| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
Currently we would make sure the sandbox had a command before
converting it to a list if it was given as a string. That meant that a string
command would never exist and the check be invalid.
This also adds the same logic in the dummy sandbox for consistency.
|
| |
|
|
|
|
|
| |
Sometimes `dict.get()` is preferable to an `if` statement, but this time
it's clearer if we keep the structure. As such, silence the warning.
Signed-off-by: Daniel Silverstone <daniel.silverstone@codethink.co.uk>
|
| |
|
|
|
|
|
| |
We are super-careful to not use threads in places where we might use
Popen and as such this warning is save to quash.
Signed-off-by: Daniel Silverstone <daniel.silverstone@codethink.co.uk>
|
| |
|
|
|
|
| |
The variable was unused, remove it.
Signed-off-by: Daniel Silverstone <daniel.silverstone@codethink.co.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The code was creating the cwd folder but when the workspace was
mounted in to the buildroot it was hiding the folder created in it
behind the bind mounted workspace.
However by using the bubblewarp `--dir` directive to ensure that cwd
exists we can cover both workspace and non workspace situations with
the same method.
For issue #512 in Gitlab.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed to permit access to the device nodes added to /dev
on Linux when FUSE is used as root.
The chroot sandbox only works with all privileges,
so there's no explicit check for being root
or having the appropriate capabilities.
A check for whether it's running as root isn't needed on Linux with bubblewrap
because /dev or its devices are mounted on top of the FUSE layer,
so device nodes are accessed directly rather than through the FUSE layer.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Naive getcwd implementations (such as in bash 4.4) can break
when bind-mounts to different paths on the same filesystem are present,
since the algorithm needs to know whether it's a mount-point
to know whether it can trust the inode value from the readdir result
or to use stat on the directory.
Less naive implementations (such as in glibc) iterate again using stat
in the case of not finding the directory because the inode in readdir was wrong,
though a Linux-specific implementation could use name_to_handle_at.
Letting the command know what directory it is in makes it unnecessary
for it to call the faulty getcwd in the first place.
|
| | |
|
| |
|
|
|
|
|
|
| |
This is to allow to allow its use by subclasses.
Since access to get_directories is now blocked for some plugins,
and the subclasses of Sandbox do not have configuration defined
by YAML files, they need another way to get at the root directory.
|
| |
|
|
|
|
|
| |
Before running a command in the sandbox, check its existence and fail
early if it does not.
This fixes issue #289.
|
| |
|
|
| |
Fixes #424
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This only affects SandboxBWrap at the moment.
buildstream/_loader.py: Add Symbol.SANDBOX and allow it in validation
buildstream/_metaelement.py: Add 'sandbox' variable and store it in the object
buildstream/_project.py: Add 'sandbox' configuration key and load it from
project.conf.
buildstream/data/projectconfig.yaml: Default build-uid/build-gid values of 0
for 'sandbox'.
buildstream/element.py: Add __extract_sandbox_config to find the final sandbox
configuration. Pass this to the sandbox constructor.
buildstream/sandbox/_sandboxbwrap.py: If sandbox configuration was supplied,
use it for uid and gid instead of the default 0.
buildstream/sandbox/_sandboxchroot.py: Throw exception if non-0 uid/gid were
supplied.
buildstream/sandbox/__init__.py: Import SandboxConfig.
buildstream/sandbox/_private.py: New file, containing SandboxConfig. Made private
to avoid documentation for this class.
|
| |
|
|
| |
This matches SandboxBwrap.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This functionality is only supported for sources which have an open
workspace. When such sources are present, the workspace directory will
be mounted directly inside the sandbox. As opposed to the default
behavior, which is to copy files inside the sandbox.
This will save time when building large projects as only those files
will need be re-compiled that have been modified during two consecutive
builds (assuming the underlying build system supports such behavior).
A few things to note regarding this behavior:
- If there are any `configure-commands` present, they will run only once
for each open workspace. If an element has multiple workspaces and any
one of them is opened/closed, they will be executed again on the next
run. But, modifying the contents of a workspace will not trigger the
`configure-commands` to be executed on the next run.
- Workspaced builds still leverage the cache. So, if no changes are made
to the workspace, i.e. no files are modified, then it will not force a
rebuild.
Fixes #192.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Consequently:
o Changed Plugin.get_context() to a private Plugin._get_context() accessor.
o Updated anything which imports Context to do so from private _context module
o Updated docs to exclude the now private Context
|
| | |
|
| |
|
|
|
| |
Disambiguate with the Mount and MountMap classes, which were
accidentally added to public API.
|
| |
|
|
| |
Hide all of buildstream's internal exceptions from the API surface.
|
| |
|
|
|
|
|
|
|
|
| |
create SandboxError
These errors are a part of public facing API, and the exceptions
module contains a lot of internal details to be hidden from public API.
This move required creating SandboxError because sandbox related
code had previously been hijacking the ElementError and raising that.
|
| | |
|
| | |
|
| |
|
