[Notes] [Git][BuildStream/buildstream][juerg/buildbox] WIP: SandboxBuild

Jürg Billeter pushed to branch juerg/buildbox at BuildStream / buildstream

Commits:

8acf0d84
by Jürg Billeter at 2018-08-21T08:51:54Z
```
WIP: SandboxBuildBox
```

5 changed files:

buildstream/_platform/linux.py
buildstream/element.py
buildstream/sandbox/__init__.py
+ buildstream/sandbox/_sandboxbuildbox.py
buildstream/sandbox/sandbox.py

Changes:

@@ -23,7 +23,7 @@ from .. import _site
  from .. import utils
  from .._artifactcache.cascache import CASCache
  from .._message import Message, MessageType
 -from ..sandbox import SandboxBwrap
 +from ..sandbox import SandboxBuildBox
  from . import Platform
@@ -34,50 +34,11 @@ class Linux(Platform):
          super().__init__(context)
 -        self._die_with_parent_available = _site.check_bwrap_version(0, 1, 8)
 -        self._user_ns_available = self._check_user_ns_available(context)
 -        self._artifact_cache = CASCache(context, enable_push=self._user_ns_available)
 +        self._artifact_cache = CASCache(context, enable_push=True)
      @property
      def artifactcache(self):
          return self._artifact_cache
      def create_sandbox(self, *args, **kwargs):
 -        # Inform the bubblewrap sandbox as to whether it can use user namespaces or not
 -        kwargs['user_ns_available'] = self._user_ns_available
 -        kwargs['die_with_parent_available'] = self._die_with_parent_available
 -        return SandboxBwrap(*args, **kwargs)
+-
 -    ################################################
 -    #              Private Methods                 #
 -    ################################################
 -    def _check_user_ns_available(self, context):
+-
 -        # Here, lets check if bwrap is able to create user namespaces,
 -        # issue a warning if it's not available, and save the state
 -        # locally so that we can inform the sandbox to not try it
 -        # later on.
 -        bwrap = utils.get_host_tool('bwrap')
 -        whoami = utils.get_host_tool('whoami')
 -        try:
 -            output = subprocess.check_output([
 -                bwrap,
 -                '--ro-bind', '/', '/',
 -                '--unshare-user',
 -                '--uid', '0', '--gid', '0',
 -                whoami,
 -            ])
 -            output = output.decode('UTF-8').strip()
 -        except subprocess.CalledProcessError:
 -            output = ''
+-
 -        if output == 'root':
 -            return True
+-
 -        else:
 -            context.message(
 -                Message(None, MessageType.WARN,
 -                        "Unable to create user namespaces with bubblewrap, resorting to fallback",
 -                        detail="Some builds may not function due to lack of uid / gid 0, " +
 -                        "artifacts created will not be trusted for push purposes."))
 -            return False
 +        return SandboxBuildBox(*args, **kwargs)

buildstream/element.py

@@ -1496,8 +1496,6 @@ class Element(Plugin):
              with _signals.terminator(cleanup_rootdir), \
                  self.__sandbox(rootdir, output_file, output_file, self.__sandbox_config) as sandbox:  # nopep8
 -                sandbox_vroot = sandbox.get_virtual_directory()
+-
                  # By default, the dynamic public data is the same as the static public data.
                  # The plugin's assemble() method may modify this, though.
                  self.__dynamic_public = _yaml.node_copy(self.__public)
@@ -1543,6 +1541,8 @@ class Element(Plugin):
                      self.__set_build_result(success=False, description=str(e), detail=e.detail)
                      raise
                  finally:
 +                    sandbox_vroot = sandbox.get_virtual_directory()
++
                      if collect is not None:
                          try:
                              collectvdir = sandbox_vroot.descend(collect.lstrip(os.sep).split(os.sep))

buildstream/sandbox/__init__.py

@@ -20,3 +20,4 @@
  from .sandbox import Sandbox, SandboxFlags
  from ._sandboxchroot import SandboxChroot
  from ._sandboxbwrap import SandboxBwrap
 +from ._sandboxbuildbox import SandboxBuildBox

buildstream/sandbox/_sandboxbuildbox.py

 +#
 +#  Copyright (C) 2016 Codethink Limited
 +#
 +#  This program is free software; you can redistribute it and/or
 +#  modify it under the terms of the GNU Lesser General Public
 +#  License as published by the Free Software Foundation; either
 +#  version 2 of the License, or (at your option) any later version.
 +#
 +#  This library is distributed in the hope that it will be useful,
 +#  but WITHOUT ANY WARRANTY; without even the implied warranty of
 +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU
 +#  Lesser General Public License for more details.
 +#
 +#  You should have received a copy of the GNU Lesser General Public
 +#  License along with this library. If not, see <http://www.gnu.org/licenses/>.
 +#
 +#  Authors:
 +#        Andrew Leeming <andrew leeming codethink co uk>
 +#        Tristan Van Berkom <tristan vanberkom codethink co uk>
 +import os
 +import sys
 +import time
 +import errno
 +import signal
 +import subprocess
 +import shutil
 +from contextlib import ExitStack
++
 +import psutil
++
 +from .._exceptions import SandboxError
 +from .. import utils, _signals
 +from ._mount import MountMap
 +from . import Sandbox, SandboxFlags
 +from .._protos.build.bazel.remote.execution.v2 import remote_execution_pb2
 +from ..storage._casbaseddirectory import CasBasedDirectory
++
++
 +# SandboxBuidBox()
 +#
 +# BuildBox-based sandbox implementation.
 +#
 +class SandboxBuildBox(Sandbox):
++
 +    def __init__(self, *args, **kwargs):
 +        super().__init__(*args, **kwargs)
++
 +    def run(self, command, flags, *, cwd=None, env=None):
 +        stdout, stderr = self._get_output()
++
 +        root_directory = self.get_virtual_directory()
 +        scratch_directory = self._get_scratch_directory()
++
 +        # Fallback to the sandbox default settings for
 +        # the cwd and env.
 +        #
 +        if cwd is None:
 +            cwd = self._get_work_directory()
++
 +        if env is None:
 +            env = self._get_environment()
++
 +        # if not self._has_command(command[0], env):
 +        #     raise SandboxError("Staged artifacts do not provide command "
 +        #                        "'{}'".format(command[0]),
 +        #                        reason='missing-command')
++
 +        # We want command args as a list of strings
 +        if isinstance(command, str):
 +            command = [command]
++
 +        if cwd is None:
 +            cwd = '/'
++
 +        # Grab the full path of the buildbox binary
 +        buildbox_command = [utils.get_host_tool('buildbox')]
++
 +        marked_directories = self._get_marked_directories()
 +        for mark in marked_directories:
 +            path = mark['directory']
 +            assert path.startswith('/') and len(path) > 1
 +            root_directory.descend(path[1:].split('/'), create=True)
++
 +        root_directory._recalculate_recursing_down()
 +        with open(os.path.join(scratch_directory, 'in'), 'wb') as input_digest_file:
 +            input_digest_file.write(root_directory.ref.SerializeToString())
++
 +        buildbox_command += ["--local=" + root_directory.cas_cache.casdir]
 +        buildbox_command += ["--input-digest=in"]
 +        buildbox_command += ["--output-digest=out"]
++
 +        if not flags & SandboxFlags.NETWORK_ENABLED:
 +            # TODO
 +            pass
++
 +        if cwd is not None:
 +            buildbox_command += ['--chdir=' + cwd]
++
 +        # In interactive mode, we want a complete devpts inside
 +        # the container, so there is a /dev/console and such. In
 +        # the regular non-interactive sandbox, we want to hand pick
 +        # a minimal set of devices to expose to the sandbox.
 +        #
 +        if flags & SandboxFlags.INTERACTIVE:
 +            # TODO
 +            pass
++
 +        if flags & SandboxFlags.ROOT_READ_ONLY:
 +            # TODO
 +            pass
++
 +        # Set UID and GUI
 +        if not flags & SandboxFlags.INHERIT_UID:
 +            # TODO
 +            pass
 +            # uid = self._get_config().build_uid
 +            # gid = self._get_config().build_gid
 +            # buildbox_command += ['--uid', str(uid), '--gid', str(gid)]
++
 +        os.makedirs(os.path.join(scratch_directory, 'mnt'), exist_ok=True)
 +        buildbox_command += ['mnt']
++
 +        # Add the command
 +        buildbox_command += command
++
 +        # Use the MountMap context manager to ensure that any redirected
 +        # mounts through fuse layers are in context and ready for buildbox
 +        # to mount them from.
 +        #
 +        with ExitStack() as stack:
 +            # Ensure the cwd exists
 +            if cwd is not None and len(cwd) > 1:
 +                assert cwd.startswith('/')
 +                root_directory.descend(cwd[1:].split('/'), create=True)
++
 +            # If we're interactive, we want to inherit our stdin,
 +            # otherwise redirect to /dev/null, ensuring process
 +            # disconnected from terminal.
 +            if flags & SandboxFlags.INTERACTIVE:
 +                stdin = sys.stdin
 +            else:
 +                stdin = stack.enter_context(open(os.devnull, "r"))
++
 +            # Run buildbox !
 +            exit_code = self.run_buildbox(buildbox_command, stdin, stdout, stderr, env,
 +                                          interactive=(flags & SandboxFlags.INTERACTIVE),
 +                                          cwd=scratch_directory)
++
 +            if exit_code == 0:
 +                with open(os.path.join(scratch_directory, 'out'), 'rb') as output_digest_file:
 +                    output_digest = remote_execution_pb2.Digest()
 +                    output_digest.ParseFromString(output_digest_file.read())
 +                    self._vdir = CasBasedDirectory(self._get_context(), ref=output_digest)
++
 +        return exit_code
++
 +    def run_buildbox(self, argv, stdin, stdout, stderr, env, *, interactive, cwd):
 +        def kill_proc():
 +            if process:
 +                # First attempt to gracefully terminate
 +                proc = psutil.Process(process.pid)
 +                proc.terminate()
++
 +                try:
 +                    proc.wait(20)
 +                except psutil.TimeoutExpired:
 +                    utils._kill_process_tree(process.pid)
++
 +        def suspend_proc():
 +            group_id = os.getpgid(process.pid)
 +            os.killpg(group_id, signal.SIGSTOP)
++
 +        def resume_proc():
 +            group_id = os.getpgid(process.pid)
 +            os.killpg(group_id, signal.SIGCONT)
++
 +        with _signals.suspendable(suspend_proc, resume_proc), _signals.terminator(kill_proc):
 +            process = subprocess.Popen(
 +                argv,
 +                close_fds=True,
 +                env=env,
 +                stdin=stdin,
 +                stdout=stdout,
 +                stderr=stderr,
 +                cwd=cwd,
 +                start_new_session=interactive
 +            )
++
 +            # Wait for the child process to finish, ensuring that
 +            # a SIGINT has exactly the effect the user probably
 +            # expects (i.e. let the child process handle it).
 +            try:
 +                while True:
 +                    try:
 +                        _, status = os.waitpid(process.pid, 0)
 +                        # If the process exits due to a signal, we
 +                        # brutally murder it to avoid zombies
 +                        if not os.WIFEXITED(status):
 +                            utils._kill_process_tree(process.pid)
++
 +                    # Unlike in the bwrap case, here only the main
 +                    # process seems to receive the SIGINT. We pass
 +                    # on the signal to the child and then continue
 +                    # to wait.
 +                    except KeyboardInterrupt:
 +                        process.send_signal(signal.SIGINT)
 +                        continue
++
 +                    break
 +            # If we can't find the process, it has already died of
 +            # its own accord, and therefore we don't need to check
 +            # or kill anything.
 +            except psutil.NoSuchProcess:
 +                pass
++
 +            # Return the exit code - see the documentation for
 +            # os.WEXITSTATUS to see why this is required.
 +            if os.WIFEXITED(status):
 +                exit_code = os.WEXITSTATUS(status)
 +            else:
 +                exit_code = -1
++
 +        return exit_code

buildstream/sandbox/sandbox.py

@@ -138,10 +138,10 @@ class Sandbox():
          if not self._vdir:
              # BST_CAS_DIRECTORIES is a deliberately hidden environment variable which
              # can be used to switch on CAS-based directories for testing.
 -            if 'BST_CAS_DIRECTORIES' in os.environ:
 -                self._vdir = CasBasedDirectory(self.__context, ref=None)
 -            else:
 -                self._vdir = FileBasedDirectory(self._root)
 +            # if 'BST_CAS_DIRECTORIES' in os.environ:
 +            self._vdir = CasBasedDirectory(self.__context, ref=None)
 +            # else:
 +            #     self._vdir = FileBasedDirectory(self._root)
          return self._vdir
      def set_environment(self, environment):

[Notes] [Git][BuildStream/buildstream][juerg/buildbox] WIP: SandboxBuildBox

Jürg Billeter pushed to branch juerg/buildbox at BuildStream / buildstream

Commits:

5 changed files:

Changes: