Re: [BuildStream] BuildStream 2.0 planning



On Mon, 2020-04-20 at 16:23 +0100, William Salmon wrote:

On 15/04/2020 11:37, Tristan Van Berkom wrote:
[...]

Sandboxing
----------

   * BuildBox only sandboxing solution[7][8]

     Blocker.

Asides from the above, sandbox capabilities and how they can
affect cache keys was discussed.

   - BuildBox provides 'capabilities' depending on host environment
   - A 'capability' can be considered a 'guarantee'
   - The YAML format can express the requirement of a 'capability',
     this requirement affects the cache keys.

An example of this is the `build-uid` and `build-gid` sandbox
configurations: if left unspecified, then the sandbox makes no
guarantee about which uid/gid is used for the process performing
a build.



Another part of sand boxing and the uid/gid story is file ownership etc 
this is a blocker for many things and is a long standing issue[21]. It 
is also one of the things mentioned on the last bst2 ML thread and in 
the milestone. It is great that now that the mtime work has shown a way 
that this can finally be achieved. There for I assume it is not 
mentioned here as it is implicitly part of this, I think it would be 
helpful to be explicitly mentioned as a blocker here.

The idea is that support for uid/gid and extended permissions will
always be opt-in (`sandbox` configuration in `project.conf` and
elements). This is necessary for technical reasons (not all sandbox
backends or operating systems can support it) and not all
elements/projects need it. This approach should also allow adding these
features without breaking backward compatibility. Due to this I don't
consider this a hard blocker for BuildStream 2.0.

That said, it would definitely be nice to solve this in time for
BuildStream 2.0. I.e., not being a blocker doesn't mean that it won't
be included if someone contributes a good implementation.

Or do you see a reason why we should delay BuildStream 2.0 if support
for uid/gid and extended permissions is not ready in time?

Cheers,
Jürg



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]