This directly submits the upperdir to cache. It is primarily used in bootstrapping where tools are limited and should not be used unless there is a very good reason to.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This works around the fact that execArtifact always creates the work directory when setting up the bind mount.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This sets up the last Artifact to target /tmp as a writable overlay mount backed by the host side temp directory. This is useful for an Artifact containing source code to be built for another Artifact for example.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Only write should be cleared here, clearing execute causes execArtifact to be unable to start anything since no Artifact is able to produce an executable file.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This makes it possible to use an Artifact as root without arranging for directory creation in the Artifact ahead of time.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This optionally attaches an output checksum to an execArtifact and enables host networking for the resulting container.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This was using the old pre-KnownChecksum function signature. It did not affect correctness since httpArtifact performs internal validation to avoid the strict mode vfs roundtrip, but it prevented content-addressed cache hits.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This runs a program in a container environment. Artifacts can be made available to the container, they are cured concurrently and mounted in order.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This change adds a method to check on-disk cache consistency and destroy inconsistent entries as they are encountered. This primarily helps verify artifact implementation correctness, but can also repair a cache that got into an inconsistent state from curing a misbehaving artifact, without having to destroy the entire cache.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This makes the checksum consistent with the final resting state of artifact directories without incurring the cost of an extra pair of chown syscalls.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This allows for more flexibility during implementation. The use case that required this was for expanding single directory tarballs.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The previous implementation exposes arbitrary user input to the cache as an identifier, which is highly error-prone and can cause the cache to enter an inconsistent state if the user is not careful. This change replaces the implementation to compute identifier late, using url string as params.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This moves all cache I/O code to Cache. Artifact now only contains methods for constructing their actual contents.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This must be writable to enable renaming, and the final result is conventionally read-only alongside the entire directory contents. This change overrides the permission bits as part of Store.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is still not ideal as it makes entry into Store sequential. This will be improved after more usage code is written.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This works on any directories and should be robust against any bad state the artifact curing process might have failed at.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This provides infrastructure for computing a deterministic identifier based on current artifact kind, opaque parameters data, and optional dependency kind and identifiers.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This makes the decoder safe against untrusted input without hurting performance for a trusted stream. This should still not be called against untrusted input though.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The fact that Gob serialisation is deterministic is an implementation detail. This change replaces Gob with a simple custom format.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Turns out this did not work because in the vm test harness, virtualisation.fileSystems completely and silently overrides fileSystems, causing its contents to not even be evaluated anymore. This is not documented as far as I can tell, and is not obvious by any stretch of the imagination. The current hack is cargo culted from nix-community/impermanence and hopefully lasts until this project fully replaces nix.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This optional behaviour is required on NixOS as it is otherwise impossible to set this up: systemd.mounts breaks startup order somehow even though my unit looks identical to generated ones, fileSystems does not support any kind of initialisation or ordering other than against other mount points.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This should have been handled in a custom option parsing function, but that much extra complexity is unnecessary for this edge case. Honestly I do not know why libfuse does not handle this itself.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This replaces the forking daemonise libfuse function which prevents Go callbacks from calling into the runtime. This also enforces least privilege on the daemon process.
Signed-off-by: Ophestra <cat@gensokyo.uk>
