merklize: Support masking unix_mode when building merkle trees
Before raising this MR, consider whether the following are required, and complete if so:
-
Unit tests -
Metrics -
Documentation update(s)
Description
Support masking unix_mode (permissions) when building merkle trees.
For now, buildbox tools never set unix_mode
and it's up to the worker sandbox to reconstruct the appropriate file permissions.
To support more flexible use cases, e.g., workspaces must be writable, we can add a callback when constructing merkle trees to override permissions.
Changes proposed in this merge request:
- Add
unixModeUpdater
inmake_nesteddirectory
andFile
constructor. -
Dangerous permissions, i.e. other and special, have to be explicitly added. IIRC, before this change, they can never be turned on if using both buildbox uploading tools and runners. - The original
unix_mode
can be captured ifunix_mode
is in the property set.
Edited by Zehao Chen