diff options
| author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-03-22 14:30:05 +0300 |
|---|---|---|
| committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-03-23 15:33:08 +0300 |
| commit | 4fef8d1aa7cb10f295e07acff8f29fb924cf9c06 (patch) | |
| tree | 643ed11d13aa08a8db724eaf2013844b36e048d5 /cmd | |
| parent | e9c85a7455f1934bbebf589db4e9600a45c8f1bb (diff) | |
sidechannel: Convert to use runtime directory to store socketspks-sidechannel-migrate-to-runtime-dir
The sidechannel code is used to create sidechannels that circumvent gRPC
for efficiency's sake. This socket is currently created in the system's
temporary directory as returned by `os.MkdirTemp()`. This has the very
real downside that it easily leaks created files and directories in case
we have a logic bug anywhere.
We have recently introduced a new runtime directory that can help us in
this situation: the runtime directory is created once at a central place
and will be cleaned up when shutting down Gitaly. Consequentially, even
if we leaked and sidechannel files, we'd still remove them on shutdown.
And even if we didn't: the runtime directory is designed so that we can
check whether it's used because it has the current process's PID as part
of its component. So if a runtime directory exists whose PID doesn't
refer to any existing process it's safe to remove. While we don't have
any such logic yet, it can easily be added at a later point and have all
code which started to use the runtime directory benefit at the same
time.
Migrate the sidechannel code to create sockets in a subdirectory within
the runtime directory called "sidechannel.d" if the runtime directory is
set via the hooks payload.
Changelog: changed
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/gitaly-hooks/hooks.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/cmd/gitaly-hooks/hooks.go b/cmd/gitaly-hooks/hooks.go index 16021c4e5..125be64d6 100644 --- a/cmd/gitaly-hooks/hooks.go +++ b/cmd/gitaly-hooks/hooks.go @@ -371,15 +371,15 @@ func referenceTransactionHook(ctx context.Context, payload git.HooksPayload, hoo } func packObjectsHook(ctx context.Context, payload git.HooksPayload, hookClient gitalypb.HookServiceClient, args []string) error { - if err := handlePackObjectsWithSidechannel(ctx, hookClient, payload.Repo, args); err != nil { + if err := handlePackObjectsWithSidechannel(ctx, payload, hookClient, args); err != nil { return hookError{returnCode: 1, err: fmt.Errorf("RPC failed: %w", err)} } return nil } -func handlePackObjectsWithSidechannel(ctx context.Context, hookClient gitalypb.HookServiceClient, repo *gitalypb.Repository, args []string) error { - ctx, wt, err := hook.SetupSidechannel(ctx, func(c *net.UnixConn) error { +func handlePackObjectsWithSidechannel(ctx context.Context, payload git.HooksPayload, hookClient gitalypb.HookServiceClient, args []string) error { + ctx, wt, err := hook.SetupSidechannel(ctx, payload, func(c *net.UnixConn) error { return stream.ProxyPktLine(c, os.Stdin, os.Stdout, os.Stderr) }) if err != nil { @@ -389,7 +389,7 @@ func handlePackObjectsWithSidechannel(ctx context.Context, hookClient gitalypb.H if _, err := hookClient.PackObjectsHookWithSidechannel( ctx, - &gitalypb.PackObjectsHookWithSidechannelRequest{Repository: repo, Args: args}, + &gitalypb.PackObjectsHookWithSidechannelRequest{Repository: payload.Repo, Args: args}, ); err != nil { return fmt.Errorf("call PackObjectsHookWithSidechannel: %w", err) } |