Make keystore read protected by transaction lock too

Take read-only transaction lock at the rpmts side, pass it down the rpmKeystoreLoad() hatch. Somehow this feels like an overkill but then our keystores haven't been designed with concurrent access in mind *at all*, so play safe and just take a read lock while loading they keystore. It also balances the API: everything just takes a txn item now. Related: rpm-software-management#3342
pmatilai · Oct 28, 2024 · 07ebc22 · 07ebc22
1 parent 0abf554
commit 07ebc22
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 9 deletions.
diff --git a/lib/keystore.cc b/lib/keystore.cc
@@ -24,11 +24,11 @@ using std::string;
 
 static int makePubkeyHeader(rpmts ts, rpmPubkey key, Header * hdrp);
 
-static int rpmtsLoadKeyringFromFiles(rpmts ts, rpmKeyring keyring)
+static int rpmtsLoadKeyringFromFiles(rpmtxn txn, rpmKeyring keyring)
 {
     ARGV_t files = NULL;
     /* XXX TODO: deal with chroot path issues */
-    char *pkpath = rpmGetPath(ts->rootDir, "%{_keyringpath}/*.key", NULL);
+    char *pkpath = rpmGetPath(rpmtxnRootDir(txn), "%{_keyringpath}/*.key", NULL);
     int nkeys = 0;
 
     rpmlog(RPMLOG_DEBUG, "loading keyring from pubkeys in %s\n", pkpath);
@@ -133,14 +133,14 @@ static rpmRC rpmtsImportFSKey(rpmtxn txn, rpmPubkey key, rpmFlags flags, int rep
     return rc;
 }
 
-static int rpmtsLoadKeyringFromDB(rpmts ts, rpmKeyring keyring)
+static int rpmtsLoadKeyringFromDB(rpmtxn txn, rpmKeyring keyring)
 {
     Header h;
     rpmdbMatchIterator mi;
     int nkeys = 0;
 
     rpmlog(RPMLOG_DEBUG, "loading keyring from rpmdb\n");
-    mi = rpmtsInitIterator(ts, RPMDBI_NAME, "gpg-pubkey", 0);
+    mi = rpmtsInitIterator(rpmtxnTs(txn), RPMDBI_NAME, "gpg-pubkey", 0);
     while ((h = rpmdbNextIterator(mi)) != NULL) {
 	struct rpmtd_s pubkeys;
 	const char *key;
@@ -405,13 +405,14 @@ rpmRC rpmKeystoreDeletePubkey(rpmtxn txn, rpmPubkey key)
     return rc;
 }
 
-int rpmKeystoreLoad(rpmts ts, rpmKeyring keyring)
+int rpmKeystoreLoad(rpmtxn txn, rpmKeyring keyring)
 {
     int nkeys = 0;
+    rpmts ts = rpmtxnTs(txn);
     if (ts->keyringtype == KEYRING_FS) {
-	nkeys = rpmtsLoadKeyringFromFiles(ts, keyring);
+	nkeys = rpmtsLoadKeyringFromFiles(txn, keyring);
     } else {
-	nkeys = rpmtsLoadKeyringFromDB(ts, keyring);
+	nkeys = rpmtsLoadKeyringFromDB(txn, keyring);
     }
     return nkeys;
 }

diff --git a/lib/keystore.hh b/lib/keystore.hh
@@ -9,7 +9,7 @@ enum {
 };
 
 RPM_GNUC_INTERNAL
-int rpmKeystoreLoad(rpmts ts, rpmKeyring keyring);
+int rpmKeystoreLoad(rpmtxn txn, rpmKeyring keyring);
 
 RPM_GNUC_INTERNAL
 rpmRC rpmKeystoreImportPubkey(rpmtxn txn, rpmPubkey key, int replace = 0);

diff --git a/lib/rpmts.cc b/lib/rpmts.cc
@@ -289,7 +289,11 @@ static void loadKeyring(rpmts ts)
 	if (!ts->keyringtype)
 	    ts->keyringtype = getKeyringType();
 	ts->keyring = rpmKeyringNew();
-	rpmKeystoreLoad(ts, ts->keyring);
+	rpmtxn txn = rpmtxnBegin(ts, RPMTXN_READ);
+	if (txn) {
+	    rpmKeystoreLoad(txn, ts->keyring);
+	    rpmtxnEnd(txn);
+	}
     }
 }