Skip to content

rekor: do not cancel http context#2938

Merged
Luap99 merged 1 commit intocontainers:mainfrom
Luap99:rekor-context
Aug 25, 2025
Merged

rekor: do not cancel http context#2938
Luap99 merged 1 commit intocontainers:mainfrom
Luap99:rekor-context

Conversation

@Luap99
Copy link
Member

@Luap99 Luap99 commented Aug 21, 2025

The context must be valid for the entire lifetime of the request including reading the body, as such it is invalid to return the body after cancelling the context, depending of if all the response data arrived already or not this then might fail.

To fix this simply do not cancel the context here, we could move the cancel() up to the caller function that processes the body. However as that one already closes the body there should be no need to cancel the context to end the request.

Fixes: #2936

@Luap99
rekor: do not cancel http context
29bbd0e 
The context must be valid for the entire lifetime of the request
including reading the body, as such it is invalid to return the body
after cancelling the context, depending of if all the response data
arrived already or not this then might fail.

To fix this simply do not cancel the context here, we could move the
cancel() up to the caller function that processes the body. However as
that one already closes the body there should be no need to cancel the
context to end the request.

Fixes: containers#2936

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@Luap99
Copy link
Member Author

Luap99 commented Aug 25, 2025

@mtrmac PTAL

mtrmac
mtrmac reviewed Aug 25, 2025
View reviewed changes
Copy link
Collaborator

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on the reproducer!

we could move the cancel() up to the caller function that processes the body. However as that one already closes the body there should be no need to cancel the context to end the request.

Mostly… best I can tell, the defer cancel() is basically a protection against forgetting to consume/close things. (Otherwise, net/http.persistConn.readLoop will be stuck forever, with the FD open.)

It’s a tiny bit valuable, but not enough that I’d advocate copy&pasting these two lines into … the two callers.

LGTM. I don’t have an opinion on timing vs. the monorepo move — feel free to merge now, if it makes things easier.

@Luap99
Copy link
Member Author

Luap99 commented Aug 25, 2025

we could move the cancel() up to the caller function that processes the body. However as that one already closes the body there should be no need to cancel the context to end the request.

Mostly… best I can tell, the defer cancel() is basically a protection against forgetting to consume/close things. (Otherwise, net/http.persistConn.readLoop will be stuck forever, with the FD open.)

It’s a tiny bit valuable, but not enough that I’d advocate copy&pasting these two lines into … the two callers.

right but since the caller already does res.Body.Close() it has the same protection as the caller doing a defer cancel() I think?

LGTM. I don’t have an opinion on timing vs. the monorepo move — feel free to merge now, if it makes things easier.

I mean merging it now mean it will be in and I don't need to have you review it again, but yeah it is a two line patch that is trival to copy paste around. I guess the best benifit is we can do a "clean" backport to the RHEL branch if needed.

@Luap99 Luap99 merged commit 9b99818 into containers:main Aug 25, 2025
12 checks passed
@Luap99 Luap99 deleted the rekor-context branch August 25, 2025 17:23
@TomSweeneyRedHat
Copy link
Member

TomSweeneyRedHat commented Aug 25, 2025

Cherry picked to the release-5.36 branch with: #2943

@alex-berger alex-berger mentioned this pull request Jan 9, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtrmac mtrmac mtrmac left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Timeouts while pushing Sigstore logs to Rekor

3 participants

@Luap99 @TomSweeneyRedHat @mtrmac