warmer TOCTOU concurrency issue #364
Description
Actual behavior
warmer does not mutex lock the cache folder but potentially does concurrent writes to the same shared volume (depends on use-case).
Warmer checks whether the image exists in cache, and if not, downloads it to a tmpdir and copies it over to the shared volume, of course in the meantime someone else might have done the same. So far this was not as visible, as we store the image as a single tarball file. In case there is a conflict it is mostly resolved by the slower warmer overwriting the output from the faster warmer. This issue now became obvious as we try to switch to ocilayout, where the image is not stored as a single file anymore, but as a folder, and for folders this silent overwrite via rename is no longer allowed on the OS level.
Expected behavior
Two warmer processes can work on the same shared volume and use mutex locks to coordinate their access.
To Reproduce
revert this commit, s.t. warmer threads run on the same volume: 9f4021a