Replace file.flush() calls with flush_sync() helper

Calls to `os.fsync(f.fileno())` need to be accompained by `f.flush()`.

Commit 8bbeedc93f introduces the helper
`ipapython.ipautil.flush_sync()`, which handles all calls in the right
order.

However, `flush_sync()` takes as parameter a file object with fileno
and name, where name must be a path to the file, this isn't possible
in some cases where file descriptors are used.

Issue: https://pagure.io/freeipa/issue/7251

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>

ipaclient/install/client.py

@@ -1274,10 +1274,9 @@ def do_nsupdate(update_txt):
     logger.debug("Writing nsupdate commands to %s:", UPDATE_FILE)
     logger.debug("%s", update_txt)
 
-    update_fd = open(UPDATE_FILE, "w")
+    with open(UPDATE_FILE, "w") as f:
-    update_fd.write(update_txt)
+        f.write(update_txt)
-    update_fd.flush()
+        ipautil.flush_sync(f)
-    update_fd.close()
 
     result = False
     try:

ipaclient/plugins/vault.py

@@ -46,6 +46,7 @@ from ipalib import api, errors
 from ipalib import Bytes, Flag, Str
 from ipalib.plugable import Registry
 from ipalib import _
+from ipapython import ipautil
 from ipapython.dnsutil import DNSName
 
 logger = logging.getLogger(__name__)
@@ -590,8 +591,7 @@ class _TransportCertCache(object):
                                              mode='wb') as f:
                 try:
                     f.write(pem)
-                    f.flush()
+                    ipautil.flush_sync(f)
-                    os.fsync(f.fileno())
                     f.close()
                     os.rename(f.name, filename)
                 except Exception:

ipaclient/remote_plugins/schema.py

@@ -22,6 +22,7 @@ from ipalib.errors import SchemaUpToDate
 from ipalib.frontend import Object
 from ipalib.output import Output
 from ipalib.parameters import DefaultFrom, Flag, Password, Str
+from ipapython import ipautil
 from ipapython.ipautil import fsdecode
 from ipapython.dn import DN
 from ipapython.dnsutil import DNSName
@@ -492,8 +493,7 @@ class Schema(object):
                                          dir=self._DIR, delete=False) as f:
             try:
                 self._write_schema_data(f)
-                f.flush()
+                ipautil.flush_sync(f)
-                os.fsync(f.fileno())
                 f.close()
             except Exception:
                 os.unlink(f.name)

ipapython/certdb.py

@@ -365,7 +365,9 @@ class NSSDatabase(object):
                                  os.O_CREAT | os.O_WRONLY,
                                  pwdfilemode), 'w', closefd=True) as f:
                 f.write(ipautil.ipa_generate_password())
+                # flush and sync tempfile inode
                 f.flush()
+                os.fsync(f.fileno())
 
         # In case dbtype is auto, let certutil decide which type of DB
         # to create.

ipaserver/install/cainstance.py

@@ -628,7 +628,7 @@ class CAInstance(DogtagInstance):
             with open(self.cert_file, 'rb') as f:
                 ext_cert = x509.load_unknown_x509_certificate(f.read())
             cert_file.write(ext_cert.public_bytes(x509.Encoding.PEM))
-            cert_file.flush()
+            ipautil.flush_sync(cert_file)
 
             result = ipautil.run(
                 [paths.OPENSSL, 'crl2pkcs7',