diff options
author | Alexander Larsson <alexl@redhat.com> | 2015-12-16 11:56:56 +0100 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2015-12-16 11:56:56 +0100 |
commit | ef3582325df1bd2451e3f12f2c52c7f7fdaa2b5f (patch) | |
tree | a2effe7c541076bc90398fe3369021a8dd796ef4 /builder | |
parent | 46558798a2d1fca5304546cb41efdf8f8742d75f (diff) | |
download | xdg-app-ef3582325df1bd2451e3f12f2c52c7f7fdaa2b5f.tar.gz |
builder: Store the cache in BARE_USER mode
This has two advantages:
1) If building as non-root, then we can't modify xattrs, such as
selinux ones, yet selinux will write then, making a bare repo
not match the checksums (it has unexpected xattrs that selinux made)
2) We check out as MODE_NONE, not MODE_USER, which in combination with
BARE_USER forces the files to be copied out of the cache, rather
than using hardlinks into the cache which could mutate the cache.
Diffstat (limited to 'builder')
-rw-r--r-- | builder/builder-cache.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/builder/builder-cache.c b/builder/builder-cache.c index 2905d29..16bd269 100644 --- a/builder/builder-cache.c +++ b/builder/builder-cache.c @@ -201,7 +201,7 @@ builder_cache_open (BuilderCache *self, if (!g_file_query_exists (self->cache_dir, NULL)) { - if (!ostree_repo_create (self->repo, OSTREE_REPO_MODE_BARE, NULL, error)) + if (!ostree_repo_create (self->repo, OSTREE_REPO_MODE_BARE_USER, NULL, error)) return FALSE; } @@ -234,6 +234,11 @@ builder_cache_checkout (BuilderCache *self, const char *commit) if (file_info == NULL) return FALSE; + /* We check out without user mode, not necessarily because we care + about uids not owned by the user (they are all from the build, + so should be creatable by the user, but because we want to + force the checkout to not use hardlinks. Hard links into the + cache are not safe, as the build could mutate these. */ if (!ostree_repo_checkout_tree (self->repo, OSTREE_REPO_CHECKOUT_MODE_NONE, OSTREE_REPO_CHECKOUT_OVERWRITE_NONE, |