4

Running script

#!/bin/bash
(
 flock 9 
  # ... commands executed under lock ...
 fuser -v /var/lib/dpkg/lock
 apt-get -f --assume-no install
) 9>/var/lib/dpkg/lock

as superuser does not display an error message. But if there is e.g. synaptic running,apt-get will display an error message: "E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)".

derHugo
  • 3,376
  • 5
  • 34
  • 52
jarno
  • 6,205

1 Answers1

2

dpkg (and in turn apt) doesn't use flock(2) for locking. Checking the system calls, involved, it seems they use fcntl(2):

$ sudo strace -f -e trace=desc apt install foo |& grep -B2 F_SETLK
close(4)                                = 0
open("/var/lib/dpkg/lock", O_RDWR|O_CREAT|O_NOFOLLOW, 0640) = 4
fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
fcntl(4, F_SETLK, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = -1 EAGAIN (Resource temporarily unavailable)
close(4)                                = 0

And from this SO post:

In Linux, lockf() is just a wrapper around fcntl(), while flock() locks are separate (and will only work on local filesystems, not on e.g. NFS mounts). That is, one process can have an advisory exclusive flock() lock on a file, while another process has an advisory exclusive fcntl() lock on that same file. Both are advisory locks, but they do not interact.

So flock isn't effective in locking it against other package management commands. (Thinking about it... if it were, then the subsequent apt-get would have failed anyway.)

The simplest way I can think of is to create an immutable /var/lib/dpkg/lock file for the duration of the task.

touch /var/lib/dpkg/lock
chattr +i /var/lib/dpkg/lock

Or you can write a short C program (or any language that provides an easy interface to fcntl) that uses fcntl to lock it the way dpkg does.

muru
  • 207,970
  • But there are no commands fcntl or lockf in terminal. – jarno Nov 20 '17 at 14:14
  • @jarno click on the fcntl link in the answer. – muru Nov 20 '17 at 14:55
  • dpkg doesn't have to use commands to do locking. There are system calls for those. The flock command is merely a convenient wrapper around one of those system calls. There's no reason for all calls to have wrapper commands. – muru Nov 20 '17 at 15:42
  • What I want to achieve is that I want to lock dpkg database in a script so that user can choose interactively some packages, and thereafter do certain things with them by apt or dpkg without worrying that the packages have been changed e.g. by a background process in the mean time. – jarno Nov 21 '17 at 17:44
  • 1
    @jarno in that case, the simplest way I can think of is to create an immutable /var/lib/dpkg/lock file for the duration of the task. Or you can write a short C program that uses fcntl to lock it the way dpkg does. – muru Nov 22 '17 at 11:39
  • What do you mean by creating an immutable lock file? – jarno Nov 22 '17 at 20:33
  • @jarno touch /var/lib/dpkg/lock; chattr +i /var/lib/dpkg/lock – muru Nov 25 '17 at 06:44
  • You can use a perl one-liner like sudo perl -MFile::FcntlLock -e 'my $fs = new File::FcntlLock; $fs->l_type( F_WRLCK ); $fs->l_whence( SEEK_SET ); $fs->l_start( 0 ); $fs->l_len( 0 ); open my $fh, "+<", "/var/lib/dpkg/lock" or die $!; $fs->lock( $fh, F_SETLK ) or die $fs->error; warn "got lock\n"; system("run some commands")' (requires package libfile-fcntllock-perl). – Slaven Rezic Dec 20 '17 at 16:46
  • @muru would you create an answer? the chattr strategy is the most simple, correct solution (in my case, chattr +i /var/lib/apt/lists/lock) – Marcus Dec 06 '18 at 08:31
  • @Marcus since this was already my answer :D I edited in the relevant comments instead. – muru Dec 06 '18 at 18:03