-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.0.9 backported commits #4547
2.0.9 backported commits #4547
Conversation
Need to replace some - - Fix sandbox script shell mistake that made PWD read-write on remove actions [@4589 @AltGr]
- - Port bwrap improvements to sandbox_exec [@4589 @AltGr]
+ - Fix sandbox script shell mistake that made PWD read-write on remove actions [#4589 @AltGr]
+ - Port bwrap improvements to sandbox_exec [#4589 @AltGr] |
indeed, thanks! |
Linking in #4573 |
Can't we release 2.0.9 without #4573? There are some important changes for macOS and I hope to release 2.0.9 in May. |
We're trying to get the 2.1 release candidate out of the door, first - once that's done (which really should be any day now!), releasing 2.0.9 would be fine. It's not blocked on 4573, it was just linked to consider it. The solutions to #4394 and #4636 both need to be back-ported to 2.0.x, although not necessarily to 2.0.9. See the milestone for more info. |
That sounds good. Thank you for the perfect explanation! |
Signed-off-by: Sora Morimoto <sora@morimoto.io>
Signed-off-by: Sora Morimoto <sora@morimoto.io> Co-Authored-By: Kate <kit.ty.kate@disroot.org>
Windows *really* doesn't like that.
The previous behaviour was to bind-mount $TMPDIR to /tmp within the sandbox, and re-set TMPDIR accordingly ; however, this meant that absolute paths within TMPDIR could be incompatible between the outside and the inside of the sandbox. This became a visible problem with dune 2.8, which redefines TMPDIR to a subdirectory (e.g. `/tmp/buildXXXX.dune`). If you happen to be running tests with an OPAMROOT within $TMPDIR, your opam root will no longer be accessible, and packages that run opam commands from within the sandbox (which is discouraged, but well...) will break. In our tests, run through dune, OPAMROOT gets created in `/tmp/buildXXXX.dune/OPAM`, then packages get installed within a sandbox, this is relocated to `/tmp/OPAM` but `OPAMROOT` and `OPAM_SWITCH_PREFIX` remained set to below `/tmp/buildXXXX.dune`, and things broke.
this made PWD always rw accessible on remove actions, and was possibly dangerous
Part of Fix the sandbox check with the new layout
the latter is required by the former, and better stay consistent with the compiler version used across arches.
…rs in switch directory path
3cfe557
to
68f87e7
Compare
Last update, rebased and commits squashed! |
Yay! |
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few warnings from OCaml which are worth eliminating (even on an LTS branch!)
…mat version field `opam-version' from the opam root version.
They provide reading function that don't error are reading, do no show/stop at erros (unless strict mode is enabled)
permit read only loading, with best effort on file reading. This is handled by function in `OpamStateConfig' that permit to load state files: config, switch-config, switch-state, and repos-config.
The sentinel group of kind `#` is now processed correctly in OpamFile.SyntaxFile. This allows, for example, opam 2.2 to use opam-file-format 2.1 and still have `opam-version: "2.2"`.
Backported commits for the 2.0.9 release
Note: blocking setup-ocaml w/dune
Still to cherry-pick
Error free opam root loading
Sandbox
$TMPDIR
to a separate tmpfs [Sandbox script: change handling of TMPDIR #4589 @AltGr]PWD
read-write on remove actions [Sandbox script: change handling of TMPDIR #4589 @AltGr]Lint
conf
#4549]Internal
Package building
--root
and--switch
are now reflected in environment variables when building packages so that calls toopam
during build access the correct root and switch [Make sure that OPAMROOT and OPAMSWITCH are properly set when executing build commands #4668 @LasseBlaauwbroek]Build
Pin
Infrastructure
Test