-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8336498: [macos] [build]: install-file macro may run into permission denied error #20203
Conversation
👋 Welcome back lucy! A progress list of the required criteria for merging this PR into |
@RealLucy This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 275 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks trivial. Can you hint on how to reproduce the issue? E.g. for which file I should remove the user write permission to get the build failing?
Thank you for the review, @RealCLanger ! Creating a reproducer is not completely trivial. There are two file properties that must be true at the same time:
You can prepare any source file accordingly (file mode and attributes are copied with the command parameters used). In my setup, According to my experience, it is unpredictable which files will satisfy the above requirements. On good days, no file has attributes attached while being r/o. On bad days, there are multiple such files. |
Hello @RealLucy, On a general note, after removing the extended attributes, should we consider switching the permissions of that file back to the original? |
Yes, I had that thought. But what was the original state? How could we remember it? Was the file r/w already before? I did not want to over-engineer the fix, so I kept it as simple as possible. |
Last chance to comment. Otherwise, I will integrate during the weekend. |
Hello Lutz, would it be possible to wait a few more days on this one? It would be good to have someone from the build area to review this. They are out currently. In the meantime, I will run this change in our CI to verify nothing breaks. |
Sure, I'll stand by. |
Hello Lutz,
I ran tier1 through tier8 with this change, in our CI and I didn't see anything related fail. |
Any new opinion on this PR? From the build people, for example? |
Hi, I'm back from vacation now. I feel a bit okay-ish about this fix. To be honest, we have not really been good at ensuring proper file permissions at all times, but instead resorted to this kind of adhoc-fixes whenever problems arise. So in that spirit, I guess this is as good as any of the previous such fixes. But on the other hand, I don't like that state of affairs. I'm even more vexed by the fact that you state that the extended attributes and/or the write protection come and go erratically. I think it might be wise to spend a bit more effort trying to figure out why this happens. |
Looks like we are taking turns. Now I'm on vacation. Thorough analysis of why the issue pops up occasionally will have to wait until I'm back (Aug 19th). I have no specific idea in which direction I should start my search, though. It might be an influence from the environment. |
Enjoy your vacation! 🌴 I'd suggest starting by checking all files for extended attributes and their permissions (like |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we want to make a file read-only in the build output, it needs to happen explicitly after any copy operation. I think it's fine to leave write permission for the user in this case.
The only reason I could imagine this happening is if the source tree (or subsets thereof) has somehow ended up read-only. That seems like a user environment problem, but we shouldn't fail like this because of it.
Back from vacation, working through the pile of tasks... @erikj79 An influence of the user environment, that is my suspicion as well (see above). I would go ahead an integrate tomorrow (Wednesday), if there is no veto. |
I'm still ok with this patch. |
/integrate |
Going to push as commit 715fa8f.
Your commit was automatically rebased without conflicts. |
On MacOS, files may have extended attributes attached. These attributes are copied together with the files. To prevent issues during further processing, the extended attributes of the copies must be removed. This action was implemented as solution of an older bug.
The solution is incomplete because it does not handle files with read-only permissions correctly. Without write permission, matter cannot remove the extended attributes. The action is rejected with a "permission denied" error.
The issue is present in all releases. I reproduced it in 11, 17, ... 23, head
The solution is to "chmod u+w" only those files which need to have their extended attributes removed.
Backport note: in releases prior to jdk23, the change needs to go into file MakeBase.gmk.
Testing @SAP completed without any related issues.
Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/20203/head:pull/20203
$ git checkout pull/20203
Update a local copy of the PR:
$ git checkout pull/20203
$ git pull https://git.openjdk.org/jdk.git pull/20203/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 20203
View PR using the GUI difftool:
$ git pr show -t 20203
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/20203.diff
Webrev
Link to Webrev Comment