This significantly improves scrubbing performance. Since the cache directory structure is friendly to simultaneous access, this is possible without synchronisation.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This result was mistakenly unused resulting in incorrect identifiers for artifacts with duplicate dependencies.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This imposes a hard upper limit to concurrency during dependency satisfaction and moves all dependency-related code out of individual implementations of Artifact. This change also includes ctx and msg as part of Cache.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This removes all but the /work/ auto overlay behaviour and enables much greater flexibility. This also renames ExecContainerPath to ExecPath so it is easier to type.
Signed-off-by: Ophestra <cat@gensokyo.uk>
These are not encoded in the format, they are rejected here to serve as a check for cache since checksum is computed for every directory.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This directly submits the upperdir to cache. It is primarily used in bootstrapping where tools are limited and should not be used unless there is a very good reason to.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This sets up the last Artifact to target /tmp as a writable overlay mount backed by the host side temp directory. This is useful for an Artifact containing source code to be built for another Artifact for example.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This makes it possible to use an Artifact as root without arranging for directory creation in the Artifact ahead of time.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This optionally attaches an output checksum to an execArtifact and enables host networking for the resulting container.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This runs a program in a container environment. Artifacts can be made available to the container, they are cured concurrently and mounted in order.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This makes the checksum consistent with the final resting state of artifact directories without incurring the cost of an extra pair of chown syscalls.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The previous implementation exposes arbitrary user input to the cache as an identifier, which is highly error-prone and can cause the cache to enter an inconsistent state if the user is not careful. This change replaces the implementation to compute identifier late, using url string as params.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This must be writable to enable renaming, and the final result is conventionally read-only alongside the entire directory contents. This change overrides the permission bits as part of Store.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This works on any directories and should be robust against any bad state the artifact curing process might have failed at.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This makes the decoder safe against untrusted input without hurting performance for a trusted stream. This should still not be called against untrusted input though.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The fact that Gob serialisation is deterministic is an implementation detail. This change replaces Gob with a simple custom format.
Signed-off-by: Ophestra <cat@gensokyo.uk>
