-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make fails with ccache-wrapped gcc #58
Comments
Hmm, I'm confused. AFAICT Ekam doesn't use ccache unless you tell it to. Does Fedora somehow cause the compiler to automatically use ccache? |
Yes. The directory containing ccache-wrapped versions of compilers is added to the |
So Fedora seems to have installed a compiler that doesn't work? That seems surprising but doesn't seem like an Ekam bug. I don't think there's anything in Ekam specifically that would conflict with the use of |
Well, I'm not certain that there is an Ekam bug, but something about it is interacting strangely with ccache when it is installed on Fedora. If I boot the following
and attempt to build capnproto from source using autotools, it succeeds. But if I then try to build ekam from source using This is all pretty easy to work around -- just remove ccache -- but I am entertaining the possibility that the root cause here might be related to the build errors under |
Fedora's |
What group owns that directory, and are you a member of that group? |
ccache owns the directory. I am a member of the group on my local machine, but I suspect vagrant may not be a member on the virtual one. I will dig into this tomorrow. |
Ekam doesn't use a seccomp filter; rather, it uses |
I had indeed forgotten to Actually, as a precondition of Fedora enabling the shared cache in |
Oh, maybe it has to do with this code from
Ekam doesn't want build actions writing outside of the build directory since it can't track what they did... |
In support of that hypothesis, I managed to reproduce on Debian bullseye, which has the same version of ccache (version 4.2) as Fedora 34. Previously, I had been unable to reproduce using ccache 3.4.1 (on an Ubuntu 18.04 machine, not in a virtual environment). FROM debian:bullseye
RUN apt-get update && apt-get install -y git build-essential automake ccache
RUN git clone https://github.com/capnproto/ekam.git
WORKDIR /ekam
RUN PATH=/usr/lib/ccache:$PATH make EDIT: The same Dockerfile fails if the base image is changed to |
I experimented with the following patch, which explicitly allows reads and writes under diff --git a/src/ekam/rules/intercept.c b/src/ekam/rules/intercept.c
index 3fc5a3a..fd618b8 100644
--- a/src/ekam/rules/intercept.c
+++ b/src/ekam/rules/intercept.c
@@ -273,6 +273,7 @@ static const char VAR_TMP[] = "/var/tmp";
static const char TMP_PREFIX[] = "/tmp/";
static const char VAR_TMP_PREFIX[] = "/var/tmp/";
static const char PROC_PREFIX[] = "/proc/";
+static const char VAR_CACHE_CCACHE_PREFIX[] = "/var/cache/ccache/";
static usage_t last_usage = READ;
static char last_path[PATH_MAX] = "";
@@ -542,6 +543,12 @@ static const char* remap_file(const char* syscall_name, const char* pathname,
pathname = pathname + strlen(current_dir);
} else if (pathname[0] == '/' ||
strncmp(pathname, "deps/", 5) == 0) {
+ /* First, allow ccache to break the rules. */
+ if (strncmp(pathname, VAR_CACHE_CCACHE_PREFIX, strlen(VAR_CACHE_CCACHE_PREFIX)) == 0) {
+ funlockfile(ekam_call_stream);
+ /*if (debug)*/ fprintf(stderr, " allowing ccache access: %s %s\n", (usage == WRITE) ? "write" : "read ", pathname);
+ return pathname;
+ }
/* Absolute path or under `deps`. Note the access but don't remap. */
if (usage == WRITE) {
/* Cannot write to absolute paths. */ First build, with an empty cache:
Second build, with a warm cache:
I was actually hoping for a more dramatic improvement, but this does provide some progress toward an alternative, partial solution to #24, #28. In particular, tests need to run again regardless, but I am not sure what fraction of the warm-cache time is spent running tests vs compiling. Somewhat independent thought: I think that |
@vlovich has somehow made ccache work with Ekam without changes. Maybe he can advise on the right answer here? |
The Ekam changes are already landed but the user has to do some integration work currently. Basically:
The trailing slash is important. Arguably maybe Ekam should auto add the ccache directory for the user if ccache is detected as installed, but doing so within C felt annoying so I went with higher-level tooling providing this info instead. |
Thanks. That works, and performs still better than the change I made:
Before filing this issue, I had run But even if I had found #44, I wouldn't have known to use a trailing slash.
A |
Just to note that, despite setting the EKAM_REMAP_BYPASS_DIRS env var, I get the following error from ccache (version 4.8.3) when attempting to run it as the CXX_WRAPPER in ekam:
I haven't yet been able to track down exactly which file ccache is presumably failing to access... |
I've noticed that ekam fails to build when ccache is installed on Fedora 34, with a bunch of errors like
ccache: error: Failed to create directory /var/cache/ccache/a/d: Permission denied
.On Fedora, ccache seems to use a sharedUnfortunately, Fedora 34 also adds ccache (edit: more precisely, the directory containing ccache-wrapped compilers) to the/var/cache/ccache
directory, unlike my machines running Debian derivatives, which use~/.ccache
.PATH
by default if it is installed, so it's quite easy to hit up against this if using Fedora.The text was updated successfully, but these errors were encountered: