Closed hzeller closed 4 years ago
I think that ultimately sudo should be supported by installer itself (see #4)
This could be tried automatically or with something like:
sudo bazel run :install -c opt -- --sudo /usr/local/bin
As a long time GNU auto-tools user (and package maintainer in a past life), I'm used to:
I would never recommend sudo-ing the entire build-and-install workflow in one step, for security reasons.
I agree with you David. Unfortunately, the way bazel works it will look at the symbolic build-links (bazel-out/ etc), point it to your cache directory ~/.cache/bazel
and then to its thing.
So even if we do bazel build //...
(which then builds it with you as a user) and then do sudo bazel run :install
... it will run as root, finding that it hasn't built anything in ~root/.cache/bazel
yet, proceeds to build it (as root) and then does the install. So the way bazel works gets into the way of doing a safe install procedure.
I wonder if bazel can be tweaked to, even if invoked with sudo bazel run :install
, look at the current build links (and realized that it runs as a different user and goes into a 'read only mode') to do the safe install of the build artifact.
This is now solved with release 0.3
https://github.com/google/bazel_rules_install/releases/tag/0.3
For installing binaries in system directories, one has to run the installer as root
Bazel does all kinds of internal caching of object files and writes status files etc. Will this mess up the
~/.cache/bazel
files, or will this 'just work', as then bazel would create these artifacts in~root/.cache/bazel
. I suspect the latter; and while this is duplicate of build work as different user, this is probably an acceptable solution for now.(in a typical
make
situation, one would runmake
to build the artifacts, thensudo make install
to just do the copying. Bazel is a lot more complex, so I want to make sure that this will work as intended).OR: is it currently not recommended running bazel as root and wait for the When needed asks for write access checkbox to be implemented ?
Either way, it is probably good to clarify that in the README.