flaki
commented
2 years ago Updated to track main instead of vmain
Open flaki opened 2 years ago
flaki
commented
2 years ago Updated to track main instead of vmain
flaki
commented
1 year ago The latest update:
subo/toolchaintest (an updated smoketest) to build & test the builder Docker toolchain images locally--verbose flag to subo build which enables logging of the Docker toolchain commands for debuggingHOME=/tmp when invoking the Docker toolchainsAbout that last part:
We are calling the Docker toolchain as a limited user, quite possibly a user that does not even exist inside the container (thus, HOME=/). This is not a problem as long as we only read world-readable files and only write to world-writable directories. Most toolchains (e.g. Swift, Go) will write temporary files (like .cache-s) to the HOME folder and will break when attempting to put files into /, setting HOME to /tmp resolves this issue, and since these are temporary files we don't need them anyway.
toolchaintest is passing for me on Linux but it would be good to have someone have a look at this on OSX and see how it fares.
Fixes #175
Discord thread
As noted in that issue, on Linux, Docker is run as
rootand this is how the current runnable is mounted into the Docker filesystem. This results in root-owned build artifacts created in the user's directory that, among other things, cannot be deleted (withoutsudo).This does not seem to happen on most other platforms due to specific ways how Docker mounts folders on those platforms.
This fix explores the solution of using
docker run -uto run the invoked toolchain with the current user (os.Getuid).Running as a limited user breaks at least the Rust builder which needed to be updated slightly, and may break other builders, I will do some testing around those and will include any fixes in here, will keep this as a draft PR until then.
Rust builder breakage
For posterity, the reason for this breakage is that while the official upstream Rust builder makes relevant directories (such as the one used by cargo for the registry index) world-writable, our builder image (which still runs as
rootat this point) initializes the index asroot, and the files and folders created by it need to bechmod-ded to allow writing by anyone, otherwise the limited user builds break when the command tries to write into these directories.