Context
As far as I understand, BuildStream is supposed to preserve unix file permissions to a certain extent. However, the user write permission bit seems to be lost from files when checking out built artifacts. This issue is not seen with bst16.
Description
When checking out artifacts using --hardlinks in bst2, it seems that the u+w permission is removed from every file (or almost every file?) compared to the permission for that file when it was originally collected as part of bst build.
From limited testing with the Flatpak repo built in the freedesktop-sdk project, it appears that only the user write bit disapears, while all other unix permission bits are retained.
Slightly unrelated to this, and potentially a different issue is when checking out artifacts without --hardlinks, bst2 appears to set file permissions according to umask, resulting in file permissions which are yet again different from the file permissions that were present when the files were originally collected.
Impact
Among other issues, this behavior leads OSTree repos which are collected into artifacts to be considered corrupted by ostree fsck. This is because OSTree repo include file permissions in their hash calculaition for objects, so this file permission change is detected as a file a corruption.
This file permission change and its effect on OSTree repos was found to be reason why the freedesktop-sdk project couldn't publish its Flatpak repo to its remote release server since moving from bst16 to bst2 in the master branch.
The only workaround found for this issue was to check out artifacts without --hardlinks and with a specific umask that provides the expected file permissions. However, this results in massive disk I/O overhead for the freedesktop-sdk project.
References:
cc: @abderrahim, @gtristan, @nanonyme
Context
As far as I understand, BuildStream is supposed to preserve unix file permissions to a certain extent. However, the user write permission bit seems to be lost from files when checking out built artifacts. This issue is not seen with bst16.
Description
When checking out artifacts using
--hardlinksin bst2, it seems that theu+wpermission is removed from every file (or almost every file?) compared to the permission for that file when it was originally collected as part ofbst build.From limited testing with the Flatpak repo built in the
freedesktop-sdkproject, it appears that only the user write bit disapears, while all other unix permission bits are retained.Slightly unrelated to this, and potentially a different issue is when checking out artifacts without
--hardlinks, bst2 appears to set file permissions according toumask, resulting in file permissions which are yet again different from the file permissions that were present when the files were originally collected.Impact
Among other issues, this behavior leads OSTree repos which are collected into artifacts to be considered corrupted by
ostree fsck. This is because OSTree repo include file permissions in their hash calculaition for objects, so this file permission change is detected as a file a corruption.This file permission change and its effect on OSTree repos was found to be reason why the
freedesktop-sdkproject couldn't publish its Flatpak repo to its remote release server since moving from bst16 to bst2 in themasterbranch.The only workaround found for this issue was to check out artifacts without
--hardlinksand with a specificumaskthat provides the expected file permissions. However, this results in massive disk I/O overhead for thefreedesktop-sdkproject.References:
freedesktop-sdkCI: (this is from the push job of the bst2 MR, where the issue was first seen)https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/jobs/2929504305#L46
ostree fsckcommand here:https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/jobs/3315563117#L1249
cc: @abderrahim, @gtristan, @nanonyme