[antlir2][hoist] fix permissions

Summary: Use `sudo` when necessary, but make sure that the output files are still owned by the repo user. Test Plan: ``` ❯ buck2 build --show-output fbcode//metalos/os/facebook/tests:hoist_sudoers Buck UI: https://www.internalfb.com/buck2/e0b4c80f-bcb6-4f65-840b-cd406e4e7af4 Note: Using experimental modern dice Network: Up: 0B Down: 0B (reSessionID-c55e1500-bc13-472b-989b-5fa6a0256c3c) Jobs completed: 9. Time elapsed: 0.8s. Cache hits: 0%. Commands: 1 (cached: 0, remote: 0, local: 1) BUILD SUCCEEDED fbcode//metalos/os/facebook/tests:hoist_sudoers buck-out/v2/gen/fbcode/ee098b6d71c39c87/metalos/os/facebook/tests/__hoist_sudoers__/sudoers vmagro@devvm456.ncg0 in fbsource ❯ stat buck-out/v2/gen/fbcode/ee098b6d71c39c87/metalos/os/facebook/tests/__hoist_sudoers__/sudoers File: buck-out/v2/gen/fbcode/ee098b6d71c39c87/metalos/os/facebook/tests/__hoist_sudoers__/sudoers Size: 26856 Blocks: 56 IO Block: 4096 regular file Device: 21h/33d Inode: 152339007 Links: 1 Access: (0644/-rw-r--r--) Uid: (115203/ vmagro) Gid: ( 100/ users) Access: 2024-05-14 06:07:50.491523561 -0700 Modify: 2024-05-14 06:07:50.449523324 -0700 Change: 2024-05-14 06:07:50.488523544 -0700 Birth: 2024-05-14 06:07:50.449523324 -0700 ``` Reviewed By: sergeyfd Differential Revision: D57331663 fbshipit-source-id: c6f43d56831f3c064c7cc8ca1d462002a3005e67
facebookincubator · May 14, 2024 · 7eed801 · 7eed801
1 parent 59e7aad
commit 7eed801
Showing 1 changed file with 41 additions and 5 deletions.
diff --git a/antlir/antlir2/bzl/hoist.bzl b/antlir/antlir2/bzl/hoist.bzl
@@ -4,25 +4,44 @@
 # LICENSE file in the root directory of this source tree.
 
 load("@prelude//:paths.bzl", "paths")
+load("//antlir/antlir2/antlir2_rootless:package.bzl", "get_antlir2_rootless")
 load("//antlir/antlir2/bzl:platform.bzl", "rule_with_default_target_platform")
-load(":types.bzl", "LayerInfo")
+load("//antlir/antlir2/bzl:types.bzl", "LayerInfo")
+load("//antlir/antlir2/bzl/image:cfg.bzl", "attrs_selected_by_cfg", "cfg_attrs")
+load("//antlir/antlir2/os:package.bzl", "get_default_os_for_package", "should_all_images_in_package_use_default_os")
 
 def _impl(ctx: AnalysisContext) -> list[Provider]:
     out = ctx.actions.declare_output(
         ctx.attrs.out or paths.basename(ctx.attrs.path) or ctx.attrs.name,
         dir = ctx.attrs.dir,
     )
-    ctx.actions.run(
+    script = ctx.actions.write("hoist.sh", cmd_args(
+        "#!/bin/bash",
+        "set -e",
         cmd_args(
+            "sudo" if not ctx.attrs._rootless else cmd_args(),
             "cp",
-            cmd_args("--recursive") if ctx.attrs.dir else cmd_args(),
+            "--recursive" if ctx.attrs.dir else cmd_args(),
             "--reflink=auto",
             cmd_args(
                 ctx.attrs.layer[LayerInfo].subvol_symlink,
                 format = "{{}}/{}".format(ctx.attrs.path.lstrip("/")),
             ),
             out.as_output(),
+            delimiter = " ",
         ),
+        cmd_args(
+            "sudo",
+            "chown",
+            "--recursive" if ctx.attrs.dir else cmd_args(),
+            "$(id -u):$(id -g)",
+            out.as_output(),
+            delimiter = " ",
+        ) if not ctx.attrs._rootless else cmd_args(),
+        delimiter = "\n",
+    ), is_executable = True)
+    ctx.actions.run(
+        cmd_args(script).hidden(out.as_output(), ctx.attrs.layer[LayerInfo].subvol_symlink),
         category = "hoist",
         local_only = True,  # local subvol
     )
@@ -39,7 +58,24 @@ _hoist = rule(
         "layer": attrs.dep(providers = [LayerInfo]),
         "out": attrs.option(attrs.string(doc = "rename output file"), default = None),
         "path": attrs.string(),
-    },
+    } | attrs_selected_by_cfg() | cfg_attrs(),
 )
 
-hoist = rule_with_default_target_platform(_hoist)
+_hoist_macro = rule_with_default_target_platform(_hoist)
+
+def hoist(
+        *,
+        name: str,
+        default_os: str | None = None,
+        rootless: bool | None = None,
+        **kwargs):
+    if should_all_images_in_package_use_default_os():
+        default_os = default_os or get_default_os_for_package()
+    if rootless == None:
+        rootless = get_antlir2_rootless()
+    _hoist_macro(
+        name = name,
+        default_os = default_os,
+        rootless = rootless,
+        **kwargs
+    )