Support graceful script isolation fallback when filesystem does not support locking

source/Calamari.Common/CalamariFlavourProgram.cs

@@ -79,7 +79,8 @@ protected virtual int Run(string[] args)
                 }
 #endif
 
-                using var _ = Isolation.Enforce(options.ScriptIsolation);
+                var isolation = container.Resolve<IScriptIsolationEnforcer>();
+                using var _ = isolation.Enforce(options.ScriptIsolation);
                 return ResolveAndExecuteCommand(container, options);
             }
             catch (Exception ex)
@@ -121,6 +122,7 @@ protected virtual void ConfigureContainer(ContainerBuilder builder, CommonOption
 
             builder.RegisterModule<VariablesModule>();
             builder.RegisterModule<SubstitutionsModule>();
+            builder.RegisterModule<ScriptIsolationModule>();
 
             var assemblies = GetAllAssembliesToRegister().ToArray();
 
@@ -157,4 +159,4 @@ protected virtual IEnumerable<Assembly> GetAllAssembliesToRegister()
             yield return typeof(CalamariFlavourProgram).Assembly; // Calamari.Common
         }
     }
-}
+}

source/Calamari.Common/CalamariFlavourProgramAsync.cs

@@ -64,6 +64,7 @@ protected virtual void ConfigureContainer(ContainerBuilder builder, CommonOption
 
             builder.RegisterModule<VariablesModule>();
             builder.RegisterModule<SubstitutionsModule>();
+            builder.RegisterModule<ScriptIsolationModule>();
 
             var assemblies = GetAllAssembliesToRegister().ToArray();
 
@@ -145,7 +146,8 @@ protected async Task<int> Run(string[] args)
                 }
 #endif
 
-                await using var _ = await Isolation.EnforceAsync(options.ScriptIsolation, CancellationToken.None);
+                var isolation = container.Resolve<IScriptIsolationEnforcer>();
+                await using var _ = await isolation.EnforceAsync(options.ScriptIsolation, CancellationToken.None);
                 await ResolveAndExecuteCommand(container, options);
                 return 0;
             }
@@ -186,4 +188,4 @@ Task ResolveAndExecuteCommand(ILifetimeScope container, CommonOptions options)
             }
         }
     }
-}
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/CachedDriveInfo.cs

@@ -0,0 +1,72 @@
+using System.IO;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+sealed record CachedDriveInfo(
+    DirectoryInfo RootDirectory,
+    string Format,
+    DriveType DriveType,
+    LockCapability? DetectedLockSupport = null
+)
+{
+    const string UnknownFormat = "unknown";
+
+    public static CachedDriveInfo From(DriveInfo driveInfo)
+    {
+        // These should not throw
+        var rootDirectory = driveInfo.RootDirectory;
+        var driveType = driveInfo.DriveType;
+        try
+        {
+            var format = driveInfo.DriveFormat; // May throw
+            return new CachedDriveInfo(rootDirectory, format, driveType);
+        }
+        catch
+        {
+            // If it is throwing an error here, don't trust it for locking
+            return new CachedDriveInfo(
+                                       RootDirectory: rootDirectory,
+                                       Format: UnknownFormat,
+                                       DriveType: driveType,
+                                       DetectedLockSupport: LockCapability.Unsupported
+                                      );
+        }
+    }
+
+    public LockCapability? LockSupport
+    {
+        get
+        {
+            if (DetectedLockSupport is not null)
+            {
+                return DetectedLockSupport.Value;
+            }
+
+            switch (DriveType)
+            {
+                case DriveType.Network:
+                    return null; // Default to assuming network is unknown
+                default:  // Explicitly falling through to format inspection
+                    break;
+            }
+
+            switch (Format.ToLowerInvariant())
+            {
+                case "apfs":
+                case "btrfs":
+                case "ext4":
+                case "hfs+":
+                case "ntfs":
+                case "tmpfs":
+                case "xfs":
+                case "zfs":
+                    // We trust that these filesystems fully support file locking and will skip
+                    // testing these filesystems for compatibility.
+                    return LockCapability.Supported;
+                default:
+                    return null;
+            }
+        }
+    }
+
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/DefaultPathResolutionService.cs

@@ -0,0 +1,36 @@
+using System;
+using System.IO;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+/// <summary>
+/// The production implementation of <see cref="IPathResolutionService"/>.
+/// Each member is a direct, thin delegate to a BCL primitive — all
+/// resolution <em>logic</em> lives in
+/// <see cref="PathResolutionServiceExtensions.ResolvePath"/>.
+/// </summary>
+sealed class DefaultPathResolutionService : IPathResolutionService
+{
+    DefaultPathResolutionService() { }
+
+    public static readonly DefaultPathResolutionService Instance = new();
+
+    /// <inheritdoc/>
+    /// <remarks>Delegates to <see cref="Path.GetFullPath(string)"/>.</remarks>
+    public string GetFullPath(string path) => Path.GetFullPath(path);
+
+    /// <inheritdoc/>
+    /// <remarks>
+    /// Delegates to <see cref="FileInfo.ResolveLinkTarget"/> with
+    /// <c>returnFinalTarget: true</c> so that symlink chains are followed
+    /// all the way to their ultimate target.
+    /// </remarks>
+    public FileSystemInfo? ResolveLinkTarget(string path)
+        => new FileInfo(path).ResolveLinkTarget(returnFinalTarget: true);
+
+    /// <inheritdoc/>
+    public StringComparison PathComparison =>
+        OperatingSystem.IsWindows() || OperatingSystem.IsMacOS()
+            ? StringComparison.OrdinalIgnoreCase
+            : StringComparison.Ordinal;
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/FileLock.cs

@@ -1,18 +1,15 @@
 using System;
 using System.IO;
-using System.Threading.Tasks;
 
 namespace Calamari.Common.Features.Processes.ScriptIsolation;
 
 public static class FileLock
 {
     public static ILockHandle Acquire(LockOptions lockOptions)
     {
-        var fileShareMode = GetFileShareMode(lockOptions.Type);
         try
         {
-            var fileStream = lockOptions.LockFile.Open(FileMode.OpenOrCreate, FileAccess.ReadWrite, fileShareMode);
-            return new LockHandle(fileStream);
+            return lockOptions.LockFile.Open(lockOptions.Type);
         }
         catch (IOException e) when (IsFileLocked(e))
         {
@@ -43,27 +40,4 @@ static bool IsFileLocked(IOException ioException)
 
         return false;
     }
-
-    static FileShare GetFileShareMode(LockType isolationLevel)
-    {
-        return isolationLevel switch
-        {
-            LockType.Exclusive => FileShare.None,
-            LockType.Shared => FileShare.ReadWrite,
-            _ => throw new ArgumentOutOfRangeException(nameof(isolationLevel), isolationLevel, null)
-        };
-    }
-
-    sealed class LockHandle(FileStream fileStream) : ILockHandle
-    {
-        public void Dispose()
-        {
-            fileStream.Dispose();
-        }
-
-        public async ValueTask DisposeAsync()
-        {
-            await fileStream.DisposeAsync();
-        }
-    }
 }

source/Calamari.Common/Features/Processes/ScriptIsolation/FileLockService.cs

@@ -0,0 +1,19 @@
+using System.IO;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+/// <summary>
+/// The real filesystem implementation of <see cref="IFileLockService"/>.
+/// Uses <see cref="FileLock.Acquire"/> for lock acquisition and
+/// <see cref="Directory.CreateDirectory(string)"/> for directory creation.
+/// </summary>
+sealed class FileLockService : IFileLockService
+{
+    FileLockService() { }
+
+    public static readonly IFileLockService Instance = new FileLockService();
+
+    public void CreateDirectory(DirectoryInfo directory) => directory.Create();
+
+    public ILockHandle AcquireLock(LockOptions options) => FileLock.Acquire(options);
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/ICachedDriveInfoProvider.cs

@@ -0,0 +1,8 @@
+using System;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+interface ICachedDriveInfoProvider
+{
+    CachedDriveInfo GetAssociatedDrive(string path);
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/IFileLockService.cs

@@ -0,0 +1,24 @@
+using System.IO;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+/// <summary>
+/// Abstracts the filesystem operations required to probe lock support on a drive.
+/// Separating these from the static implementations allows hermetic unit testing
+/// without touching the real filesystem.
+/// </summary>
+interface IFileLockService
+{
+    /// <summary>Ensures the given directory path exists.</summary>
+    /// <remarks>This allows a test implementation to not actually create the directory.</remarks>
+    void CreateDirectory(DirectoryInfo directory);
+
+    /// <summary>Attempts to acquire a lock described by <paramref name="options"/>.</summary>
+    /// <exception cref="LockRejectedException">
+    ///   Thrown when the lock cannot be acquired due to a conflicting hold.
+    /// </exception>
+    /// <exception cref="System.IO.IOException">
+    ///   Thrown when the filesystem does not support the requested lock type.
+    /// </exception>
+    ILockHandle AcquireLock(LockOptions options);
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/ILockDirectoryFactory.cs

@@ -0,0 +1,8 @@
+using System.IO;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+public interface ILockDirectoryFactory
+{
+    LockDirectory Create(DirectoryInfo preferredLockDirectory);
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/IMountedDrivesProvider.cs

@@ -0,0 +1,8 @@
+using System;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+interface IMountedDrivesProvider
+{
+    MountedDrives GetMountedDrives();
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/IPathResolutionService.cs

@@ -0,0 +1,64 @@
+using System;
+using System.IO;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+/// <summary>
+/// Minimal abstraction over the BCL path and symlink primitives used when
+/// resolving a path to its canonical form for drive-root matching.
+/// Keeping the interface thin allows the resolution <em>logic</em> — housed
+/// in <see cref="PathResolutionServiceExtensions.ResolvePath"/> — to be
+/// exercised independently of real filesystem state.
+/// </summary>
+interface IPathResolutionService
+{
+    /// <summary>
+    /// Returns the absolute, normalised form of <paramref name="path"/>
+    /// (equivalent to <see cref="Path.GetFullPath(string)"/>).
+    /// This operation is purely lexical: no filesystem access, no symlink
+    /// resolution.
+    /// </summary>
+    /// <exception cref="ArgumentNullException"><paramref name="path"/> is <c>null</c>.</exception>
+    /// <exception cref="ArgumentException">
+    ///   <paramref name="path"/> is zero-length, contains only white space (Windows),
+    ///   contains invalid path characters, or the system could not retrieve the
+    ///   absolute path.
+    /// </exception>
+    /// <exception cref="System.Security.SecurityException">
+    ///   The caller does not have the required permissions.
+    /// </exception>
+    /// <exception cref="NotSupportedException">
+    ///   .NET Framework only: <paramref name="path"/> contains a colon that is not
+    ///   part of a volume identifier.
+    /// </exception>
+    /// <exception cref="PathTooLongException">
+    ///   The specified path exceeds the system-defined maximum length.
+    /// </exception>
+    string GetFullPath(string path);
+
+    /// <summary>
+    /// Resolves the final symlink target of <paramref name="path"/>.
+    /// <list type="bullet">
+    ///   <item><description>
+    ///     Returns <c>null</c> if the path exists but is <em>not</em> a symlink.
+    ///   </description></item>
+    ///   <item><description>
+    ///     Returns a <see cref="FileSystemInfo"/> pointing at the real target
+    ///     when the path is a symlink (following chains to the final target).
+    ///   </description></item>
+    ///   <item><description>
+    ///     Throws <see cref="FileNotFoundException"/>,
+    ///     <see cref="DirectoryNotFoundException"/>, or <see cref="IOException"/>
+    ///     when the path does not exist on disk.
+    ///   </description></item>
+    /// </list>
+    /// </summary>
+    FileSystemInfo? ResolveLinkTarget(string path);
+
+    /// <summary>
+    /// The <see cref="StringComparison"/> appropriate for comparing paths on the
+    /// host filesystem.  Typically <see cref="StringComparison.OrdinalIgnoreCase"/>
+    /// on Windows and macOS, and <see cref="StringComparison.Ordinal"/> on Linux.
+    /// </summary>
+    StringComparison PathComparison { get; }
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/IScriptIsolationEnforcer.cs

@@ -0,0 +1,16 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using Calamari.Common.Plumbing.Commands;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+public interface IScriptIsolationEnforcer
+{
+    ILockHandle Enforce(CommonOptions.ScriptIsolationOptions scriptIsolationOptions);
+
+    Task<ILockHandle> EnforceAsync(
+        CommonOptions.ScriptIsolationOptions scriptIsolationOptions,
+        CancellationToken cancellationToken
+    );
+}

source/Calamari.Common/Features/Processes/ScriptIsolation/ITemporaryDirectoryFallbackProvider.cs

@@ -0,0 +1,10 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+
+namespace Calamari.Common.Features.Processes.ScriptIsolation;
+
+interface ITemporaryDirectoryFallbackProvider
+{
+    IEnumerable<LockDirectoryFallback> GetFallbackCandidates(DirectoryInfo preferredDirectory);
+}