Termux
/
termux-packages
mirror of https://github.com/termux/termux-packages
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(run-docker.sh): Fix docker exec not passing kill signals (ctrl+c) to commands in some cases leaving processes still running 

If `--tty` is not passed to `docker exec` because stdout is not available (`[ ! -t 1 ]`), like due to redirection to file (`&> build.log`) or if stdin is not available (`< /dev/null`), then docker does not forward kill signals to the process started and they remain running.

To fix the issue, the `DOCKER_EXEC_PID_FILE_PATH` env variable with the value `/tmp/docker-exec-pid-<timestamp>` is passed to the process called with `docke exec` and the process started stores its pid in the file path passed. Traps are set in `run-docker.sh` that runs the `docker exec` command to receive any kills signals, and if it does, it runs another `docker exec` command to read the pid of the process previously started from `DOCKER_EXEC_PID_FILE_PATH` and then kills it and all its children.

See Also:

https://github.com/docker/cli/issues/2607
https://github.com/moby/moby/issues/9098
https://github.com/moby/moby/pull/41548
https://stackoverflow.com/questions/41097652/how-to-fix-ctrlc-inside-a-docker-container

Also passing `--init` to `docker run` to "Run an init inside the container that forwards signals and reaps processes", although it does not work for above cases, but may helpful in others. The `--init` flag changes will only engage on new container creation.

https://docs.docker.com/engine/reference/run/#specify-an-init-process

https://docs.docker.com/engine/reference/commandline/run/

```
./scripts/run-docker.sh ./build-package.sh -f libjpeg-turbo  &> build.log
^C
$ ./scripts/run-docker.sh ps -efww
Running container 'termux-package-builder' from image 'termux/package-builder'...
UID          PID    PPID  C STIME TTY          TIME CMD
builder        1       0  0 05:48 pts/0    00:00:00 bash
builder     9243       0  0 06:01 pts/1    00:00:00 bash
builder    28127       0  0 06:12 ?        00:00:00 /bin/bash ./build-package.sh -f libjpeg-turbo
builder    28141   28127  0 06:12 ?        00:00:00 /bin/bash ./build-package.sh -f libjpeg-turbo
builder    28449   28141  1 06:12 ?        00:00:00 ninja -w dupbuild=warn -j 8
builder    28656   28449  0 06:12 ?        00:00:00 /bin/sh -c /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28657   28656 79 06:12 ?        00:00:01 /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28694   28449  0 06:12 ?        00:00:00 /bin/sh -c /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28695   28694 89 06:12 ?        00:00:00 /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28728   28449  0 06:12 ?        00:00:00 /bin/sh -c /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28729   28728  0 06:12 ?        00:00:00 /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28731   28449  0 06:12 ?        00:00:00 /bin/sh -c /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28734   28731  0 06:12 ?        00:00:00 /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28740   28449  0 06:12 ?        00:00:00 /bin/sh -c /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28741   28740  0 06:12 ?        00:00:00 /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28744       0  0 06:12 pts/2    00:00:00 ps -efww
builder    28748   28449  0 06:12 ?        00:00:00 /bin/sh -c /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28752   28748  0 06:12 ?        00:00:00 /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28753   28449  0 06:12 ?        00:00:00 /bin/sh -c /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28754   28753  0 06:12 ?        00:00:00 /home/builder/.termux-build/_cache/android-r23c-api-24-v0/bin/clang
builder    28755   28449  0 06:12 ?        00:00:00 ninja -w dupbuild=warn -j 8
$ ./scripts/run-docker.sh ./build-package.sh -f libjpeg-turbo  &> build.log
$ ./scripts/run-docker.sh ./build-package.sh -f libjpeg-turbo
Running container 'termux-package-builder' from image 'termux/package-builder'...
ERROR: Another build is already running within same environment.
```
This commit is contained in:
agnostic-apollo 2022-07-24 11:51:21 +05:00
parent 571db28a3d
commit 7b9b9b6224
5 changed files with 141 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
build-all.sh
View File

@ -3,6 +3,12 @@
set -e -u -o pipefail
TERMUX_SCRIPTDIR=$(cd "$(realpath "$(dirname "$0")")"; pwd)
# Store pid of current process in a file for docker__run_docker_exec_trap
source "$TERMUX_SCRIPTDIR/scripts/utils/docker/docker.sh"; docker__create_docker_exec_pid_file
if [ "$(uname -o)" = "Android" ] || [ -e "/system/bin/app_process" ]; then
echo "On-device execution of this script is not supported."
exit 1
@ -53,7 +59,7 @@ if [ -e "$BUILDORDER_FILE" ]; then
echo "Using existing buildorder file: $BUILDORDER_FILE"
else
mkdir -p "$BUILDALL_DIR"
./scripts/buildorder.py > "$BUILDORDER_FILE"
"$TERMUX_SCRIPTDIR/scripts/buildorder.py" > "$BUILDORDER_FILE"
fi
if [ -e "$BUILDSTATUS_FILE" ]; then
echo "Continuing build-all from: $BUILDSTATUS_FILE"

12
build-package.sh
View File

@ -3,6 +3,14 @@
set -e -o pipefail -u
cd "$(realpath "$(dirname "$0")")"
TERMUX_SCRIPTDIR=$(pwd)
export TERMUX_SCRIPTDIR
# Store pid of current process in a file for docker__run_docker_exec_trap
source "$TERMUX_SCRIPTDIR/scripts/utils/docker/docker.sh"; docker__create_docker_exec_pid_file
SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct 2>/dev/null || date "+%s")
export SOURCE_DATE_EPOCH
@ -22,10 +30,6 @@ else
export TERMUX_ON_DEVICE_BUILD=false
fi
cd "$(realpath "$(dirname "$0")")"
TERMUX_SCRIPTDIR=$(pwd)
export TERMUX_SCRIPTDIR
# Automatically enable offline set of sources and build tools.
# Offline termux-packages bundle can be created by executing
# script ./scripts/setup-offline-bundle.sh.

6
clean.sh
View File

@ -2,6 +2,12 @@
# clean.sh - clean everything.
set -e -u
TERMUX_SCRIPTDIR=$(cd "$(realpath "$(dirname "$0")")"; pwd)
# Store pid of current process in a file for docker__run_docker_exec_trap
. "$TERMUX_SCRIPTDIR/scripts/utils/docker/docker.sh"; docker__create_docker_exec_pid_file
# Checking if script is running on Android with 2 different methods.
# Needed for safety to prevent execution of potentially dangerous
# operations such as 'rm -rf /data/*' on Android device.

10
scripts/run-docker.sh
View File

@ -1,6 +1,8 @@
#!/bin/sh
set -e -u
TERMUX_SCRIPTDIR=$(cd "$(realpath "$(dirname "$0")")"; cd ..; pwd)
CONTAINER_HOME_DIR=/home/builder
UNAME=$(uname)
if [ "$UNAME" = Darwin ]; then
@ -45,6 +47,7 @@ $SUDO docker start $CONTAINER_NAME >/dev/null 2>&1 || {
echo "Creating new container..."
$SUDO docker run \
--detach \
--init \
--name $CONTAINER_NAME \
--volume $VOLUME \
$SEC_OPT \
@ -61,8 +64,11 @@ $SUDO docker start $CONTAINER_NAME >/dev/null 2>&1 || {
fi
}
# Set traps to ensure that the process started with docker exec and all its children are killed.
. "$TERMUX_SCRIPTDIR/scripts/utils/docker/docker.sh"; docker__setup_docker_exec_traps
if [ "$#" -eq "0" ]; then
$SUDO docker exec --interactive $DOCKER_TTY $CONTAINER_NAME bash
$SUDO docker exec --env "DOCKER_EXEC_PID_FILE_PATH=$DOCKER_EXEC_PID_FILE_PATH" --interactive $DOCKER_TTY $CONTAINER_NAME bash
else
$SUDO docker exec --interactive $DOCKER_TTY $CONTAINER_NAME "$@"
$SUDO docker exec --env "DOCKER_EXEC_PID_FILE_PATH=$DOCKER_EXEC_PID_FILE_PATH" --interactive $DOCKER_TTY $CONTAINER_NAME "$@"
fi

112
scripts/utils/docker/docker.sh Normal file
View File

@ -0,0 +1,112 @@
# shellcheck shell=sh
# shellcheck disable=SC2039,SC2059
# Title: docker
# Description: A library for docker.
# License-SPDX: MIT
##
# Run trap for `docker exec`.
# .
# This will read the pid stored in DOCKER_EXEC_PID_FILE_PATH by the process
# called by `docker exec`, like via a call to `docker__create_docker_exec_pid_file`
# and then will send kill signals to the process for the pid and all
# its children. This is need like for cases when `--tty` is not passed
# or cannot be passed to `docker exec` like if stdin is not available
# or if output of command is redirected to file instead of terminal,
# like `docker exec cmd &> cmd.log </dev/null`.
# .
# See Also:
# - https://github.com/docker/cli/issues/2607
# - https://github.com/moby/moby/issues/9098
# - https://github.com/moby/moby/pull/41548
# .
# .
# docker__run_docker_exec_trap
##
docker__run_docker_exec_trap() {
local exit_code=$? # Store the original trap signal
local signal="${1-}";
trap - EXIT # Remove the EXIT trap so its not called again
[ -n "${1-}" ] && trap - "${1-}"; # If a signal argument was passed, then remove its trap
if [ -n "${CONTAINER_NAME-}" ] && [ -n "${DOCKER_EXEC_PID_FILE_PATH-}" ]; then
local docker_exec_trap_command='
# If called process did not store its pid in file path, then just exit
[ ! -f '"$DOCKER_EXEC_PID_FILE_PATH"' ] && exit 0;
docker_killtree() {
local signal="${1-}"; local pid="${2-}"; local cpid; local docker_process
for cpid in $(pgrep -P "$pid"); do docker_killtree "$signal" "$cpid"; done
[[ "$pid" != "$$" ]] && \
docker_process="$(ps -efww --pid "$pid" --no-headers -o pid:1,cmd)" && \
#echo "Killing $docker_process" && \
kill "-${signal:=15}" "$pid" 2>/dev/null || :
}
# Read the pid stored in file path and send kill signals to the process and all its children
DOCKER_PID="$(cat '"$DOCKER_EXEC_PID_FILE_PATH"')" && [[ "$DOCKER_PID" =~ ^[0-9]+$ ]] && \
DOCKER_PROCESS="$(ps -efww --pid "$DOCKER_PID" --no-headers -o pid:1,cmd)" && \
echo "Docker trap killing $DOCKER_PROCESS" && \
docker_killtree "'"$signal"'" "$DOCKER_PID"
'
# Exec docker_exec_trap_command inside docker context
$SUDO docker exec "$CONTAINER_NAME" bash -c "$docker_exec_trap_command"
fi
exit $exit_code # Exit with the original trap signal exit code
}
##
# Setup traps for `docker exec`.
#
# .This call sets `DOCKER_EXEC_PID_FILE_PATH`, which should be passed to
# processes started with `docker exec`, like with
# `--env "DOCKER_EXEC_PID_FILE_PATH=$DOCKER_EXEC_PID_FILE_PATH"` option,
# so that its available in `docker__create_docker_exec_pid_file` inside the
# called process and in `docker__run_docker_exec_trap` inside the process
# that calls `docker exec`.
# .
# .
# docker__setup_docker_exec_traps
##
docker__setup_docker_exec_traps() {
DOCKER_EXEC_PID_FILE_PATH="/tmp/docker-exec-pid-$(date +"%Y-%m-%d-%H.%M.%S.")$((RANDOM%1000))"
trap 'docker__run_docker_exec_trap' EXIT
trap 'docker__run_docker_exec_trap TERM' TERM
trap 'docker__run_docker_exec_trap INT' INT
trap 'docker__run_docker_exec_trap HUP' HUP
trap 'docker__run_docker_exec_trap QUIT' QUIT
}
##
# Store the pid of current process at DOCKER_EXEC_PID_FILE_PATH so that
# if `docker exec` is killed, like with `ctrl+c`, then all child
# process of current processes are killed by docker__run_docker_exec_trap.
# .
# .
# **Parameters:**
# `pid` - The optional pid to store in file instead of current process pid ($$).
# .
# .
# docker__create_docker_exec_pid_file [`pid`]
##
docker__create_docker_exec_pid_file() {
local pid=${1-}; pid=${pid:=$$}
if [ -n "${DOCKER_EXEC_PID_FILE_PATH-}" ] && [ ! -e "${DOCKER_EXEC_PID_FILE_PATH-}" ]; then
if ! echo "$$" > "$DOCKER_EXEC_PID_FILE_PATH"; then
echo "Failed to create docker exec pid file at \"$DOCKER_EXEC_PID_FILE_PATH\""
fi
fi
}