Skip to content

Commit

Permalink
Create update locks for logged in sessions
Browse files Browse the repository at this point in the history
Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
  • Loading branch information
klutchell committed Nov 22, 2023
1 parent 0e51480 commit 76c7189
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 6 deletions.
9 changes: 3 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,12 @@ Shared Yocto development environment
## Features

- Yocto and OpenEmbedded build dependencies based on Ubuntu 18.04
- SSH daemon background service w/ rotating logs
- SSH daemon service w/ rotating logs
- Fail2ban blocking IPs after failed login attempts
- Docker daemon background service
- Docker daemon service
- Per-user home directories
- Per-user SSH authorized keys synced with GitHub profiles

## Planned Features

- Update locking
- Supervisor update locking for active SSH sessions

## Administration

Expand Down
Empty file.
3 changes: 3 additions & 0 deletions yocto-build-env/s6-overlay/s6-rc.d/lock-manager/finish
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/usr/bin/env bash

rm -f /tmp/balena/updates.lock
39 changes: 39 additions & 0 deletions yocto-build-env/s6-overlay/s6-rc.d/lock-manager/run
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/usr/bin/env bash

set -euo pipefail

[[ ${VERBOSE:-,,} =~ true|yes|on|1 ]] && set -x

LOCKFILE=/tmp/balena/updates.lock

while true; do
(
# check for active sessions
while last | grep -q "still logged in"; do

# create the lockfile
touch $LOCKFILE

# create a file descriptor over the given lockfile
exec {fd}<>${LOCKFILE}

# request an exclusive lock in non-blocking mode
flock -n $fd || exit 0

echo "Updates are locked while sessions are active..."
last | grep "still logged in"

# wait 30 seconds before checking again
# updates are locked during this time
sleep 30

done
)

# remove the lockfile (this should be unecessary?)
rm -f $LOCKFILE

# wait 5 seconds before checking again
# updates are unlocked during this time
sleep 5
done
1 change: 1 addition & 0 deletions yocto-build-env/s6-overlay/s6-rc.d/lock-manager/type
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
longrun
Empty file.

0 comments on commit 76c7189

Please sign in to comment.