Skip to content

Use a lock file to avoid exceptions due to concurrenct symlink creation#2851

Closed
stefanberger wants to merge 1 commit intotheupdateframework:developfrom
stefanberger:file_lock
Closed

Use a lock file to avoid exceptions due to concurrenct symlink creation#2851
stefanberger wants to merge 1 commit intotheupdateframework:developfrom
stefanberger:file_lock

Conversation

@stefanberger
Copy link
Copy Markdown

@stefanberger stefanberger commented Jul 15, 2025
edited
Loading

We have seen exceptions being raised from _update_root_symlink() on the level of the sigstore-python library when multiple concurrent threads were creating symlinks in this function with the same symlink name (in a test environment running tests concurrently). To avoid this issue, have each thread open a lock file and create an exclusive lock on it to serialize the access to the removal and creation of the symlink.

The reproducer for this issue, that should be run in 2 or more python interpreters concurrently, looks like this:

from sigstore import sign
while True:
    sign.TrustedRoot.production()

Use fcntl.lockf-based locking for Linux and Mac and a different implementation on Windows. The source originally comes from a discussion on stockoverflow (link below).

Resolves: #2836
Link: https://stackoverflow.com/questions/489861/locking-a-file-in-python

Description of the changes being introduced by the pull request:

Fixes #2836

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jku jku jku requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ngclient: Be better with concurrent instances

2 participants

@stefanberger @jku