Skip to content

Bump Cabal submodule: fix tarball extraction TOCTOU race#159

Merged
angerman merged 1 commit intostable-ghc-9.14from
fix/bump-cabal-unpack-race
Feb 28, 2026
Merged

Bump Cabal submodule: fix tarball extraction TOCTOU race#159
angerman merged 1 commit intostable-ghc-9.14from
fix/bump-cabal-unpack-race

Conversation

@angerman
Copy link
Copy Markdown

@angerman angerman commented Feb 28, 2026

Summary

  • Bumps the Cabal submodule by 1 commit to pick up the tarball extraction race fix
  • Fixes intermittent "No cabal file found" errors on FreeBSD CI (and potentially other platforms)

Root Cause

When two stages of the same package (build: and host: in cross-compilation) are scheduled concurrently by InstallPlan.execute, both call withTarballLocalDirectory which:

  1. Checks if distUnpackedSrcDirectory pkgid exists (keyed only by PackageId, not stage)
  2. Both threads see it as non-existent
  3. Both race to extract the tarball to the same directory
  4. The second extraction overwrites the first mid-flight, corrupting the result

Fix

The Cabal-side fix (stable-haskell/cabal#269) adds an unpackLock to serialise the doesDirectoryExist check and unpackPackageTarball call, using the same Lock/criticalSection pattern already used for registerLock and cacheLock.

Test plan

  • FreeBSD CI passes without "No cabal file found" errors
  • All other CI platforms pass (no regression from the lock)

@angerman
Bump Cabal submodule to include tarball extraction race fix
5d86c7f 
Picks up stable-haskell/cabal@bb6a1e086 which serialises the
BuildInplaceOnly tarball extraction with a lock to prevent a TOCTOU
race. This fixes the intermittent "No cabal file found" errors seen
on FreeBSD CI for os-string-2.0.8 when build: and host: stages of
the same package are scheduled concurrently.
@angerman angerman force-pushed the fix/bump-cabal-unpack-race branch from 496f1de to 5d86c7f Compare February 28, 2026 07:13
@angerman angerman merged commit 68bc368 into stable-ghc-9.14 Feb 28, 2026
29 of 33 checks passed
@angerman angerman deleted the fix/bump-cabal-unpack-race branch February 28, 2026 12:29
@angerman angerman mentioned this pull request Mar 5, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@angerman