Re: [BuildStream] Protect against plugin modifications of artifacts
- From: William Salmon <will salmon codethink co uk>
- To: Tristan Van Berkom <tristan vanberkom codethink co uk>
- Cc: dev buildstream apache org, buildstream-list gnome org
- Subject: Re: [BuildStream] Protect against plugin modifications of artifacts
- Date: Wed, 24 Jun 2020 13:52:09 +0100
On 24/06/2020 09:19, Tristan Van Berkom wrote:
Hi Will,
[...]
With all of that out of the way, I'd like to separately reply to this:
   "A repeatable plugin should not have a issue with writing to the
    sandbox. So long as what is written is completely determined by the
    yaml in the project (element.bst + project.conf + dep.bst) and is
    thus repeatable and deterministic."
So, to reuse a term which I came up with in the above text,
"dynamic controlled content" for lack of a better term, could perhaps
simply be a resolved %{variable} (which could contain a lot of text and
act like a template, with conditionally resolved variables substituted
within).
If this is such an interesting feature to have, I don't see much reason
why we could not implement such a feature in BuildStream, even using
Python plugins. This could be an Element API which takes a Sandbox, a
"%{variable}" name and an absolute path, which could stage a resolved
variable as the content of a file in the sandbox safely.
It would be interesting to see a proposal for such a feature, probably
I would argue that the permissions used to stage such a file be very
limited, or unspecified (something matching the hard coded permissions
used to stage files from Sources into the sandbox).
I don't strongly disagree with the jist of this. Things like `with 
conditionally resolved variables` seems like it might hint at the 
required flexibility.
That said, a controlled feature like this would be an extremely far cry
from allowing python code to simply write whatever they want into the
sandbox, and would not allow for the non-deterministic things which are
currently being done by existing plugins which exploit this currently
existing weakness.
In fact I have said in this thread:
"""I am not saying that this API should not be improved or that there is 
no room to make it better"""
I would think that we can come up with something that would be enough 
for many of the EXISTING AND IN-USE plugins that have been created and 
used in good faith that need to put things in to the sandbox. As well as 
supporting the plugin's that should exist like a genimage plugin.
I look forward to getting the details sorted so we can be sure they are 
useful and reproducible.
I don't think its a good idea to remove the old API without adding the 
new API as this would brake and block many existing projects who are 
trying to track bst-master and are providing feed back and many bug 
reports and some MR's.
[
Date Prev][
Date Next]   [
Thread Prev][
Thread Next]   
[
Thread Index]
[
Date Index]
[
Author Index]