fix deadlock on install (#2667)

* fix deadlock on install

* improve pruning script

* bump tokio

core/startos/src/disk/main.rs

@@ -66,7 +66,7 @@ where
     let mut guid = format!(
         "STARTOS_{}",
         base32::encode(
-            base32::Alphabet::RFC4648 { padding: false },
+            base32::Alphabet::Rfc4648 { padding: false },
             &rand::random::<[u8; 20]>(),
         )
     );

core/startos/src/disk/mount/backup.rs

@@ -65,7 +65,7 @@ impl<G: GenericMountGuard> BackupMountGuard<G> {
             unencrypted_metadata.wrapped_key.as_ref(),
         ) {
             let wrapped_key =
-                base32::decode(base32::Alphabet::RFC4648 { padding: true }, wrapped_key)
+                base32::decode(base32::Alphabet::Rfc4648 { padding: true }, wrapped_key)
                     .ok_or_else(|| {
                         Error::new(
                             eyre!("failed to decode wrapped key"),
@@ -76,7 +76,7 @@ impl<G: GenericMountGuard> BackupMountGuard<G> {
             String::from_utf8(decrypt_slice(wrapped_key, password))?
         } else {
             base32::encode(
-                base32::Alphabet::RFC4648 { padding: false },
+                base32::Alphabet::Rfc4648 { padding: false },
                 &rand::random::<[u8; 32]>()[..],
             )
         };
@@ -93,7 +93,7 @@ impl<G: GenericMountGuard> BackupMountGuard<G> {
         }
         if unencrypted_metadata.wrapped_key.is_none() {
             unencrypted_metadata.wrapped_key = Some(base32::encode(
-                base32::Alphabet::RFC4648 { padding: true },
+                base32::Alphabet::Rfc4648 { padding: true },
                 &encrypt_slice(&enc_key, password),
             ));
         }
@@ -141,7 +141,7 @@ impl<G: GenericMountGuard> BackupMountGuard<G> {
             .with_kind(crate::ErrorKind::PasswordHashGeneration)?,
         );
         self.unencrypted_metadata.wrapped_key = Some(base32::encode(
-            base32::Alphabet::RFC4648 { padding: false },
+            base32::Alphabet::Rfc4648 { padding: false },
             &encrypt_slice(&self.enc_key, new_password),
         ));
         Ok(())

core/startos/src/disk/mount/guard.rs

@@ -111,7 +111,7 @@ impl GenericMountGuard for MountGuard {
 
 async fn tmp_mountpoint(source: &impl FileSystem) -> Result<PathBuf, Error> {
     Ok(Path::new(TMP_MOUNTPOINT).join(base32::encode(
-        base32::Alphabet::RFC4648 { padding: false },
+        base32::Alphabet::Rfc4648 { padding: false },
         &source.source_hash().await?[0..20],
     )))
 }

core/startos/src/init.rs

@@ -30,6 +30,7 @@ use crate::progress::{
     FullProgress, FullProgressTracker, PhaseProgressTrackerHandle, PhasedProgressBar,
 };
 use crate::rpc_continuations::{Guid, RpcContinuation};
+use crate::s9pk::v2::pack::{CONTAINER_DATADIR, CONTAINER_TOOL};
 use crate::ssh::SSH_AUTHORIZED_KEYS_FILE;
 use crate::util::io::{create_file, IOHook};
 use crate::util::net::WebSocketExt;
@@ -421,6 +422,10 @@ pub async fn init(
         tokio::fs::remove_dir_all(&tmp_var).await?;
     }
     crate::disk::mount::util::bind(&tmp_var, "/var/tmp", false).await?;
+    let tmp_docker = cfg
+        .datadir()
+        .join(format!("package-data/tmp/{CONTAINER_TOOL}"));
+    crate::disk::mount::util::bind(&tmp_docker, CONTAINER_DATADIR, false).await?;
     init_tmp.complete();
 
     set_governor.start();

core/startos/src/middleware/auth.rs

@@ -151,7 +151,7 @@ impl HashSessionToken {
     pub fn new() -> Self {
         Self::from_token(InternedString::intern(
             base32::encode(
-                base32::Alphabet::RFC4648 { padding: false },
+                base32::Alphabet::Rfc4648 { padding: false },
                 &rand::random::<[u8; 16]>(),
             )
             .to_lowercase(),
@@ -200,7 +200,7 @@ impl HashSessionToken {
         hasher.update(token.as_bytes());
         InternedString::intern(
             base32::encode(
-                base32::Alphabet::RFC4648 { padding: false },
+                base32::Alphabet::Rfc4648 { padding: false },
                 hasher.finalize().as_slice(),
             )
             .to_lowercase(),

core/startos/src/net/static_server.rs

@@ -253,7 +253,7 @@ fn cert_send(cert: &X509, hostname: &Hostname) -> Result<Response, Error> {
         .header(
             http::header::ETAG,
             base32::encode(
-                base32::Alphabet::RFC4648 { padding: false },
+                base32::Alphabet::Rfc4648 { padding: false },
                 &*cert.digest(MessageDigest::sha256())?,
             )
             .to_lowercase(),
@@ -338,8 +338,7 @@ impl FileData {
             .any(|e| e == "gzip")
             .then_some("gzip");
 
-        let file = open_file(path)
-            .await?;
+        let file = open_file(path).await?;
         let metadata = file
             .metadata()
             .await
@@ -439,6 +438,6 @@ fn e_tag(path: &Path, modified: impl AsRef<[u8]>) -> String {
     let res = hasher.finalize();
     format!(
         "\"{}\"",
-        base32::encode(base32::Alphabet::RFC4648 { padding: false }, res.as_slice()).to_lowercase()
+        base32::encode(base32::Alphabet::Rfc4648 { padding: false }, res.as_slice()).to_lowercase()
     )
 }

core/startos/src/progress.rs

@@ -279,7 +279,7 @@ impl FullProgressTracker {
                     .mutate(|v| {
                         if let Some(p) = deref(v) {
                             p.ser(&progress)?;
-                            Ok(false)
+                            Ok(progress.overall.is_complete())
                         } else {
                             Ok(true)
                         }

core/startos/src/s9pk/v1/reader.rs

@@ -206,7 +206,7 @@ impl<R: AsyncRead + AsyncSeek + Unpin + Send + Sync> S9pkReader<R> {
             (
                 Some(hash),
                 Some(base32::encode(
-                    base32::Alphabet::RFC4648 { padding: false },
+                    base32::Alphabet::Rfc4648 { padding: false },
                     hash.as_slice(),
                 )),
             )

core/startos/src/s9pk/v2/pack.rs

@@ -32,10 +32,14 @@ use crate::util::Invoke;
 
 #[cfg(not(feature = "docker"))]
 pub const CONTAINER_TOOL: &str = "podman";
-
 #[cfg(feature = "docker")]
 pub const CONTAINER_TOOL: &str = "docker";
 
+#[cfg(feature = "docker")]
+pub const CONTAINER_DATADIR: &str = "/var/lib/docker";
+#[cfg(not(feature = "docker"))]
+pub const CONTAINER_DATADIR: &str = "/var/lib/containers";
+
 pub struct SqfsDir {
     path: PathBuf,
     tmpdir: Arc<TmpDir>,

core/startos/src/service/mod.rs

@@ -374,9 +374,11 @@ impl Service {
                 entry.as_icon_mut().ser(&icon)?;
                 // TODO: marketplace url
                 // TODO: dependency info
+
                 Ok(())
             })
             .await?;
+
         Ok(service)
     }
 

core/startos/src/service/service_map.rs

@@ -294,9 +294,12 @@ impl ServiceMap {
                             .into(),
                         );
                     }
+                    drop(service);
+
                     sync_progress_task.await.map_err(|_| {
                         Error::new(eyre!("progress sync task panicked"), ErrorKind::Unknown)
                     })??;
+
                     Ok(())
                 })
                 .boxed())

core/startos/src/service/transition/restart.rs

@@ -20,7 +20,6 @@ impl Handler<Restart> for ServiceActor {
             .except::<DependencyConfig>()
     }
     async fn handle(&mut self, _: Guid, _: Restart, jobs: &BackgroundJobQueue) -> Self::Response {
-        dbg!("here");
         // So Need a handle to just a single field in the state
         let temp = TempDesiredRestore::new(&self.0.persistent_container.state);
         let mut current = self.0.persistent_container.state.subscribe();
@@ -77,7 +76,6 @@ impl Handler<Restart> for ServiceActor {
 impl Service {
     #[instrument(skip_all)]
     pub async fn restart(&self, id: Guid) -> Result<(), Error> {
-        dbg!("here");
         self.actor.send(id, Restart).await
     }
 }

core/startos/src/util/io.rs

@@ -781,7 +781,7 @@ pub struct TmpDir {
 impl TmpDir {
     pub async fn new() -> Result<Self, Error> {
         let path = Path::new("/var/tmp/startos").join(base32::encode(
-            base32::Alphabet::RFC4648 { padding: false },
+            base32::Alphabet::Rfc4648 { padding: false },
             &rand::random::<[u8; 8]>(),
         ));
         if tokio::fs::metadata(&path).await.is_ok() {

core/startos/src/util/mod.rs

@@ -644,7 +644,7 @@ pub fn new_guid() -> InternedString {
     let mut buf = [0; 20];
     rand::thread_rng().fill_bytes(&mut buf);
     InternedString::intern(base32::encode(
-        base32::Alphabet::RFC4648 { padding: false },
+        base32::Alphabet::Rfc4648 { padding: false },
         &buf,
     ))
 }

core/startos/src/util/serde.rs

@@ -958,7 +958,7 @@ impl<T: AsRef<[u8]>> std::fmt::Display for Base16<T> {
 pub struct Base32<T>(pub T);
 impl<T: AsRef<[u8]>> std::fmt::Display for Base32<T> {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        base32::encode(base32::Alphabet::RFC4648 { padding: true }, self.0.as_ref()).fmt(f)
+        base32::encode(base32::Alphabet::Rfc4648 { padding: true }, self.0.as_ref()).fmt(f)
     }
 }
 impl<'de, T: TryFrom<Vec<u8>>> Deserialize<'de> for Base32<T> {
@@ -967,7 +967,7 @@ impl<'de, T: TryFrom<Vec<u8>>> Deserialize<'de> for Base32<T> {
         D: Deserializer<'de>,
     {
         let s = String::deserialize(deserializer)?;
-        base32::decode(base32::Alphabet::RFC4648 { padding: true }, &s)
+        base32::decode(base32::Alphabet::Rfc4648 { padding: true }, &s)
             .ok_or_else(|| {
                 serde::de::Error::invalid_value(
                     serde::de::Unexpected::Str(&s),