sandbox: Make build-uid and build-gid configuration optional

This allows use of sandbox implementations that don't support
configuring sandbox UID/GID such as buildbox-run-userchroot.

6 files changed, 22 insertions, 28 deletions

diff --git a/src/buildstream/data/projectconfig.yaml b/src/buildstream/data/projectconfig.yaml
index d84edbf92..a2dc4ad9b 100644
--- a/src/buildstream/data/projectconfig.yaml
+++ b/src/buildstream/data/projectconfig.yaml
@@ -74,12 +74,8 @@ environment:
 environment-nocache: []
 
 # Configuration for the sandbox other than environment variables
-# should go in 'sandbox'. This just contains the UID and GID that
-# the user in the sandbox will have. Not all sandboxes will support
-# changing the values.
-sandbox:
-  build-uid: 0
-  build-gid: 0
+# should go in 'sandbox'.
+sandbox: {}
 
 # Defaults for the 'split-rules' public data found on elements
 # in the 'bst' domain.
diff --git a/src/buildstream/element.py b/src/buildstream/element.py
index f270bd8cc..35bc8513d 100644
--- a/src/buildstream/element.py
+++ b/src/buildstream/element.py
@@ -2701,7 +2701,7 @@ class Element(Plugin):
     @classmethod
     def __extract_sandbox_config(cls, context, project, meta):
         if meta.is_junction:
-            sandbox_config = Node.from_dict({"build-uid": 0, "build-gid": 0})
+            sandbox_config = Node.from_dict({})
         else:
             sandbox_config = project._sandbox.clone()
 
@@ -2734,7 +2734,7 @@ class Element(Plugin):
             build_arch = host_arch
 
         return SandboxConfig(
-            sandbox_config.get_int("build-uid"), sandbox_config.get_int("build-gid"), build_os, build_arch,
+            sandbox_config.get_int("build-uid", None), sandbox_config.get_int("build-gid", None), build_os, build_arch,
         )
 
     # This makes a special exception for the split rules, which
diff --git a/src/buildstream/sandbox/_config.py b/src/buildstream/sandbox/_config.py
index 614f22063..7a71e7d50 100644
--- a/src/buildstream/sandbox/_config.py
+++ b/src/buildstream/sandbox/_config.py
@@ -39,21 +39,12 @@ class SandboxConfig:
     #
     def get_unique_key(self):
 
-        # Currently operating system and machine architecture
-        # are not configurable and we have no sandbox implementation
-        # which can conform to such configurations.
-        #
-        # However this should be the right place to support
-        # such configurations in the future.
-        #
         unique_key = {"os": self.build_os, "arch": self.build_arch}
 
-        # Avoid breaking cache key calculation with
-        # the addition of configurabuild build uid/gid
-        if self.build_uid != 0:
+        if self.build_uid is not None:
             unique_key["build-uid"] = self.build_uid
 
-        if self.build_gid != 0:
+        if self.build_gid is not None:
             unique_key["build-gid"] = self.build_gid
 
         return unique_key
diff --git a/src/buildstream/sandbox/_sandboxbuildboxrun.py b/src/buildstream/sandbox/_sandboxbuildboxrun.py
index f6ecbeaa0..aa9e447b9 100644
--- a/src/buildstream/sandbox/_sandboxbuildboxrun.py
+++ b/src/buildstream/sandbox/_sandboxbuildboxrun.py
@@ -67,6 +67,11 @@ class SandboxBuildBoxRun(SandboxREAPI):
         if config.build_arch != platform.get_host_arch():
             raise SandboxError("Configured and host architecture don't match.")
 
+        if config.build_uid is not None and "platform:unixUID" not in cls._capabilities:
+            raise SandboxError("Configuring sandbox UID is not supported by buildbox-run.")
+        if config.build_gid is not None and "platform:unixGID" not in cls._capabilities:
+            raise SandboxError("Configuring sandbox GID is not supported by buildbox-run.")
+
         return True
 
     def _execute_action(self, action, flags):
diff --git a/src/buildstream/sandbox/_sandboxbwrap.py b/src/buildstream/sandbox/_sandboxbwrap.py
index 433b0f754..e7c494e5f 100644
--- a/src/buildstream/sandbox/_sandboxbwrap.py
+++ b/src/buildstream/sandbox/_sandboxbwrap.py
@@ -107,13 +107,13 @@ class SandboxBwrap(Sandbox):
 
     @classmethod
     def check_sandbox_config(cls, local_platform, config):
-        if cls.user_ns_available:
-            # User namespace support allows arbitrary build UID/GID settings.
-            pass
-        elif config.build_uid != local_platform._uid or config.build_gid != local_platform._gid:
+        if not cls.user_ns_available:
             # Without user namespace support, the UID/GID in the sandbox
             # will match the host UID/GID.
-            return False
+            if config.build_uid is not None and config.build_uid != local_platform._uid:
+                raise SandboxError("Configured and host UID don't match and user namespace is not supported.")
+            if config.build_gid is not None and config.build_gid != local_platform._gid:
+                raise SandboxError("Configured and host UID don't match and user namespace is not supported.")
 
         host_os = local_platform.get_host_os()
         host_arch = local_platform.get_host_arch()
@@ -230,8 +230,8 @@ class SandboxBwrap(Sandbox):
         if self.user_ns_available:
             bwrap_command += ["--unshare-user"]
             if not flags & SandboxFlags.INHERIT_UID:
-                uid = self._get_config().build_uid
-                gid = self._get_config().build_gid
+                uid = self._get_config().build_uid or 0
+                gid = self._get_config().build_gid or 0
                 bwrap_command += ["--uid", str(uid), "--gid", str(gid)]
 
         with ExitStack() as stack:
diff --git a/src/buildstream/sandbox/_sandboxreapi.py b/src/buildstream/sandbox/_sandboxreapi.py
index 9d8c22f0b..43d00a357 100644
--- a/src/buildstream/sandbox/_sandboxreapi.py
+++ b/src/buildstream/sandbox/_sandboxreapi.py
@@ -136,8 +136,10 @@ class SandboxREAPI(Sandbox):
         else:
             uid = config.build_uid
             gid = config.build_gid
-        platform_dict["unixUID"] = str(uid)
-        platform_dict["unixGID"] = str(gid)
+        if uid is not None:
+            platform_dict["unixUID"] = str(uid)
+        if gid is not None:
+            platform_dict["unixGID"] = str(gid)
 
         if flags & SandboxFlags.NETWORK_ENABLED:
             platform_dict["network"] = "on"