feat(harness): P1 lock-lifetime hardening — PDEATHSIG + SIGTERM/SIGALRM teardown funnel + 60-min hard deadline
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
- new harness/lifetime.py: install_lifetime_guards() arms PR_SET_PDEATHSIG(SIGTERM) (with post-prctl ppid==1 orphan refusal), a SIGTERM handler raising SystemExit through the run's finally: teardown funnel (exit 143), and signal.alarm(3600) funnelling SIGALRM the same way with a distinct deadline log line (exit 142). Re-entrant signals during teardown are logged and ignored (begin_teardown guard) so a second signal can't abort the running cleanup. - run_recipe_ci.main(): guards installed first thing, before any abra call/lock; both teardown finally: blocks (cold + quick) mark begin_teardown(). - .drone.yml recipe-ci step: harness runs under setsid in its own process group; a trap forwards the step shell's TERM/EXIT to the whole group so drone cancel reaches the harness instead of leaking it (docs/concurrency.md §8.1). - PEP 446 note on the recipe-lock open(): the fd is non-inheritable, children never carry it.
This commit is contained in:
11
.drone.yml
11
.drone.yml
@ -70,4 +70,13 @@ steps:
|
||||
# build's custom params. CCCI_QUICK=1 makes run_recipe_ci take the opt-in fast lane (WC7);
|
||||
# absent => full cold (default). run_quick ignores STAGES (always upgrade+custom).
|
||||
- 'echo "recipe-ci: RECIPE=$RECIPE REF=$REF PR=$PR SRC=$SRC stages=$STAGES quick=${CCCI_QUICK:-0}"'
|
||||
- cc-ci-run runner/run_recipe_ci.py
|
||||
# P1 lock-lifetime hardening: run the harness in its own session/process group (setsid) and
|
||||
# forward a drone cancel (TERM to this step shell) to the WHOLE group, so the harness's
|
||||
# SIGTERM handler runs its teardown funnel instead of being leaked (the exec runner kills
|
||||
# only the step shell, not the tree). PDEATHSIG inside the harness backstops the case where
|
||||
# this shell dies without the trap firing. `wait` propagates the harness exit code.
|
||||
- |
|
||||
setsid cc-ci-run runner/run_recipe_ci.py &
|
||||
PID=$!
|
||||
trap 'kill -TERM -- "-$PID" 2>/dev/null' TERM EXIT
|
||||
wait "$PID"
|
||||
|
||||
Reference in New Issue
Block a user