Fix Windows permission error with self remove#52316
Merged
Conversation
vapopov
added
no-changelog
vapopov
force-pushed
the
vapopov/fix-windows-client-tools-updates
branch
from
c72dd0e to
220ceff
Compare
vapopov
force-pushed
the
vapopov/fix-windows-client-tools-updates
branch
from
220ceff to
bef7c9b
Compare
Contributor
Author
|
Would appreciate your review |
hugoShaka
reviewed
Feb 24, 2025
Comment on lines
+435
to
440
| defer func() { | ||
| err = trace.Wrap(destFile.Close()) | ||
| }() | ||
| _, err = destFile.ReadFrom(srcFile) | ||
| if err != nil { | ||
| return trace.ConvertSystemError(err) |
Contributor
There was a problem hiding this comment.
The deferred function will overwrite the error from return trace.ConvertSystemError(err)
You can use trace.NewAggregate() to keep the original error if it's already non-nil.
hugoShaka
reviewed
Feb 24, 2025
Contributor
There was a problem hiding this comment.
Is this change required for the PR to work? Why?
Contributor
Author
There was a problem hiding this comment.
This one required for windows, to be able run tests.
In integration/autoupdate/tools/updater_tsh_test.go we use testserver.MakeTestServer which register test modules with BuildType = CLI
teleport/tool/teleport/testenv/test_server.go
Lines 79 to 88 in 217d014
Since it is disabled for windows (we don't support to build server). By default BuildType is oss which leads to failing test where updater was disabled for OSS versions.
Contributor
There was a problem hiding this comment.
Thanks for the explanation :)
hugoShaka
reviewed
Feb 24, 2025
Comment on lines
132
to
134
| appPath := filepath.Join(toolsDir, baseName) | ||
| if err := os.Remove(appPath); err != nil && !os.IsNotExist(err) { | ||
| return trace.Wrap(err) | ||
| } | ||
| // For the Windows build we have to copy binary to be able | ||
| // to do this without administrative access as it required | ||
| // for symlinks. |
Contributor
There was a problem hiding this comment.
If I understand correctly, utils.CopyFile already overwrote the destination file? This is why removing it before is not needed?
Contributor
Author
There was a problem hiding this comment.
yes, it was not necessary, and windows return error if we try to self-remove
Member
There was a problem hiding this comment.
It might be good to leave a comment about it, someone touching this code in 6 months is likely not going to remember about this Windows-specific behavior.
hugoShaka
approved these changes
Feb 24, 2025
Contributor
Author
|
@ravicious @doggydogworld could you please also take a look, wanted to include this fix in next release |
ravicious
approved these changes
Feb 25, 2025
| // IsOSSBuild returns false for [TestModules]. | ||
| func (p *TestModules) IsOSSBuild() bool { | ||
| return os.Getenv(TestBuild) == modules.BuildOSS | ||
| return true |
Member
There was a problem hiding this comment.
Should the comment for this method be updated? Same could be probably said about IsEnterpriseBuild.
Contributor
Author
There was a problem hiding this comment.
Updated, I've restored previous check, reconsidered that it might be useful in further testing.
Comment on lines
132
to
134
| appPath := filepath.Join(toolsDir, baseName) | ||
| if err := os.Remove(appPath); err != nil && !os.IsNotExist(err) { | ||
| return trace.Wrap(err) | ||
| } | ||
| // For the Windows build we have to copy binary to be able | ||
| // to do this without administrative access as it required | ||
| // for symlinks. |
Member
There was a problem hiding this comment.
It might be good to leave a comment about it, someone touching this code in 6 months is likely not going to remember about this Windows-specific behavior.
| return trace.ConvertSystemError(err) | ||
| } | ||
| defer func() { | ||
| err = trace.NewAggregate(err, trace.Wrap(destFile.Close())) |
Member
There was a problem hiding this comment.
Why do we only propagate the error from destFile.Close() and not srcFile.Close()? I don't know what's the correct behavior here, it's just something that caught my eye.
Contributor
Author
There was a problem hiding this comment.
destFile.Close() errors can happen if there’s a problem flushing the final buffered data to disk, like running out of space, this error is crucial because it directly impacts whether the data was successfully written and saved. srcFile is opened for reading and without error propagation because failure there doesn’t affect data integrity. Should I add the logging for srcFile what do you think?
public-teleport-github-review-bot
Bot
removed request for
doggydogworld and
sclevine
vapopov
added a commit
that referenced
this pull request
Feb 26, 2025
* Fix windows permission error with self replace * Aggregate errors * Update comments
vapopov
added a commit
that referenced
this pull request
Feb 26, 2025
* Fix windows permission error with self replace * Aggregate errors * Update comments
vapopov
added a commit
that referenced
this pull request
Feb 26, 2025
* Fix windows permission error with self replace * Aggregate errors * Update comments
This was referenced Feb 26, 2025
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Feb 26, 2025
* [v15] Client tools autoupdates (#48648) * Expose client tools auto update for find endpoint (#46785) * Expose client tools auto update for find endpoint * Group auto update settings in find response Log error instead returning error Add tests auto update settings in find endpoint Add check for not implemented error * Add more test cases * Client AutoUpdate proto structure changes (#47532) * Update client autoupdate proto structure * Replace with reserved * Fix unit tests * Add more info in proto * Rename proto to be aligned RFD namings * Replace enum type for ToolsMode to string * Add packaging utility for client tools auto updates (#47060) * Add packaging utility for client tools auto updates * Add error handling for close functions * Move archive to existing utils package * Move archive helpers to integration/helper CR changes * CR changes * CR changes * CR changes Replace creating directory with extract path as argument * CR changes * Validate full size before un-archive Extract files to extractDir with ignore dir structure * Change compressing with relative paths Add test for cleanup and fix skip logic * CR changes * CR changes * Fix linter * Client tools auto update (#47466) * Add client tools auto update * Replace fork for posix platform for re-exec Move integration tests to client tools specific dir Use context cancellation with SIGTERM, SIGINT Remove cancelable tee reader with context replacement Renaming * Fix syscall path execution Fix archive cleanup if hash is not valid Limit the archive write bytes * Cover the case with single package for darwin platform after v17 * Move updater logic to tools package * Move context out from the library Base URL renaming * Add more context in comments * Changes in find endpoint * Replace test http server with `httptest` Replace hash for bytes matching Proper temp file close for archive download * Add more context to comments * Move feature flag to main package to be reused * Constant rename * Replace build tag with lib/modules to identify enterprise build * Replace fips tag with modules flag * Client auto updates integration for {tctl,tsh} (#47815) * Client auto updates integration for tctl/tsh * Add version validation Fix recursive version check for darwin platform Fix cleanup for multi-package support * Fix identifying tools removal from home directory * Replace ToolsMode with ToolsAutoUpdate * Reuse insecure flag for tests * Fix CheckRemote with login * Fix windows administrative access requirement Update must be able to be canceled, re-execute with latest version or last updated Show progress bar before request is made * Fix update cancellation for login action Address review comments * Add signal handler with stack context cancellation * Use copy instead of hard link for windows Fix progress bar if we can't receive size of package * Replace with list in order to support manual cancel * Download archive package to temp directory * Decrease timeout for client tools proxy call * Add audit logs for auto update resources (#48218) * Connect: Make sure tsh auto-updates are turned off * Add dir for code shared between Node.js processes * Connect: Make sure tsh auto-updates are turned off * Pass TELEPORT_TOOLS_VERSION=off to tsh vnet-daemon * Disable client tools auto update disabled if there are no home dir (#49159) Move updater to general tools package * Move client auto update helper to lib package (#49247) * Restrict AutoUpdateVersion to be created/updated for cloud (#49008) (#50244) * Restrict AutoUpdateVersion to be created/updated for cloud * Check builtin Admin role and Cloud feature * More informative error message * Remove KindAutoUpdateAgentRollout from editor role preset * Add remove tctl command for AutoUpdateConfig and AutoUpdateVersion (#49532) (#49676) * Fix auto-update re-exec arguments modified by aliases (#50228) (#51183) * Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation * Add client tools auto update tctl commands (#47692) * Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Add template for client tools auto-update download url (#51210) * Add templates for client tools auto-update download url * Change to base url setting by env MakeURL moved to common function to be general for both, agent and client tools * Add godoc for common function and constant for default package * Use flags and version arguments instead of revision * Move base url env to shared constant * Fix tests after backporting * Pass TELEPORT_TOOLS_VERSION=off when starting tshd * Prevent keystore cleanup to remove bin directory (#52331) * Don't show the progress bar until the request to the CDN is made * Fix Windows permission error with self remove (#52316) * Fix windows permission error with self replace * Aggregate errors * Update comments --------- Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
After regression testing for v14 and additional cases recognized in issue with
aliases, identified another issue related specifically for windows platform and double re-execution after update.teleport/lib/utils/packaging/unarchive.go
Lines 132 to 134 in e3ff2c0
Windows prevents the self-removal of an executed binary but allows it to be replaced, making this additional removal unnecessary, otherwise we get the access denied error.
teleport/lib/utils/fs.go
Lines 425 to 439 in e3ff2c0
The helper function does not close file descriptors, which blocks execution on Windows. In integration tests, we launch the update from the test function body and then attempt to execute it by
exec.CommandContextwhich leads to the error with execution.Related: https://github.com/gravitational/cloud/issues/11856