| *** tristan has quit IRC | 05:31 | |
| *** tristan has joined #buildstream | 05:42 | |
| *** ChanServ sets mode: +o tristan | 05:43 | |
| *** tristan has quit IRC | 08:34 | |
| *** ssam2 has joined #buildstream | 08:47 | |
| *** tristan has joined #buildstream | 08:52 | |
| *** tristan has quit IRC | 13:44 | |
| *** tristan has joined #buildstream | 14:09 | |
| *** ChanServ sets mode: +o tristan | 14:10 | |
| tristan | juergbi, so I dont know if you noticed my whining about https://github.com/ostreedev/ostree/issues/777 | 14:18 |
|---|---|---|
| tristan | I wonder what is the better solution here | 14:18 |
| tristan | currently I've done this: https://gitlab.com/BuildStream/buildstream/commit/21b6314b33358960b4f0b63c708d510bdd755fbc | 14:19 |
| juergbi | hm, so not even the executable bit is restored? | 14:19 |
| tristan | I.e. A.) Dont encode uid/gid root when creating artifacts in local cache (means there needs to be some translation in push/pull) | 14:19 |
| tristan | and B.) Dont do --user-mode at checkout | 14:19 |
| juergbi | without user mode, does this mean root is required? | 14:20 |
| tristan | Basically, alex larsson's argument was that when you checkout things in --user-mode and they originally belonged to root, it doesnt make sense to keep the same permission bits at checkout | 14:20 |
| tristan | Yes | 14:20 |
| tristan | permission denied if I checkout without that | 14:20 |
| tristan | I was thinking, one hack would be to again use bubblewrap for a weaker sandbox for the checkout | 14:21 |
| tristan | and just use 'bare' repository directly | 14:21 |
| juergbi | i would say at the very least ostree should store permissions like git | 14:21 |
| juergbi | i.e., preserve executable bit | 14:21 |
| tristan | but I wonder if that is tangling up the design a bit too far (paints us in a corner if we want to swap components and such, support other oses etc) | 14:22 |
| tristan | I think it should | 14:22 |
| tristan | but, it seems not a feature | 14:22 |
| tristan | I dont know, sounds strange | 14:22 |
| tristan | I also dont know if this is about preserving only the exec bit | 14:23 |
| tristan | maybe I have to dig deeper | 14:23 |
| tristan | what happens is, regular files which 0600 come out as -rwxr--r-- | 14:24 |
| tristan | So permissions are actually escalated | 14:24 |
| juergbi | for regular software artifacts i expect the only permission state that needs to be stored is the executable bit | 14:24 |
| tristan | What are "regular software artifacts" though ? | 14:25 |
| tristan | I mean, doesnt sensitive stuff like pam configuration and the like count ? | 14:25 |
| juergbi | i mean non-config and non-var/readwrite files | 14:25 |
| tristan | That is all stuff you need to put into an artifact | 14:25 |
| juergbi | it depends | 14:26 |
| tristan | Well, for *our* use case, we most certainly need to store that stuff somewhere | 14:26 |
| juergbi | for the traditional ostree use case, you only care about read-only files | 14:26 |
| juergbi | but yes, buildstream artifacts may sometimes need more | 14:26 |
| juergbi | depends on the deploy method | 14:27 |
| tristan | Also flatpak is using ostree not only for building, and as regular user | 14:27 |
| tristan | I might be tempted to think that security wise, permissions of stuff in the runtime might be important | 14:27 |
| tristan | but cant verify off the top of my head | 14:27 |
| tristan | I suppose that "process is allowed to read everything in the sandbox" might make sense there | 14:28 |
| tristan | well, there are workarounds possible too, alex suggested re-commit with --owner-uid=0 and --tree=ref=COMMIT | 14:29 |
| tristan | so one could add additional suffixed commits at import/export time | 14:29 |
| tristan | so that you only push/pull artifacts with uid/gid 0, and translate them back (inside the repo) into something the user can use | 14:30 |
| tristan | I should probably raise this on the ostree ML anyway | 14:33 |
| *** ssam2 has quit IRC | 17:02 | |
| *** ghishadow_ has joined #buildstream | 19:11 | |
| *** ghishadow_ has quit IRC | 19:20 | |
| *** tristan has quit IRC | 20:42 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!