tar source introduces non-determinism
Summary
Similarly to #527 (closed), there is a concern that sources do not always stage the same thing depending on the host environment.
For the case of tar
, it is known to behave differently depending on whether it is run by root or not. All ownership bits are stripped, file types which the user is not allowed to create are ignored, as well as extended attributes which the user cannot create.
In the short term, we should ensure determinism when running BuildStream as root; in the future, we should be able to stage these files into the CAS based SourceCache (as described in #521) and will eventually be able to inform the source cache of the attributes which should appear in the sandbox without needing permissions to set the attributes on the actual underlying filesystem.
With all problems solved including #38, extracting a tarball should end up always having the effect of being root from the point of view of the sandbox, even when BuildStream is run as a regular user.