
> O_CREAT|O_EXCL and if it fails with EEXIST, sleep for Xms and try again.

That sounds right to me fwiw.  Fortunately dpkg-gencontrol opens
$fileslistfile.new for writing before opening $fileslistfile for
reading, meaning this would do just the right thing.




Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Tue, 11 Oct 2011 12:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guillem Jover <guillem@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Tue, 11 Oct 2011 12:00:26 GMT) Full text and rfc822 format available.

Message #30 received at 642608@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: Raphael Hertzog <hertzog@debian.org>, 642608@bugs.debian.org
Cc: James Vega <jamessan@debian.org>
Subject: Re: Bug#642608: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Tue, 11 Oct 2011 13:56:11 +0200
On Tue, 2011-10-11 at 08:34:48 +0200, Raphael Hertzog wrote:
> On Mon, 10 Oct 2011, Guillem Jover wrote:
> > The correct solution would be to lock a file we know must be there, so
> > that there's no race condition and no possible cruft leftover. For
> > example debian/control or debian/changelog (or the file arguments
> > specified on the command line).
> 
> What do you mean with "file arguments"? if you mean "debian/files" then
> it won't work as that file is replaced with rename() so we're back to the
> initial situation where you can have a lock on the now deleted/replaced
> file.

I meant the arguments to options -c or -l.

> Using debian/control would work but it doesn't seem very clean.

Well it seems to be in theory the most correct, simple and clean
solution to me (except for perl making things difficult in general).
A file known to exist is just being used for locking, nothing more.
All other solutions just seem inferior in one way or another.

> > Also we should be using fcntl(2) instead of flock(2) to get NFS support,
> > but this seems tricky on perl?
> 
> Not really, it's a built-in function on systems that support it. The
> question is whether we have to care about systems that do not support it.

I'm assuming you mean it's not tricky. But to lock using fcntl(2) the
function needs a struct flock which would need to be packed from the
perl code, but the order of its members is not standardized anywhere,
and sizeof(off_t) might vary, that's what seems tricky to me. About the
system supporting fcntl(2), well it must, otherwise dpkg itself will
not work.

The easy solution to this would seem to be to package something like
the perl File::FcntlLock module:

  <http://search.cpan.org/~jtt/File-FcntlLock-0.12/>

I also considered as a possibility rewritting dpkg-distaddfile in C
or creating a trival C helper to update debian/files, which I started
locally but discared as it seems File::FcntlLock is a way way better
solution, better even than reinventing ourselves such XS perl module,
and avoids needing to create a new arch:any package to put any of
those in.

> Perl's flock() is the recommended interface because it will use whatever
> is supported among flock(), fnctl() and lockf() so it's more
> portable.

Availability of the interface here is not an issue as mentioned before
dpkg just needs fcntl(2), but portability is, given that we cannot
just hardcode struct flock layout in the perl code. Also using perl's
flock makes it an unreliable interface as it depends on what perl is
going to use internally, and it might end up using the wrong underlying
interface.

> I have another idea to propose. Create "debian/files.new" with
> O_CREAT|O_EXCL and if it fails with EEXIST, sleep for Xms and try again.
> It's not optimal in the sense that we're not going to sleep
> exactly the required amount of time, but at least it doesn't involve
> messing with unrelated files.

Besides the loop being somewhat suboptimal, usage of “O_CREAT | O_EXCL”
on NFS might be unreliable.

> A third solution would be to use semaphores...

A semaphore is inherently not going to work on NFS, being it a local
resource. In addition even if we ignore the NFS issue it would need to
be unique per source directory, which means we'd need to encode that
somehow reliably for SysV semaphores. And POSIX semaphores which allow
path-style names (although the name might have a lower limit than
NAME_MAX or PATH_MAX) do not seem to be supported by perl, which would
make this solution undesirable.

regards,
guillem




Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Tue, 11 Oct 2011 13:18:29 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Tue, 11 Oct 2011 13:18:31 GMT) Full text and rfc822 format available.

Message #35 received at 642608@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Guillem Jover <guillem@debian.org>
Cc: 642608@bugs.debian.org, James Vega <jamessan@debian.org>, debian-perl@lists.debian.org
Subject: Re: Bug#642608: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Tue, 11 Oct 2011 15:16:38 +0200
[ CCing debian-perl for a RFP ]

On Tue, 11 Oct 2011, Guillem Jover wrote:
> On Tue, 2011-10-11 at 08:34:48 +0200, Raphael Hertzog wrote:
> > On Mon, 10 Oct 2011, Guillem Jover wrote:
> > > Also we should be using fcntl(2) instead of flock(2) to get NFS support,
> > > but this seems tricky on perl?
> > 
> > Not really, it's a built-in function on systems that support it. The
> > question is whether we have to care about systems that do not support it.
> 
> I'm assuming you mean it's not tricky. But to lock using fcntl(2) the
> function needs a struct flock which would need to be packed from the
> perl code, but the order of its members is not standardized anywhere,
> and sizeof(off_t) might vary, that's what seems tricky to me.

Oh, right, I did not dig that far. I just checked its availability.

> The easy solution to this would seem to be to package something like
> the perl File::FcntlLock module:
> 
>   <http://search.cpan.org/~jtt/File-FcntlLock-0.12/>

Dear Debian perl team members, it would be nice if one of you could
package this module. :-)

> I also considered as a possibility rewritting dpkg-distaddfile in C
> or creating a trival C helper to update debian/files, which I started
> locally but discared as it seems File::FcntlLock is a way way better
> solution, better even than reinventing ourselves such XS perl module,
> and avoids needing to create a new arch:any package to put any of
> those in.

It adds a new dependency to dpkg-dev but I guess it's ok since that
module must be relatively trivial and portable.

> Availability of the interface here is not an issue as mentioned before
> dpkg just needs fcntl(2), but portability is, given that we cannot
> just hardcode struct flock layout in the perl code. Also using perl's
> flock makes it an unreliable interface as it depends on what perl is
> going to use internally, and it might end up using the wrong underlying
> interface.

The perl we have would use flock() since it's not built with -Du_flock.
So it would indeed not work over NFS.

> > I have another idea to propose. Create "debian/files.new" with
> > O_CREAT|O_EXCL and if it fails with EEXIST, sleep for Xms and try again.
> > It's not optimal in the sense that we're not going to sleep
> > exactly the required amount of time, but at least it doesn't involve
> > messing with unrelated files.
> 
> Besides the loop being somewhat suboptimal, usage of “O_CREAT | O_EXCL”
> on NFS might be unreliable.

The documentation mentions a work around:

  Portable programs that want to perform atomic file locking using a lockfile,
  and need to avoid reliance on NFS support for O_EXCL, can  create  a  unique
  file on the same file system (e.g., incorporating hostname and PID), and use
  link(2) to make a link to the lockfile.  If link(2) returns 0, the  lock  is
  successful.   Otherwise, use stat(2) on the unique file to check if its link
  count has increased to 2, in which case the lock is also successful.

Would this be better?

If I get this right it's:
while (1) {
  open(LOCK, ">", "debian/files.new.$$")
  my $ok = link("debian/files.new.$$", "debian/files.new")
  if (!ok) {
    my @st = stat("debian/files.new.$$") || syserr("");
    $ok = 1 if $st[3] == 2;
  }
  unlink("debian/files.new.$$") || syserr("");
  last if $ok;
  sleep(1); # Or rather usleep from Time::HiRes
}

I'm not sure what case it covers to check for the link count on a failure...

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Pre-order a copy of the Debian Administrator's Handbook and help
liberate it: http://debian-handbook.info/go/ulule-rh/




Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Tue, 11 Oct 2011 20:27:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julián Moreno Patiño <darkjunix@gmail.com>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Tue, 11 Oct 2011 20:27:06 GMT) Full text and rfc822 format available.

Message #40 received at 642608@bugs.debian.org (full text, mbox):

From: Julián Moreno Patiño <darkjunix@gmail.com>
To: 642608@bugs.debian.org, debian-perl@lists.debian.org
Subject: Re: Bug#642608: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Tue, 11 Oct 2011 15:24:53 -0500
[Message part 1 (text/plain, inline)]
Hi,

> The easy solution to this would seem to be to package something like
> > the perl File::FcntlLock module:
> >
> >   <http://search.cpan.org/~jtt/File-FcntlLock-0.12/>
>
> Dear Debian perl team members, it would be nice if one of you could
> package this module. :-)


Done[0], I am waiting to review in GNU Debian Perl Team :) !

[0]
http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libfile-fcntllock-perl.git

Kind regards,

-- 
Julián Moreno Patiño
 .''`. Debian GNU/{Linux,KfreeBSD}
: :' : Free Operating Systems
`. `'  http://debian.org/
  `-   PGP KEY ID 6168BF60
Registered GNU Linux User ID 488513
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Tue, 11 Oct 2011 21:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to James Vega <jamessan@debian.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Tue, 11 Oct 2011 21:51:03 GMT) Full text and rfc822 format available.

Message #45 received at 642608@bugs.debian.org (full text, mbox):

From: James Vega <jamessan@debian.org>
To: Raphael Hertzog <hertzog@debian.org>, Guillem Jover <guillem@debian.org>, 642608@bugs.debian.org
Subject: Re: Bug#642608: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Tue, 11 Oct 2011 17:50:15 -0400
[Message part 1 (text/plain, inline)]
On Tue, Oct 11, 2011 at 03:16:38PM +0200, Raphael Hertzog wrote:
> On Tue, 11 Oct 2011, Guillem Jover wrote:
> > The easy solution to this would seem to be to package something like
> > the perl File::FcntlLock module:
> > 
> >   <http://search.cpan.org/~jtt/File-FcntlLock-0.12/>
> 
> Dear Debian perl team members, it would be nice if one of you could
> package this module. :-)

The ITP was filed[0], so that may soon be a viable option.

> > Besides the loop being somewhat suboptimal, usage of “O_CREAT | O_EXCL”
> > on NFS might be unreliable.
> 
> The documentation mentions a work around:
> 
>   Portable programs that want to perform atomic file locking using a lockfile,
>   and need to avoid reliance on NFS support for O_EXCL, can  create  a  unique
>   file on the same file system (e.g., incorporating hostname and PID), and use
>   link(2) to make a link to the lockfile.  If link(2) returns 0, the  lock  is
>   successful.   Otherwise, use stat(2) on the unique file to check if its link
>   count has increased to 2, in which case the lock is also successful.
> 
> Would this be better?
> 
> If I get this right it's:
> while (1) {
>   open(LOCK, ">", "debian/files.new.$$")
>   my $ok = link("debian/files.new.$$", "debian/files.new")
>   if (!ok) {
>     my @st = stat("debian/files.new.$$") || syserr("");
>     $ok = 1 if $st[3] == 2;
>   }
>   unlink("debian/files.new.$$") || syserr("");
>   last if $ok;
>   sleep(1); # Or rather usleep from Time::HiRes
> }
> 
> I'm not sure what case it covers to check for the link count on a failure...

From link(2):

  BUGS
         On NFS file systems, the return code may be wrong in case the NFS
         server performs the link creation and dies before it can say so.  Use
         stat(2) to find out if the link got created.

Cheers,
James

[0]: http://bugs.debian.org/645014
-- 
James
GPG Key: 1024D/61326D40 2003-09-02 James Vega <jamessan@debian.org>
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#642608; Package dpkg-dev. (Sun, 16 Oct 2011 19:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julián Moreno Patiño <darkjunix@gmail.com>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Sun, 16 Oct 2011 19:21:03 GMT) Full text and rfc822 format available.

Message #50 received at 642608@bugs.debian.org (full text, mbox):

From: Julián Moreno Patiño <darkjunix@gmail.com>
To: 642608@bugs.debian.org
Subject: Re: Bug#642608: /usr/bin/dpkg-gencontrol: Race condition with tempfile for parallel builds
Date: Sun, 16 Oct 2011 14:18:19 -0500
[Message part 1 (text/plain, inline)]
Hi Folks,

Now libfile-fcntllock-perl was accepted in unstable[0].

[0] http://lists.debian.org/debian-devel-changes/2011/10/msg01393.html

Kind regards,

-- 
Julián Moreno Patiño
 .''`. Debian GNU/{Linux,KfreeBSD}
: :' : Free Operating Systems
`. `'  http://debian.org/
  `-   PGP KEY ID 6168BF60
Registered GNU Linux User ID 488513
[Message part 2 (text/html, inline)]

Added tag(s) pending. Request was from Raphaël Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Fri, 21 Oct 2011 14:57:02 GMT) Full text and rfc822 format available.

Message sent on to James Vega <jamessan@debian.org>:
Bug#642608. (Fri, 21 Oct 2011 14:57:05 GMT) Full text and rfc822 format available.

Message #55 received at 642608-submitter@bugs.debian.org (full text, mbox):

From: Raphaël Hertzog <hertzog@debian.org>
To: 642608-submitter@bugs.debian.org
Subject: Bug#642608 marked as pending
Date: Fri, 21 Oct 2011 14:52:57 +0000
tag 642608 pending
thanks

Hello,

Bug #642608 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=dpkg/dpkg.git;a=commitdiff;h=d834b77

---
commit d834b77b5d16e453b32bd36bbb5487c910e54280
Author: Raphaël Hertzog <hertzog@debian.org>
Date:   Fri Oct 21 16:21:56 2011 +0200

    dpkg-gencontrol, dpkg-distaddfile: protect update of debian/files with a lock
    
    The lock is taken on debian/control as this is a file that we know to
    always exist. Without this lock, it's possible that the file is updated
    concurrently by two processes when parallel building is enabled (leading
    to one of them failing unexpectedly).
    
    Reported-by: James Vega <jamessan@debian.org>

diff --git a/debian/changelog b/debian/changelog
index d173a50..f01bf02 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -32,6 +32,11 @@ dpkg (1.16.2) UNRELEASED; urgency=low
     too. Closes: #595144
   * Rewrite architecture.mk with explicit loops instead of duplicating many
     similar lines. Based on a patch by Thorsten Glaser <tg@mirbsd.de>.
+  * Modify dpkg-gencontrol and dpkg-distaddfile to grab a write lock
+    on debian/control before updating debian/files to avoid simultaneous
+    updates. Closes: #642608
+    Add libfile-fcntllock-perl to dpkg-dev's Depends since we use this module
+    to handle the locking.
 
   [ Jonathan Nieder ]
   * Bump po4a version in Build-Depends to 0.41, since earlier versions do




Reply sent to Cyril Brulebois <kibi@debian.org>:
You have taken responsibility. (Tue, 31 Jan 2012 20:51:31 GMT) Full text and rfc822 format available.

Notification sent to James Vega <jamessan@debian.org>:
Bug acknowledged by developer. (Tue, 31 Jan 2012 20:51:31 GMT) Full text and rfc822 format available.

Message #60 received at 642608-close@bugs.debian.org (full text, mbox):

From: Cyril Brulebois <kibi@debian.org>
To: 642608-close@bugs.debian.org
Subject: Bug#642608: fixed in dpkg 1.16.2~multiarch
Date: Tue, 31 Jan 2012 20:48:55 +0000
Source: dpkg
Source-Version: 1.16.2~multiarch

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:

dpkg-dev_1.16.2~multiarch_all.deb
  to main/d/dpkg/dpkg-dev_1.16.2~multiarch_all.deb
dpkg_1.16.2~multiarch.dsc
  to main/d/dpkg/dpkg_1.16.2~multiarch.dsc
dpkg_1.16.2~multiarch.tar.bz2
  to main/d/dpkg/dpkg_1.16.2~multiarch.tar.bz2
dpkg_1.16.2~multiarch_amd64.deb
  to main/d/dpkg/dpkg_1.16.2~multiarch_amd64.deb
dselect_1.16.2~multiarch_amd64.deb
  to main/d/dpkg/dselect_1.16.2~multiarch_amd64.deb
libdpkg-dev_1.16.2~multiarch_amd64.deb
  to main/d/dpkg/libdpkg-dev_1.16.2~multiarch_amd64.deb
libdpkg-perl_1.16.2~multiarch_all.deb
  to main/d/dpkg/libdpkg-perl_1.16.2~multiarch_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 642608@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cyril Brulebois <kibi@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 31 Jan 2012 16:07:32 +0100
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.16.2~multiarch
Distribution: experimental
Urgency: low
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 192619 367608 427945 595144 608884 627832 636238 642473 642608 642802 643746 643969 644370 646496 647915 648180 648217 649248 651481 651813 651993 652414 653575 654453 654626 655411 656496
Changes: 
 dpkg (1.16.2~multiarch) experimental; urgency=low
 .
   [ Cyril Brulebois ]
   * Non-maintainer upload. Let's push multiarch to the masses.
 .
   [ Guillem Jover ]
   * Move <config.h> and <compat.h> to the top of trigdeferred.l to properly
     use the configured features and compat code.
   * Honour --disable-nls when the system lacks obstack support, by updating
     the obstack compat module from gnulib.
   * Link the libdpkg unit tests with libcompat and libintl, so that systems
     needing them will compile correctly.
   * Check for the presence of the strnlen declaration and correctly provide
     the compat one in case the systems lacks it.
   * Do not assume existence of paths on the build system in the test suite.
   * Do not fail to link dselect on MacOS X when using --disable-nls.
   * Remove versioned coreutils Pre-Depends from dpkg due to the ancient
     md5sum transition. Reported by Bill Allombert <ballombe@debian.org>.
     Closes: #643746
   * Change dpkg-architecture to only compute the requested variables. This:
     - Fixes the bootstrapping problem, as the dpkg build system only needs
       the host architecture, for which dpkg itself is not required.
     - Reduces the amount of work performed, including loading and parsing
       unnecessary table files or calling either of gcc or dpkg programs.
   * Improve error message in dpkg-gencontrol and dpkg-gensymbols when
     debian/control does not have any package stanza. Closes: #642473
     Based on a patch by Kyle Willmon <kylewillmon@gmail.com>.
   * Add Pre-Depends on tar >= 1.23 (satisfied in stable) to dpkg due to it
     using the ‘--warning=no-timestamp’ option. Closes: #642802
   * Do not segfault on GNU/Linux when dpkg cannot retrieve the block size
     for the filesystem containing the info database. LP: #872734
   * Fix two memory leaks per tar entry in the tar extractor used on unpack.
   * Mark dpkg and dselect as Multi-Arch foreign.
     Reported by Steve Langasek <vorlon@debian.org>.
   * Mark dpkg-dev and libdpkg-perl as Multi-Arch foreign. Closes: #648217
     Thanks to Colin Watson <cjwatson@ubuntu.com>.
   * Add new deb-origin.5 man page. Closes: #608884
     Thanks to Matt Kraai <kraai@ftbfs.org>.
   * Return correct status on start-stop-daemon --status when using --pidfile.
   * Treat dpkg-deb compression level independently for each backend. This
     has the effect of changing the current behaviour for level 0 on all
     compressors except gzip.
   * Add new dpkg-deb -S option to specify the compression strategy. The only
     currently supported value is “extreme” for xz. Closes: #647915
   * Stop using brace expansion to install man pages by using dh_installman
     instead of dh_install, the former does not abort on empty glob expansion.
   * Do not use absolute paths for programs in perl and shell code.
   * Add missing ‘*’ in asprintf() and vasprintf() compat declarations.
   * Add support for virtual output binary:Summary and db:Status-Abbrev fields.
     Closes: #192619, #427945
   * Add support for virtual output source:Package and source:Version fields.
     Closes: #653575
   * Use a different temporary file per process on libcompat's vsnprintf()
     function to avoid race conditions from children after fork(3).
     Reported by Daniel Ruoso <daniel@ruoso.com>. Closes: #655411
   * Fix start-stop-daemon --exec and --name options on FreeBSD, NetBSD and
     OpenBSD by swapping the process matching implementations.
   * Fix start-stop-daemon --name option on GNU/Hurd to match the process name.
   * Document in more detail the implications of start-stop-daemon matching
     options. Closes: #367608
   * Improve and clarify dpkg-shlibdeps superfluous linking warning messages.
     Based on a patch by Peter Eisentraut <petere@debian.org>. Closes: #656496
 .
   [ Raphaël Hertzog ]
   * Update Dpkg::Shlibs to look into multiarch paths when cross-building
     too. Closes: #595144
   * Rewrite architecture.mk with explicit loops instead of duplicating many
     similar lines. Based on a patch by Thorsten Glaser <tg@mirbsd.de>.
   * Modify dpkg-gencontrol and dpkg-distaddfile to grab a write lock
     on debian/control before updating debian/files to avoid simultaneous
     updates. Closes: #642608
     Add libfile-fcntllock-perl to dpkg-dev's Depends since we use this module
     to handle the locking.
   * Update dpkg-gensymbols(1) to clarify that -e accepts shell patterns
     expansions and not regular expressions. And let dpkg-gensymbols output a
     warning when a pattern doesn't match any file. Closes: #649248
   * Add new option "-a <arch>" to dpkg-checkbuilddeps to check build
     dependencies for another architecture. This is really basic for now since
     it assumes all build dependencies must be satisfied on the listed
     architecture. Closes: #648180 Thanks to Colin Watson for the patch.
   * Error out if a dpkg database .list file is not a regular file. LP: #369898
   * Fix dpkg-mergechangelogs to not error out on invalid versions.
     Closes: #651993
   * Fix dpkg-source --commit on "3.0 (quilt)" when an explicit patch file
     is given with a relative filename. Closes: #652414
   * Further clarify in dpkg-source(1) the conditions under which it's possible
     to pass an explicit patch file to dpkg-source --commit.
   * Add new --query-features command to dpkg-buildflags. Thanks to Kees Cook
     for the patch. Closes: #651481
   * Fix description of Multi-Arch in deb-control(5). Closes: #654453
     Thanks to Jakub Wilk for spotting the mistake.
   * Drop misleading spaces in deb-symbols(5) in the format description.
   * Clean up dpkg-architecture(1) dropping useless information and
     adding a reference to /usr/share/dpkg/architecture.mk.
 .
   [ Jonathan Nieder ]
   * Bump po4a version in Build-Depends to 0.41, since earlier versions do
     not handle --srcdir correctly. Closes: #644370
 .
   [ Helge Kreutzmann ]
   * Fix a typo in man/dpkg-deb.1.
 .
   [ Updated dpkg translations ]
   * German (Sven Joachim).
   * Italian (Milo Casagrande). Closes: #627832
   * Swedish (Peter Krefting).
   * French (Christian Perrier)
 .
   [ Updated scripts translations ]
   * German (Helge Kreutzmann).
   * Spanish (Omar Campagne). Closes: #636238
   * Swedish (Peter Krefting).
 .
   [ Updated man page translations ]
   * German (Helge Kreutzmann), including typo fix in dpkg-genchanges
     Closes: #646496, sub optimal translation of package states LP: #368783
     and an fix by Chris Leick
   * Japanese (TAKAHASHI Motonobu).
   * Spanish (Omar Campagne). Closes: #643969
   * Swedish (Peter Krefting).
   * Minor errors corrected in French (thanks to David Prévot)
   * Fix translation of -B and -A options of dpkg-buildpackage.
     Thanks to Vincent Danjean. Closes: #654626
 .
   [ Updated dselect translations ]
   * Dutch (Jeroen Schot). Closes: #651813
Checksums-Sha1: 
 19d03327305ffe77a9a27cf2a97a1374a53d80c2 1402 dpkg_1.16.2~multiarch.dsc
 6791139ea5264dcf3b3f50145122c070217c77ee 5588042 dpkg_1.16.2~multiarch.tar.bz2
 5ace0fd530081b49d640062f831c24f953ae25a9 605912 libdpkg-dev_1.16.2~multiarch_amd64.deb
 fc6757f3914b99c84e46a4f10d568e10dff32363 2088674 dpkg_1.16.2~multiarch_amd64.deb
 c4092ecb5792ec2b95b378f35c699d16d46c104a 999194 dselect_1.16.2~multiarch_amd64.deb
 65f4ae079843f683a0fdc651c7d414d19fda6d3a 632066 dpkg-dev_1.16.2~multiarch_all.deb
 34e1227bfbff9e3f8d137775fa882e02f887ac9a 851502 libdpkg-perl_1.16.2~multiarch_all.deb
Checksums-Sha256: 
 91f596241ecebfac200bed00292ee9e2805fa00c97fa8991ebdf61775c6ac8ab 1402 dpkg_1.16.2~multiarch.dsc
 73ef3f3d188570ec0c954155fdc9da84c3623903d1d4ff21199285294d53747c 5588042 dpkg_1.16.2~multiarch.tar.bz2
 7166741d526899e12ca1a8a4dfc2ebaa48a639a7488a3a6c595d3ce8ccf488c2 605912 libdpkg-dev_1.16.2~multiarch_amd64.deb
 2f1722960e3d125d346af8f8ac257dd410924dab9b3cbbe99f31bd6f4ea4250a 2088674 dpkg_1.16.2~multiarch_amd64.deb
 9b036c4345d4410e5f0c32a43b35da397a43741a5270eb27244ef675fae04c10 999194 dselect_1.16.2~multiarch_amd64.deb
 1766ecaccc0c35fea78270157bc4e05424f7a38818f427fe4264273c9e656205 632066 dpkg-dev_1.16.2~multiarch_all.deb
 0094a37fb449957d457ab17f79a2d63ec28771c843109f4c10fcd118e159e55f 851502 libdpkg-perl_1.16.2~multiarch_all.deb
Files: 
 46f0ccf05408e6482a1df89d26c9d64e 1402 admin required dpkg_1.16.2~multiarch.dsc
 1fa36a11e3668cb7d0859a11c5f74f9b 5588042 admin required dpkg_1.16.2~multiarch.tar.bz2
 8a9998e958c240804c28cd6d15170aeb 605912 libdevel optional libdpkg-dev_1.16.2~multiarch_amd64.deb
 eb093790f536a3d6d7b20b0a95ed44f5 2088674 admin required dpkg_1.16.2~multiarch_amd64.deb
 daeaadba99f639c7f89c7a2b6ddf5d20 999194 admin optional dselect_1.16.2~multiarch_amd64.deb
 5017d8e3593dfbb23de750beddec15fa 632066 utils optional dpkg-dev_1.16.2~multiarch_all.deb
 dc7213111ff8469c6187179ac166a746 851502 perl optional libdpkg-perl_1.16.2~multiarch_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8oSqMACgkQeGfVPHR5Nd1yTwCbBxbNYFb+mRuMOeyC3SRf7EdQ
zdkAmwVycK9u5n4lMiuuNkVfg9OgJiC9
=+ZZ4
-----END PGP SIGNATURE-----





Bug No longer marked as fixed in versions dpkg/1.16.2~multiarch and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 01 Feb 2012 00:42:09 GMT) Full text and rfc822 format available.

Bug Marked as found in versions dpkg/1.16.2~really1.16.1.2. Request was from Clint Adams <clint@debian.org> to control@bugs.debian.org. (Wed, 01 Feb 2012 02:09:07 GMT) Full text and rfc822 format available.

Reply sent to Guillem Jover <guillem@debian.org>:
You have taken responsibility. (Mon, 06 Feb 2012 00:06:44 GMT) Full text and rfc822 format available.

Notification sent to James Vega <jamessan@debian.org>:
Bug acknowledged by developer. (Mon, 06 Feb 2012 00:06:44 GMT) Full text and rfc822 format available.

Message #69 received at 642608-close@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: 642608-close@bugs.debian.org
Subject: Bug#642608: fixed in dpkg 1.16.2~wipmultiarch
Date: Mon, 06 Feb 2012 00:02:22 +0000
Source: dpkg
Source-Version: 1.16.2~wipmultiarch

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:

dpkg-dev_1.16.2~wipmultiarch_all.deb
  to main/d/dpkg/dpkg-dev_1.16.2~wipmultiarch_all.deb
dpkg_1.16.2~wipmultiarch.dsc
  to main/d/dpkg/dpkg_1.16.2~wipmultiarch.dsc
dpkg_1.16.2~wipmultiarch.tar.bz2
  to main/d/dpkg/dpkg_1.16.2~wipmultiarch.tar.bz2
dpkg_1.16.2~wipmultiarch_amd64.deb
  to main/d/dpkg/dpkg_1.16.2~wipmultiarch_amd64.deb
dselect_1.16.2~wipmultiarch_amd64.deb
  to main/d/dpkg/dselect_1.16.2~wipmultiarch_amd64.deb
libdpkg-dev_1.16.2~wipmultiarch_amd64.deb
  to main/d/dpkg/libdpkg-dev_1.16.2~wipmultiarch_amd64.deb
libdpkg-perl_1.16.2~wipmultiarch_all.deb
  to main/d/dpkg/libdpkg-perl_1.16.2~wipmultiarch_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 642608@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <guillem@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 05 Feb 2012 23:39:40 +0100
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.16.2~wipmultiarch
Distribution: experimental
Urgency: low
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 192619 229357 367608 427945 595144 608884 627832 636238 642473 642608 642802 643746 643969 644370 646496 647915 648180 648217 649248 651481 651813 651993 652414 653575 654453 654626 655411 656496 657849
Changes: 
 dpkg (1.16.2~wipmultiarch) experimental; urgency=low
 .
   This is a WIP release, command line interfaces *will* change.
 .
   [ Guillem Jover ]
   * Move <config.h> and <compat.h> to the top of trigdeferred.l to properly
     use the configured features and compat code.
   * Honour --disable-nls when the system lacks obstack support, by updating
     the obstack compat module from gnulib.
   * Link the libdpkg unit tests with libcompat and libintl, so that systems
     needing them will compile correctly.
   * Check for the presence of the strnlen declaration and correctly provide
     the compat one in case the systems lacks it.
   * Do not assume existence of paths on the build system in the test suite.
   * Do not fail to link dselect on MacOS X when using --disable-nls.
   * Remove versioned coreutils Pre-Depends from dpkg due to the ancient
     md5sum transition. Reported by Bill Allombert <ballombe@debian.org>.
     Closes: #643746
   * Change dpkg-architecture to only compute the requested variables. This:
     - Fixes the bootstrapping problem, as the dpkg build system only needs
       the host architecture, for which dpkg itself is not required.
     - Reduces the amount of work performed, including loading and parsing
       unnecessary table files or calling either of gcc or dpkg programs.
   * Improve error message in dpkg-gencontrol and dpkg-gensymbols when
     debian/control does not have any package stanza. Closes: #642473
     Based on a patch by Kyle Willmon <kylewillmon@gmail.com>.
   * Add Pre-Depends on tar >= 1.23 (satisfied in stable) to dpkg due to it
     using the ‘--warning=no-timestamp’ option. Closes: #642802
   * Do not segfault on GNU/Linux when dpkg cannot retrieve the block size
     for the filesystem containing the info database. LP: #872734
   * Fix two memory leaks per tar entry in the tar extractor used on unpack.
   * Mark dpkg and dselect as Multi-Arch foreign.
     Reported by Steve Langasek <vorlon@debian.org>.
   * Mark dpkg-dev and libdpkg-perl as Multi-Arch foreign. Closes: #648217
     Thanks to Colin Watson <cjwatson@ubuntu.com>.
   * Add new deb-origin.5 man page. Closes: #608884
     Thanks to Matt Kraai <kraai@ftbfs.org>.
   * Return correct status on start-stop-daemon --status when using --pidfile.
   * Treat dpkg-deb compression level independently for each backend. This
     has the effect of changing the current behaviour for level 0 on all
     compressors except gzip.
   * Add new dpkg-deb -S option to specify the compression strategy. The only
     currently supported value is “extreme” for xz. Closes: #647915
   * Stop using brace expansion to install man pages by using dh_installman
     instead of dh_install, the former does not abort on empty glob expansion.
   * Do not use absolute paths for programs in perl and shell code.
   * Add missing ‘*’ in asprintf() and vasprintf() compat declarations.
   * Add support for virtual output binary:Summary and db:Status-Abbrev fields.
     Closes: #192619, #427945
   * Add support for virtual output source:Package and source:Version fields.
     Closes: #653575
   * Use a different temporary file per process on libcompat's vsnprintf()
     function to avoid race conditions from children after fork(3).
     Reported by Daniel Ruoso <daniel@ruoso.com>. Closes: #655411
   * Fix start-stop-daemon --exec and --name options on FreeBSD, NetBSD and
     OpenBSD by swapping the process matching implementations.
   * Fix start-stop-daemon --name option on GNU/Hurd to match the process name.
   * Document in more detail the implications of start-stop-daemon matching
     options. Closes: #367608
   * Improve and clarify dpkg-shlibdeps superfluous linking warning messages.
     Based on a patch by Peter Eisentraut <petere@debian.org>. Closes: #656496
 .
   [ Raphaël Hertzog ]
   * Update Dpkg::Shlibs to look into multiarch paths when cross-building
     too. Closes: #595144
   * Rewrite architecture.mk with explicit loops instead of duplicating many
     similar lines. Based on a patch by Thorsten Glaser <tg@mirbsd.de>.
   * Modify dpkg-gencontrol and dpkg-distaddfile to grab a write lock
     on debian/control before updating debian/files to avoid simultaneous
     updates. Closes: #642608
     Add libfile-fcntllock-perl to dpkg-dev's Depends since we use this module
     to handle the locking.
   * Update dpkg-gensymbols(1) to clarify that -e accepts shell patterns
     expansions and not regular expressions. And let dpkg-gensymbols output a
     warning when a pattern doesn't match any file. Closes: #649248
   * Add new option "-a <arch>" to dpkg-checkbuilddeps to check build
     dependencies for another architecture. This is really basic for now since
     it assumes all build dependencies must be satisfied on the listed
     architecture. Closes: #648180 Thanks to Colin Watson for the patch.
   * Error out if a dpkg database .list file is not a regular file. LP: #369898
   * Fix dpkg-mergechangelogs to not error out on invalid versions.
     Closes: #651993
   * Fix dpkg-source --commit on "3.0 (quilt)" when an explicit patch file
     is given with a relative filename. Closes: #652414
   * Further clarify in dpkg-source(1) the conditions under which it's possible
     to pass an explicit patch file to dpkg-source --commit.
   * Add new --query-features command to dpkg-buildflags. Thanks to Kees Cook
     for the patch. Closes: #651481
   * Fix description of Multi-Arch in deb-control(5). Closes: #654453
     Thanks to Jakub Wilk for spotting the mistake.
   * Drop misleading spaces in deb-symbols(5) in the format description.
   * Clean up dpkg-architecture(1) dropping useless information and
     adding a reference to /usr/share/dpkg/architecture.mk.
   * Update dpkg-buildpackage to use the "build-arch" (for -B) and
     "build-indep" (for -A) targets unless "make -qn" says that they do not
     exist. Closes: #229357
 .
   [ Jonathan Nieder ]
   * Bump po4a version in Build-Depends to 0.41, since earlier versions do
     not handle --srcdir correctly. Closes: #644370
 .
   [ Helge Kreutzmann ]
   * Fix a typo in man/dpkg-deb.1.
 .
   [ Updated dpkg translations ]
   * German (Sven Joachim).
   * Italian (Milo Casagrande). Closes: #627832, #657849
   * Swedish (Peter Krefting).
   * French (Christian Perrier)
 .
   [ Updated scripts translations ]
   * German (Helge Kreutzmann).
   * Spanish (Omar Campagne). Closes: #636238
   * Swedish (Peter Krefting).
 .
   [ Updated man page translations ]
   * German (Helge Kreutzmann), including typo fix in dpkg-genchanges
     Closes: #646496, sub optimal translation of package states LP: #368783
     and an fix by Chris Leick
   * Japanese (TAKAHASHI Motonobu).
   * Spanish (Omar Campagne). Closes: #643969
   * Swedish (Peter Krefting).
   * Minor errors corrected in French (thanks to David Prévot)
   * Fix translation of -B and -A options of dpkg-buildpackage.
     Thanks to Vincent Danjean. Closes: #654626
 .
   [ Updated dselect translations ]
   * Dutch (Jeroen Schot). Closes: #651813
Checksums-Sha1: 
 5b350a13d4749a68f55688f53bd934ca33b7bc34 1414 dpkg_1.16.2~wipmultiarch.dsc
 e3c394da92562bc2bf9bb18a6832c575b32cc2a0 5569622 dpkg_1.16.2~wipmultiarch.tar.bz2
 7ce788ea96a3df3cda27c34e5769a48ccfd4cfe1 609206 libdpkg-dev_1.16.2~wipmultiarch_amd64.deb
 840f46fce0fcf7c1214924582a1100dd8d358bc4 2086476 dpkg_1.16.2~wipmultiarch_amd64.deb
 ee2acabe565079c9f1b559443bdc780079040aeb 1000514 dselect_1.16.2~wipmultiarch_amd64.deb
 a6d02b21cd5eac118de310187eae7a6bb63943c5 635810 dpkg-dev_1.16.2~wipmultiarch_all.deb
 728863e43f9185e3182eb78d807b670441e9dd94 851128 libdpkg-perl_1.16.2~wipmultiarch_all.deb
Checksums-Sha256: 
 ce7050ed905c72f823fdb183714f5b5c546e5015ec79dbdf759281c7c60faaae 1414 dpkg_1.16.2~wipmultiarch.dsc
 24b73f91f9e93ddd984172b35a52e6818c2195002ff4d5e72898712d802a3efa 5569622 dpkg_1.16.2~wipmultiarch.tar.bz2
 8a31ad426d8b7e363cce14516d73be1575b724a2683c80322c14f379b60e7efb 609206 libdpkg-dev_1.16.2~wipmultiarch_amd64.deb
 e3f3cef7dd88a5632b4139a042b8943397e512699504ca9abdf3ee97604a9208 2086476 dpkg_1.16.2~wipmultiarch_amd64.deb
 2addf6880dc5d2ee2a817519987fdc9a59751d511de4aa689b19095c0392c4b4 1000514 dselect_1.16.2~wipmultiarch_amd64.deb
 f4a65c7ebd66f7e5eba877d7a9af98ebb33ea9755fd72730d7f9416e6d0b8b7d 635810 dpkg-dev_1.16.2~wipmultiarch_all.deb
 d972b0812219c2afaca254306e8bf5e3feca49c4324924a5c5bb640447cca72d 851128 libdpkg-perl_1.16.2~wipmultiarch_all.deb
Files: 
 7c1aa845fad678163118b63c2053aee3 1414 admin required dpkg_1.16.2~wipmultiarch.dsc
 2c02844dc317beaf6d5f4e22e966813c 5569622 admin required dpkg_1.16.2~wipmultiarch.tar.bz2
 f49a6d3e6ea649b8bb36afd41258bd3c 609206 libdevel optional libdpkg-dev_1.16.2~wipmultiarch_amd64.deb
 6b3fba7d1254c0e0dda083c94e01a749 2086476 admin required dpkg_1.16.2~wipmultiarch_amd64.deb
 fec42261e17f7b60a8cb2339d8b4fa1a 1000514 admin optional dselect_1.16.2~wipmultiarch_amd64.deb
 64b69c596994b4716ed8a0f7ef6c2d0e 635810 utils optional dpkg-dev_1.16.2~wipmultiarch_all.deb
 c8e38c68397fda8dc171bc2a6d7e0c4f 851128 perl optional libdpkg-perl_1.16.2~wipmultiarch_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8vCk4ACgkQuW9ciZ2SjJuPQwCgk4tpFGkzvc7sKsBqQfzw7Dob
NDkAn3uyGGvGcL1KfN49EztspiEGaB47
=Tkrm
-----END PGP SIGNATURE-----





Reply sent to Guillem Jover <guillem@debian.org>:
You have taken responsibility. (Mon, 19 Mar 2012 09:22:50 GMT) Full text and rfc822 format available.

Notification sent to James Vega <jamessan@debian.org>:
Bug acknowledged by developer. (Mon, 19 Mar 2012 09:23:00 GMT) Full text and rfc822 format available.

Message #74 received at 642608-close@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: 642608-close@bugs.debian.org
Subject: Bug#642608: fixed in dpkg 1.16.2
Date: Mon, 19 Mar 2012 09:17:32 +0000
Source: dpkg
Source-Version: 1.16.2

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:

dpkg-dev_1.16.2_all.deb
  to main/d/dpkg/dpkg-dev_1.16.2_all.deb
dpkg_1.16.2.dsc
  to main/d/dpkg/dpkg_1.16.2.dsc
dpkg_1.16.2.tar.bz2
  to main/d/dpkg/dpkg_1.16.2.tar.bz2
dpkg_1.16.2_amd64.deb
  to main/d/dpkg/dpkg_1.16.2_amd64.deb
dselect_1.16.2_amd64.deb
  to main/d/dpkg/dselect_1.16.2_amd64.deb
libdpkg-dev_1.16.2_amd64.deb
  to main/d/dpkg/libdpkg-dev_1.16.2_amd64.deb
libdpkg-perl_1.16.2_all.deb
  to main/d/dpkg/libdpkg-perl_1.16.2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 642608@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <guillem@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 19 Mar 2012 07:27:12 +0100
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.16.2
Distribution: unstable
Urgency: low
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 192619 229357 367608 427945 595144 608884 627832 636238 642473 642608 642802 643746 643969 644370 646496 647915 648180 648217 649248 651481 651813 651993 652414 653575 654453 654626 655411 656496 657849 658126 658696 658854 661638 663004
Changes: 
 dpkg (1.16.2) unstable; urgency=low
 .
   [ Guillem Jover ]
   * Move <config.h> and <compat.h> to the top of trigdeferred.l to properly
     use the configured features and compat code.
   * Honour --disable-nls when the system lacks obstack support, by updating
     the obstack compat module from gnulib.
   * Link the libdpkg unit tests with libcompat and libintl, so that systems
     needing them will compile correctly.
   * Check for the presence of the strnlen declaration and correctly provide
     the compat one in case the systems lacks it.
   * Do not assume existence of paths on the build system in the test suite.
   * Do not fail to link dselect on MacOS X when using --disable-nls.
   * Remove versioned coreutils Pre-Depends from dpkg due to the ancient
     md5sum transition. Reported by Bill Allombert <ballombe@debian.org>.
     Closes: #643746
   * Change dpkg-architecture to only compute the requested variables. This:
     - Fixes the bootstrapping problem, as the dpkg build system only needs
       the host architecture, for which dpkg itself is not required.
     - Reduces the amount of work performed, including loading and parsing
       unnecessary table files or calling either of gcc or dpkg programs.
   * Improve error message in dpkg-gencontrol and dpkg-gensymbols when
     debian/control does not have any package stanza. Closes: #642473
     Based on a patch by Kyle Willmon <kylewillmon@gmail.com>.
   * Add Pre-Depends on tar >= 1.23 (satisfied in stable) to dpkg due to it
     using the ‘--warning=no-timestamp’ option. Closes: #642802
   * Do not segfault on GNU/Linux when dpkg cannot retrieve the block size
     for the filesystem containing the info database. LP: #872734
   * Fix two memory leaks per tar entry in the tar extractor used on unpack.
   * Mark dpkg and dselect as Multi-Arch foreign.
     Reported by Steve Langasek <vorlon@debian.org>.
   * Mark dpkg-dev and libdpkg-perl as Multi-Arch foreign. Closes: #648217
     Thanks to Colin Watson <cjwatson@ubuntu.com>.
   * Add new deb-origin.5 man page. Closes: #608884
     Thanks to Matt Kraai <kraai@ftbfs.org>.
   * Return correct status on start-stop-daemon --status when using --pidfile.
   * Treat dpkg-deb compression level independently for each backend. This
     has the effect of changing the current behaviour for level 0 on all
     compressors except gzip.
   * Add new dpkg-deb -S option to specify the compression strategy. The only
     currently supported value is “extreme” for xz. Closes: #647915
   * Stop using brace expansion to install man pages by using dh_installman
     instead of dh_install, the former does not abort on empty glob expansion.
   * Do not use absolute paths for programs in perl and shell code.
   * Add missing ‘*’ in asprintf() and vasprintf() compat declarations.
   * Add support for virtual output binary:Summary and db:Status-Abbrev fields.
     Closes: #192619, #427945
   * Add support for virtual output source:Package and source:Version fields.
     Closes: #653575
   * Use a different temporary file per process on libcompat's vsnprintf()
     function to avoid race conditions from children after fork(3).
     Reported by Daniel Ruoso <daniel@ruoso.com>. Closes: #655411
   * Fix start-stop-daemon --exec and --name options on FreeBSD, NetBSD and
     OpenBSD by swapping the process matching implementations.
   * Fix start-stop-daemon --name option on GNU/Hurd to match the process name.
   * Document in more detail the implications of start-stop-daemon matching
     options. Closes: #367608
   * Improve and clarify dpkg-shlibdeps superfluous linking warning messages.
     Based on a patch by Peter Eisentraut <petere@debian.org>. Closes: #656496
   * Relax --merge-avail Packages file parser, to not fail on bogus versions.
   * When building only arch-indep binaries with «dpkg-buildpackage -A», name
     the .changes file using ‘all’ as architecture. Closes: #661638
   * Handle unknown architectures gracefully in dpkg-buildflags.
     Closes: #663004
   * Add missing --status-logger to dpkg --help output.
   * Do not print bogus errno string for invalid package names in dpkg
     --ignore-depends option.
   * Change dpkg-query to not load the available file by default for --list
     and --show, add a new --load-avail option to expose the old behaviour.
   * Only allow setting selections via «dpkg --set-selections» for known
     packages (i.e. those present in either the status or available files).
   * Always ignore older versions when parsing the available file, not only
     for --update-avail and --merge-avail.
   * Mark not-installed non-arch-qualified selections for removal.
   * Add new «dpkg --assert-multi-arch» command to allow checking for
     multi-arch support availability.
   * Bump Standards-Version to 3.9.3 (no changes needed).
   * Add architecture consistency checks to «dpkg --audit».
   * Add new dpkg --add-architecture and --remove-architecture commands to
     track supported architectures.
 .
   [ Raphaël Hertzog ]
   * Update Dpkg::Shlibs to look into multiarch paths when cross-building
     too. Closes: #595144
   * Rewrite architecture.mk with explicit loops instead of duplicating many
     similar lines. Based on a patch by Thorsten Glaser <tg@mirbsd.de>.
   * Modify dpkg-gencontrol and dpkg-distaddfile to grab a write lock
     on debian/control before updating debian/files to avoid simultaneous
     updates. Closes: #642608
     Add libfile-fcntllock-perl to dpkg-dev's Depends since we use this module
     to handle the locking.
   * Update dpkg-gensymbols(1) to clarify that -e accepts shell patterns
     expansions and not regular expressions. And let dpkg-gensymbols output a
     warning when a pattern doesn't match any file. Closes: #649248
   * Add new option "-a <arch>" to dpkg-checkbuilddeps to check build
     dependencies for another architecture. This is really basic for now since
     it assumes all build dependencies must be satisfied on the listed
     architecture. Closes: #648180 Thanks to Colin Watson for the patch.
   * Error out if a dpkg database .list file is not a regular file. LP: #369898
   * Fix dpkg-mergechangelogs to not error out on invalid versions.
     Closes: #651993
   * Fix dpkg-source --commit on "3.0 (quilt)" when an explicit patch file
     is given with a relative filename. Closes: #652414
   * Further clarify in dpkg-source(1) the conditions under which it's possible
     to pass an explicit patch file to dpkg-source --commit.
   * Add new --query-features command to dpkg-buildflags. Thanks to Kees Cook
     for the patch. Closes: #651481
   * Fix description of Multi-Arch in deb-control(5). Closes: #654453
     Thanks to Jakub Wilk for spotting the mistake.
   * Drop misleading spaces in deb-symbols(5) in the format description.
   * Clean up dpkg-architecture(1) dropping useless information and
     adding a reference to /usr/share/dpkg/architecture.mk.
   * Update dpkg-buildpackage to use the "build-arch" (for -B) and
     "build-indep" (for -A) targets unless "make -qn" says that they do not
     exist. Closes: #229357
   * Improve deb-shlibs(5) to mention that the dependency field must
     use the same syntax than a Depends field. Closes: #658696
   * Update dpkg-maintscript-helper(1) to recommend usage of the version
     removing/renaming a conffile with a "~" suffix as "priorversion"
     parameter. Thanks to Sam Morris <sam@robots.org.uk> for the patch.
     Closes: #658854
   * Fix debug output of dpkg-maintscript-helper. LP: #936340
 .
   [ Jonathan Nieder ]
   * Bump po4a version in Build-Depends to 0.41, since earlier versions do
     not handle --srcdir correctly. Closes: #644370
 .
   [ Guillem Jover, Steve Langasek, Raphaël Hertzog ]
   * Add new dpkg --print-foreign-architectures command.
   * Add support for virtual output binary:Package field.
   * Implement Multi-Arch support.
 .
   [ Helge Kreutzmann ]
   * Fix a typo in man/dpkg-deb.1.
 .
   [ Updated dpkg translations ]
   * German (Sven Joachim).
   * Italian (Milo Casagrande). Closes: #627832, #657849
   * Swedish (Peter Krefting).
   * French (Christian Perrier)
   * Polish (Michał Kułach). Closes: #658126
 .
   [ Updated scripts translations ]
   * German (Helge Kreutzmann).
   * Spanish (Omar Campagne). Closes: #636238
   * Swedish (Peter Krefting).
 .
   [ Updated man page translations ]
   * German (Helge Kreutzmann), including typo fix in dpkg-genchanges
     Closes: #646496, sub optimal translation of package states LP: #368783
     and an fix by Chris Leick
   * Japanese (TAKAHASHI Motonobu).
   * Spanish (Omar Campagne). Closes: #643969
   * Swedish (Peter Krefting).
   * Minor errors corrected in French (thanks to David Prévot)
   * Fix translation of -B and -A options of dpkg-buildpackage.
     Thanks to Vincent Danjean. Closes: #654626
 .
   [ Updated dselect translations ]
   * Dutch (Jeroen Schot). Closes: #651813
Checksums-Sha1: 
 77256a48ee15cf6c7b13fe54e005e392bf13e608 1362 dpkg_1.16.2.dsc
 43ea22771b0dd9eb5bf7ceaf672400e7196a2bea 5578978 dpkg_1.16.2.tar.bz2
 ca0ba8572881a940aad51a0d029560dacb6a2156 621048 libdpkg-dev_1.16.2_amd64.deb
 0b4298d541724b07fbf549249812971bf335fc42 2326938 dpkg_1.16.2_amd64.deb
 06164d70bb28998bde8db6790a2123048e6d62e0 1070312 dselect_1.16.2_amd64.deb
 db6b45db3dcbd7016bf43ab9ea5050844234591e 1165258 dpkg-dev_1.16.2_all.deb
 3c91d7a0f934cebeb90f6b1200785f3c142bc79c 860916 libdpkg-perl_1.16.2_all.deb
Checksums-Sha256: 
 16f885e5d1215c12c980b77e104bff41cc82f36431f91ed21990693324d87793 1362 dpkg_1.16.2.dsc
 53a77f694ce2269f17729b0e9626c59687683703e3822a2624b13da4a10fccc9 5578978 dpkg_1.16.2.tar.bz2
 37c676f894980da2a6bd074f2326722c8233e6bc4d507f0c8161d903193f6c38 621048 libdpkg-dev_1.16.2_amd64.deb
 f096294c2d0c6ea790137d3170fb692404d3f364363f56480f9688490945c508 2326938 dpkg_1.16.2_amd64.deb
 83973997ecc90a318accfc4ba45bd18c10a5d9c15a959b9403f3c890db61320d 1070312 dselect_1.16.2_amd64.deb
 541749e314b3d3228ce1b89666aefa4a26353d057b675e85da82a099a6684513 1165258 dpkg-dev_1.16.2_all.deb
 8864e6735ee12452435a859bd0444bed7364032e5118b91a0fbf1345a618bc44 860916 libdpkg-perl_1.16.2_all.deb
Files: 
 4c0e64a5775c90db51d3cb0263b81852 1362 admin required dpkg_1.16.2.dsc
 629ba7ee2024e6a5c0ff807aa2db02f8 5578978 admin required dpkg_1.16.2.tar.bz2
 4e2d60c52c2b04787dbc8bee72e6044d 621048 libdevel optional libdpkg-dev_1.16.2_amd64.deb
 6dbfc23909173f7948b6d67cd5f478eb 2326938 admin required dpkg_1.16.2_amd64.deb
 d3e07e1f216935c7db59ced3e9950909 1070312 admin optional dselect_1.16.2_amd64.deb
 e3cc2a84e29ac98690ca150d37a557af 1165258 utils optional dpkg-dev_1.16.2_all.deb
 9f4869d928df7aad7f22295d9ab28215 860916 perl optional libdpkg-perl_1.16.2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9m67YACgkQuW9ciZ2SjJu4ZwCgg5g2xI9krladpIS55iZt7OrA
ETwAoOVYQ26EgFLrT9gNTAuRodMUoyi4
=v+Je
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 27 Apr 2012 07:34:19 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 09:03:46 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.