Re: [BuildStream] BuildStream 2.0 planning
- From: Jürg Billeter <j bitron ch>
- To: William Salmon <will salmon codethink co uk>, buildstream-list gnome org
- Subject: Re: [BuildStream] BuildStream 2.0 planning
- Date: Mon, 20 Apr 2020 17:44:04 +0200
On Mon, 2020-04-20 at 16:23 +0100, William Salmon wrote:
On 15/04/2020 11:37, Tristan Van Berkom wrote:
[...]
Sandboxing
----------
* BuildBox only sandboxing solution[7][8]
Blocker.
Asides from the above, sandbox capabilities and how they can
affect cache keys was discussed.
- BuildBox provides 'capabilities' depending on host environment
- A 'capability' can be considered a 'guarantee'
- The YAML format can express the requirement of a 'capability',
this requirement affects the cache keys.
An example of this is the `build-uid` and `build-gid` sandbox
configurations: if left unspecified, then the sandbox makes no
guarantee about which uid/gid is used for the process performing
a build.
Another part of sand boxing and the uid/gid story is file ownership etc
this is a blocker for many things and is a long standing issue[21]. It
is also one of the things mentioned on the last bst2 ML thread and in
the milestone. It is great that now that the mtime work has shown a way
that this can finally be achieved. There for I assume it is not
mentioned here as it is implicitly part of this, I think it would be
helpful to be explicitly mentioned as a blocker here.
The idea is that support for uid/gid and extended permissions will
always be opt-in (`sandbox` configuration in `project.conf` and
elements). This is necessary for technical reasons (not all sandbox
backends or operating systems can support it) and not all
elements/projects need it. This approach should also allow adding these
features without breaking backward compatibility. Due to this I don't
consider this a hard blocker for BuildStream 2.0.
That said, it would definitely be nice to solve this in time for
BuildStream 2.0. I.e., not being a blocker doesn't mean that it won't
be included if someone contributes a good implementation.
Or do you see a reason why we should delay BuildStream 2.0 if support
for uid/gid and extended permissions is not ready in time?
Cheers,
Jürg
[
Date Prev][
Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]