Open flaki opened 2 years ago
Updated to track main
instead of vmain
The latest update:
subo/toolchaintest
(an updated smoketest
) to build & test the builder Docker toolchain images locally--verbose
flag to subo build
which enables logging of the Docker toolchain commands for debuggingHOME=/tmp
when invoking the Docker toolchainsAbout that last part:
We are calling the Docker toolchain as a limited user, quite possibly a user that does not even exist inside the container (thus, HOME=/
). This is not a problem as long as we only read world-readable files and only write to world-writable directories. Most toolchains (e.g. Swift, Go) will write temporary files (like .cache
-s) to the HOME
folder and will break when attempting to put files into /
, setting HOME
to /tmp
resolves this issue, and since these are temporary files we don't need them anyway.
toolchaintest
is passing for me on Linux but it would be good to have someone have a look at this on OSX and see how it fares.
Fixes #175
Discord thread
As noted in that issue, on Linux, Docker is run as
root
and this is how the current runnable is mounted into the Docker filesystem. This results in root-owned build artifacts created in the user's directory that, among other things, cannot be deleted (withoutsudo
).This does not seem to happen on most other platforms due to specific ways how Docker mounts folders on those platforms.
This fix explores the solution of using
docker run -u
to run the invoked toolchain with the current user (os.Getuid
).Running as a limited user breaks at least the Rust builder which needed to be updated slightly, and may break other builders, I will do some testing around those and will include any fixes in here, will keep this as a draft PR until then.
Rust builder breakage
For posterity, the reason for this breakage is that while the official upstream Rust builder makes relevant directories (such as the one used by cargo for the registry index) world-writable, our builder image (which still runs as
root
at this point) initializes the index asroot
, and the files and folders created by it need to bechmod
-ded to allow writing by anyone, otherwise the limited user builds break when the command tries to write into these directories.