merklize: Support masking unix_mode when building merkle trees (!583) · Merge requests · BuildGrid / buildbox / buildbox · GitLab

Zehao Chen requested to merge zchen723/merklize-permission-override into master May 10, 2024

Before raising this MR, consider whether the following are required, and complete if so:

Unit tests
Metrics
Documentation update(s)

Description

Support masking unix_mode (permissions) when building merkle trees.

For now, buildbox tools never set unix_mode and it's up to the worker sandbox to reconstruct the appropriate file permissions.

To support more flexible use cases, e.g., workspaces must be writable, we can add a callback when constructing merkle trees to override permissions.

Changes proposed in this merge request:

Add unixModeUpdater in make_nesteddirectory and File constructor.
~~Dangerous permissions, i.e. other and special, have to be explicitly added. IIRC, before this change, they can never be turned on if using both buildbox uploading tools and runners~~.
The original unix_mode can be captured if unix_mode is in the property set.

Edited May 14, 2024 by Zehao Chen