From afb35bb157ae02df5022f220c2e10dcd4e51d4ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrg=20Billeter?= Date: Mon, 30 Mar 2020 17:47:12 +0200 Subject: sandbox: Make build-uid and build-gid configuration optional This allows use of sandbox implementations that don't support configuring sandbox UID/GID such as buildbox-run-userchroot. --- src/buildstream/data/projectconfig.yaml | 8 ++------ src/buildstream/element.py | 4 ++-- src/buildstream/sandbox/_config.py | 13 ++----------- src/buildstream/sandbox/_sandboxbuildboxrun.py | 5 +++++ src/buildstream/sandbox/_sandboxbwrap.py | 14 +++++++------- src/buildstream/sandbox/_sandboxreapi.py | 6 ++++-- 6 files changed, 22 insertions(+), 28 deletions(-) diff --git a/src/buildstream/data/projectconfig.yaml b/src/buildstream/data/projectconfig.yaml index d84edbf92..a2dc4ad9b 100644 --- a/src/buildstream/data/projectconfig.yaml +++ b/src/buildstream/data/projectconfig.yaml @@ -74,12 +74,8 @@ environment: environment-nocache: [] # Configuration for the sandbox other than environment variables -# should go in 'sandbox'. This just contains the UID and GID that -# the user in the sandbox will have. Not all sandboxes will support -# changing the values. -sandbox: - build-uid: 0 - build-gid: 0 +# should go in 'sandbox'. +sandbox: {} # Defaults for the 'split-rules' public data found on elements # in the 'bst' domain. diff --git a/src/buildstream/element.py b/src/buildstream/element.py index f270bd8cc..35bc8513d 100644 --- a/src/buildstream/element.py +++ b/src/buildstream/element.py @@ -2701,7 +2701,7 @@ class Element(Plugin): @classmethod def __extract_sandbox_config(cls, context, project, meta): if meta.is_junction: - sandbox_config = Node.from_dict({"build-uid": 0, "build-gid": 0}) + sandbox_config = Node.from_dict({}) else: sandbox_config = project._sandbox.clone() @@ -2734,7 +2734,7 @@ class Element(Plugin): build_arch = host_arch return SandboxConfig( - sandbox_config.get_int("build-uid"), sandbox_config.get_int("build-gid"), build_os, build_arch, + sandbox_config.get_int("build-uid", None), sandbox_config.get_int("build-gid", None), build_os, build_arch, ) # This makes a special exception for the split rules, which diff --git a/src/buildstream/sandbox/_config.py b/src/buildstream/sandbox/_config.py index 614f22063..7a71e7d50 100644 --- a/src/buildstream/sandbox/_config.py +++ b/src/buildstream/sandbox/_config.py @@ -39,21 +39,12 @@ class SandboxConfig: # def get_unique_key(self): - # Currently operating system and machine architecture - # are not configurable and we have no sandbox implementation - # which can conform to such configurations. - # - # However this should be the right place to support - # such configurations in the future. - # unique_key = {"os": self.build_os, "arch": self.build_arch} - # Avoid breaking cache key calculation with - # the addition of configurabuild build uid/gid - if self.build_uid != 0: + if self.build_uid is not None: unique_key["build-uid"] = self.build_uid - if self.build_gid != 0: + if self.build_gid is not None: unique_key["build-gid"] = self.build_gid return unique_key diff --git a/src/buildstream/sandbox/_sandboxbuildboxrun.py b/src/buildstream/sandbox/_sandboxbuildboxrun.py index f6ecbeaa0..aa9e447b9 100644 --- a/src/buildstream/sandbox/_sandboxbuildboxrun.py +++ b/src/buildstream/sandbox/_sandboxbuildboxrun.py @@ -67,6 +67,11 @@ class SandboxBuildBoxRun(SandboxREAPI): if config.build_arch != platform.get_host_arch(): raise SandboxError("Configured and host architecture don't match.") + if config.build_uid is not None and "platform:unixUID" not in cls._capabilities: + raise SandboxError("Configuring sandbox UID is not supported by buildbox-run.") + if config.build_gid is not None and "platform:unixGID" not in cls._capabilities: + raise SandboxError("Configuring sandbox GID is not supported by buildbox-run.") + return True def _execute_action(self, action, flags): diff --git a/src/buildstream/sandbox/_sandboxbwrap.py b/src/buildstream/sandbox/_sandboxbwrap.py index 433b0f754..e7c494e5f 100644 --- a/src/buildstream/sandbox/_sandboxbwrap.py +++ b/src/buildstream/sandbox/_sandboxbwrap.py @@ -107,13 +107,13 @@ class SandboxBwrap(Sandbox): @classmethod def check_sandbox_config(cls, local_platform, config): - if cls.user_ns_available: - # User namespace support allows arbitrary build UID/GID settings. - pass - elif config.build_uid != local_platform._uid or config.build_gid != local_platform._gid: + if not cls.user_ns_available: # Without user namespace support, the UID/GID in the sandbox # will match the host UID/GID. - return False + if config.build_uid is not None and config.build_uid != local_platform._uid: + raise SandboxError("Configured and host UID don't match and user namespace is not supported.") + if config.build_gid is not None and config.build_gid != local_platform._gid: + raise SandboxError("Configured and host UID don't match and user namespace is not supported.") host_os = local_platform.get_host_os() host_arch = local_platform.get_host_arch() @@ -230,8 +230,8 @@ class SandboxBwrap(Sandbox): if self.user_ns_available: bwrap_command += ["--unshare-user"] if not flags & SandboxFlags.INHERIT_UID: - uid = self._get_config().build_uid - gid = self._get_config().build_gid + uid = self._get_config().build_uid or 0 + gid = self._get_config().build_gid or 0 bwrap_command += ["--uid", str(uid), "--gid", str(gid)] with ExitStack() as stack: diff --git a/src/buildstream/sandbox/_sandboxreapi.py b/src/buildstream/sandbox/_sandboxreapi.py index 9d8c22f0b..43d00a357 100644 --- a/src/buildstream/sandbox/_sandboxreapi.py +++ b/src/buildstream/sandbox/_sandboxreapi.py @@ -136,8 +136,10 @@ class SandboxREAPI(Sandbox): else: uid = config.build_uid gid = config.build_gid - platform_dict["unixUID"] = str(uid) - platform_dict["unixGID"] = str(gid) + if uid is not None: + platform_dict["unixUID"] = str(uid) + if gid is not None: + platform_dict["unixGID"] = str(gid) if flags & SandboxFlags.NETWORK_ENABLED: platform_dict["network"] = "on" -- cgit v1.2.1