From 0baebd2b374082a1cd6349053445eacdb51fbc73 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Tue, 29 Mar 2022 17:32:29 +0200 Subject: [PATCH 1/2] tools/packaging: Fix usage of kata-deploy-binaries.sh Add missing documentation for -s . Signed-off-by: Greg Kurz --- tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index f335f9ed21..43342b902d 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -64,6 +64,7 @@ version: The kata version that will be use to create the tarball options: -h|--help : Show this help +-s : Silent mode (produce output in case of failure only) --build= : all cloud-hypervisor From a779e19beef0fdb50b905b25aead0294d4f0cb19 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Tue, 29 Mar 2022 15:10:38 +0200 Subject: [PATCH 2/2] tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s' `make kata-tarball` relies on `kata-deploy-binaries.sh -s` which silently ignores errors, and you may end up with an incomplete tarball without noticing it because `make`'s exit status is 0. `kata-deploy-binaries.sh` does set the `errexit` option and all the code in the script seems to assume that since it doesn't do error checking. Unfortunately, bash automatically disables `errexit` when calling a function from a conditional pipeline, like done in the `-s` case: if [ "${silent}" == true ]; then if ! handle_build "${t}" &>"$log_file"; then ^^^^^^ this disables `errexit` and `handle_build` ends with a `tar tvf` that always succeeds. Adding error checking all over the place isn't really an option as it would seriously obfuscate the code. Drop the conditional pipeline instead and print the final error message from a `trap` handler on the special ERR signal. This requires the `errtrace` option as `trap`s aren't propagated to functions by default. Since all outputs of `handle_build` are redirected to the build log file, some file descriptor duplication magic is needed for the handler to be able to write to the orignal stdout and stderr. Fixes #3757 Signed-off-by: Greg Kurz --- .../local-build/kata-deploy-binaries.sh | 27 +++++++++++++++---- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 43342b902d..a73b2d2c2a 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -8,6 +8,7 @@ set -o errexit set -o nounset set -o pipefail +set -o errtrace readonly project="kata-containers" @@ -196,6 +197,18 @@ handle_build() { tar tvf "${tarball_name}" } +silent_mode_error_trap() { + local stdout="$1" + local stderr="$2" + local t="$3" + local log_file="$4" + exec 1>&${stdout} + exec 2>&${stderr} + error "Failed to build: $t, logs:" + cat "${log_file}" + exit 1 +} + main() { local build_targets local silent @@ -248,11 +261,15 @@ main() { ( cd "${builddir}" if [ "${silent}" == true ]; then - if ! handle_build "${t}" &>"$log_file"; then - error "Failed to build: $t, logs:" - cat "${log_file}" - exit 1 - fi + local stdout + local stderr + # Save stdout and stderr, to be restored + # by silent_mode_error_trap() in case of + # build failure. + exec {stdout}>&1 + exec {stderr}>&2 + trap "silent_mode_error_trap $stdout $stderr $t \"$log_file\"" ERR + handle_build "${t}" &>"$log_file" else handle_build "${t}" fi