Ubuntu – Does apt not display an error message even if flock is used


Running script

 flock 9 
  # ... commands executed under lock ...
 fuser -v /var/lib/dpkg/lock
 apt-get -f --assume-no install
) 9>/var/lib/dpkg/lock

as superuser does not display an error message. But if there is e.g. synaptic running,apt-get will display an error message:
"E: Could not get lock /var/lib/dpkg/lock – open (11: Resource temporarily unavailable)".

Best Answer

dpkg (and in turn apt) doesn't use flock(2) for locking. Checking the system calls, involved, it seems they use fcntl(2):

$ sudo strace -f -e trace=desc apt install foo |& grep -B2 F_SETLK
close(4)                                = 0
open("/var/lib/dpkg/lock", O_RDWR|O_CREAT|O_NOFOLLOW, 0640) = 4
fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
fcntl(4, F_SETLK, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = -1 EAGAIN (Resource temporarily unavailable)
close(4)                                = 0

And from this SO post:

In Linux, lockf() is just a wrapper around fcntl(), while flock() locks are separate (and will only work on local filesystems, not on e.g. NFS mounts). That is, one process can have an advisory exclusive flock() lock on a file, while another process has an advisory exclusive fcntl() lock on that same file. Both are advisory locks, but they do not interact.

So flock isn't effective in locking it against other package management commands. (Thinking about it... if it were, then the subsequent apt-get would have failed anyway.)

The simplest way I can think of is to create an immutable /var/lib/dpkg/lock file for the duration of the task.

touch /var/lib/dpkg/lock
chattr +i /var/lib/dpkg/lock

Or you can write a short C program (or any language that provides an easy interface to fcntl) that uses fcntl to lock it the way dpkg does.

Related Question