-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make chmod
hermetic
#2024
base: main
Are you sure you want to change the base?
Make chmod
hermetic
#2024
Conversation
5830642
to
7a71c56
Compare
chmod
/id/
touch` hermeticchmod
/id
/touch
hermetic
7a71c56
to
42fcb8e
Compare
python/repositories.bzl
Outdated
@@ -193,15 +205,17 @@ def _python_repository_impl(rctx): | |||
if "windows" not in platform: | |||
lib_dir = "lib" if "windows" not in platform else "Lib" | |||
|
|||
python = _get_host_python_interpreter(rctx) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should use the python_bin
var that is defined below instead of using the host_python
. And we should do the read-only
fix only if the host
platform the same as the platform
of the toolchain.
Could we recursively change this for windows
as well? Right now we are calling this only if it is not Windows, but do the scripts work on Windows?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
os.chmod says:
Although Windows supports chmod(), you can only set the file’s read-only flag with it (via the
stat.S_IWRITE
andstat.S_IREAD
constants or a corresponding integer value). All other bits are ignored.
So, yes, it would remove write access on Windows.
os.getuid
is not available on Windows but I can find a fallback for that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The chmod.py
does set the folders and files to read-only on Windows, but does not prevent new files being created in the directories. So the same behaviour as Unix is not present. We would have to look into Windows permissions to restrict that.
The getuid
could return the Window Security ID for the user but that doesn't really help much. I've removed the touch
check by checking platform
.
We now run the scripts on Windows, but they don't really do much and actually fail to prevent .pyc
files being written. Which is no different to before this patch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One can prevent writing files into directories on Windows with security permissions. That could be done by calling out to icacls.exe
(in leiu of the win32security
dependency). That will likely take significant extra testing as I'm not a Windows expert.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aignas would you like me to continue figuring out truely read-only directories on Windows or does this PR move the needle enough to be considered for merge? I'd be happy to raise follow up issues/PRs, if necessary.
e9b91f5
to
126abef
Compare
@rickeylev, what do you think about this? How do we move with this forward? Should we just start ignoring the I am thinking that having the |
So, correctness wise, there are two things we're constrained by:
(1) can be accomplished by any of:
I think we should do (a) regardless -- its just defense in depth. For the case of Windows (or other failures) we should just be OK with leaving things writable. It's the best we can do, and users will just bypass it entirely with ignore_root_error=True anyways (they are given the choice between "guaranteed pedantic failure" and "probably works, but flaky"; they'll always choose the latter). I think (b) is better than (c), but it's out of scope for this PR and we already have (c) in place. (2) throws a wrench into what this PR is doing -- using the downloaded runtime itself to run commands to make things read only. So I'm not really keen on that overall. I don't mind having an alternative implementation of chmod for OP's case where coreutils aren't available. Ideally, we'd either have a repo-phase reference to a host-compatible Python, or a repo-phase reference to a host-compatible chmod tool. So, more concretely, I ask for the following changes:
|
126abef
to
b2dfc27
Compare
Uses `uutils/coreutils` on most platforms, falls backto host `chmod` otherwise. Removes failure checking[1] as we now "trust" that things are OK. [1]: bazelbuild#2024 (comment)
chmod
/id
/touch
hermeticchmod
hermetic
Uses `uutils/coreutils` on most platforms, falls backto host `chmod` otherwise. Removes failure checking[1] as we now "trust" that things are OK. [1]: bazelbuild#2024 (comment)
b2dfc27
to
632807f
Compare
Uses `uutils/coreutils` on most platforms, falls backto host `chmod` otherwise. Removes failure checking[1] as we now "trust" that things are OK. [1]: bazelbuild#2024 (comment)
632807f
to
02d980c
Compare
Uses `uutils/coreutils` on most platforms, falls backto host `chmod` otherwise. Removes failure checking[1] as we now "trust" that things are OK. [1]: bazelbuild#2024 (comment)
02d980c
to
29c61fa
Compare
Uses `uutils/coreutils` on most platforms, falls backto host `chmod` otherwise. Removes failure checking[1] as we now "trust" that things are OK. [1]: bazelbuild#2024 (comment)
29c61fa
to
14cc4b5
Compare
Uses `uutils/coreutils` on most platforms, falls backto host `chmod` otherwise. Removes failure checking[1] as we now "trust" that things are OK. [1]: bazelbuild#2024 (comment)
14cc4b5
to
444ebe0
Compare
Uses `uutils/coreutils` on most platforms, falls backto host `chmod` otherwise. Removes failure checking[1] as we now "trust" that things are OK. [1]: bazelbuild#2024 (comment)
444ebe0
to
b9b43d6
Compare
Uses `uutils/coreutils` on most platforms, falls backto host `chmod` otherwise. Removes failure checking[1] as we now "trust" that things are OK. [1]: bazelbuild#2024 (comment)
b9b43d6
to
38bd001
Compare
Uses `uutils/coreutils` on most platforms, falls backto host `chmod` otherwise. Removes failure checking[1] as we now "trust" that things are OK. [1]: bazelbuild#2024 (comment)
38bd001
to
b004e22
Compare
I've updated to use |
@@ -106,6 +106,71 @@ def is_standalone_interpreter(rctx, python_interpreter_path, *, logger = None): | |||
logger = logger, | |||
).return_code == 0 | |||
|
|||
def _chmod(rctx, platform = None): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Speculation, that needs to be measured: The way this is implemented it would fetch and extract the chmod binary for each python version. It would use the bazel repository cache, but having the chmod in a separate repository might be better from the performance point of view?
In general, using the chmod that is hermetic is an interesting idea, but I wonder if we should use the system chmod if it exists and if it doesn't, download the hermetic chmod. That would also satisfy the ask to support your usecase where system chmod is not available. All of this could be done in a separate host_chmod repository, we could even switch the behaviour to default to the hermetic chmod if an env var is set to a particular value.
Removes the need for system binaries to make the Python interpreter library directories/files read-only.
Fixes #2016