secex: guard GPG encryption of Ignition config with mutex

Running secex tests with `--parallel=auto` complains: ``` $ cosa kola run --qemu-secex --tag secex --qemu-secex-hostkey hostkey.crt --parallel=auto === RUN ext.config.shared.secex.ensure === RUN ext.config.shared.secex.reboot 2024-11-01T17:28:29Z kola: retryloop: failed to bring up machines: encrypting /var/tmp/mantle-qemu2551463228/ignition_crypted.1734631171: exit status 2 ``` Use mutex for `gpg --encrypt` to avoid this issue.
coreos · Nov 4, 2024 · 6813e3f · 6813e3f
1 parent d72b3ee
commit 6813e3f
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/mantle/platform/qemu.go b/mantle/platform/qemu.go
@@ -40,6 +40,7 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
+	"sync"
 	"syscall"
 	"time"
 
@@ -758,11 +759,20 @@ func (builder *QemuBuilder) SetSecureExecution(gpgkey string, hostkey string, co
 	return nil
 }
 
+// When running kola secex tests with '--parallel=auto', this function fails with:
+//
+//	kola: retryloop: failed to bring up machines: encrypting ignition_crypted.1234: exit status 2
+//
+// Use mutex to protect `gpg --encrypt`
+var gpgMutex sync.Mutex
+
 func (builder *QemuBuilder) encryptIgnitionConfig() error {
 	crypted, err := builder.TempFile("ignition_crypted.*")
 	if err != nil {
 		return fmt.Errorf("creating crypted config: %v", err)
 	}
+	gpgMutex.Lock()
+	defer gpgMutex.Unlock()
 	c := exec.Command("gpg", "--recipient-file", builder.ignitionPubKey, "--yes", "--output", crypted.Name(), "--armor", "--encrypt", builder.ConfigFile)
 	if err := c.Run(); err != nil {
 		return fmt.Errorf("encrypting %s: %v", crypted.Name(), err)