Re: [BuildStream] BuildStream 2.0 planning

From: Jürg Billeter <j bitron ch>
To: William Salmon <will salmon codethink co uk>, buildstream-list gnome org
Subject: Re: [BuildStream] BuildStream 2.0 planning
Date: Mon, 20 Apr 2020 17:44:04 +0200

On Mon, 2020-04-20 at 16:23 +0100, William Salmon wrote:


On 15/04/2020 11:37, Tristan Van Berkom wrote:

[...]

Sandboxing
----------

   * BuildBox only sandboxing solution[7][8]

     Blocker.

Asides from the above, sandbox capabilities and how they can
affect cache keys was discussed.

   - BuildBox provides 'capabilities' depending on host environment
   - A 'capability' can be considered a 'guarantee'
   - The YAML format can express the requirement of a 'capability',
     this requirement affects the cache keys.

An example of this is the `build-uid` and `build-gid` sandbox
configurations: if left unspecified, then the sandbox makes no
guarantee about which uid/gid is used for the process performing
a build.


Another part of sand boxing and the uid/gid story is file ownership etc 
this is a blocker for many things and is a long standing issue[21]. It 
is also one of the things mentioned on the last bst2 ML thread and in 
the milestone. It is great that now that the mtime work has shown a way 
that this can finally be achieved. There for I assume it is not 
mentioned here as it is implicitly part of this, I think it would be 
helpful to be explicitly mentioned as a blocker here.


The idea is that support for uid/gid and extended permissions will
always be opt-in (`sandbox` configuration in `project.conf` and
elements). This is necessary for technical reasons (not all sandbox
backends or operating systems can support it) and not all
elements/projects need it. This approach should also allow adding these
features without breaking backward compatibility. Due to this I don't
consider this a hard blocker for BuildStream 2.0.

That said, it would definitely be nice to solve this in time for
BuildStream 2.0. I.e., not being a blocker doesn't mean that it won't
be included if someone contributes a good implementation.

Or do you see a reason why we should delay BuildStream 2.0 if support
for uid/gid and extended permissions is not ready in time?

Cheers,
Jürg

References:
- [BuildStream] BuildStream 2.0 planning
  - From: Tristan Van Berkom
- Re: [BuildStream] BuildStream 2.0 planning
  - From: William Salmon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]