process-upload lockfile has bad permission

I'm taking the liberty of unassigning Malcolm from this, as I doubt he's going to be working on it any more.

This is biting us in process-upload at the moment. How about:

--- process-upload.py.orig 2007-02-10 12:44:58.000000000 +0000
+++ process-upload.py 2007-02-10 12:45:24.000000000 +0000
@@ -28,7 +28,9 @@
     options = readOptions()
     log = logger(options, "process-upload")

+ old_umask = os.umask(0002)
     locker = GlobalLock(_default_lockfile, logger=log)
+ os.umask(old_umask)
     try:
         locker.acquire()
     except LockAlreadyAcquired:

This won't quite work, as the lock file has group lp_buildd if lp_buildd creates it, and lp_queue isn't a member of that group.

One simple solution, and to my mind the cleanest, would be to move the lock file to a Launchpad-specific directory (rather than /var/lock) which is setgid lp_lock; then all lock files created there would have the proper group ownership, and if created with umask 0002 would be group-writable.

it's hurting us again, lp_queue (sources) & lp_buildd (binaries) 'process-upload' are conflicting harder.

I will check if this requirement is going to fit in our new script infrastructure as well.

Thinking about the overall problem again, I can't see any reason for blocking simultaneous run of process-upload using different policies:

 * 'insecure' runs by cron (lp_queue)
 * 'security' runs by cron (lp_queue)
 * 'buildd' is tied to buildd-slave-scanner. (lp_buildd)
 * 'sync' runs on demand (lp_queue)

I do agree that simultaneous runs of p-u using the same policy may indicate problems considering the current production setup. However, the conflicts are, mostly, generated by 'insecure' & 'buildd' simultaneous runs, which clearly perform unrelated tasks.

We can avoid permission overlap dealing and further setup complexity by encoding the policy name in the lockfile name, then each upload incoming branch will continue to be protected but not blocked by activity in other ones.

RF 3994

released sometime ago