Add --trust_install_base option

[meteorcloudy]

This will allow Bazel client to run individually without the appended
zip archive, which is a requirement for Debian installation.

The following changes are made:

• Add --trust_install_base option. When this is enabled. Bazel client
  trusts the install base provided by --install_base option and skip
  the step of verifying the install directory. We need it because the
  Bazel client alone doesn't contain information to verify the install
  directory.
• Reimplement --version as an actual Bazel startup flag. The version
  info is read from the zip archive, but when --trust_install_base is
  enabled it should be read from the given install base.

Related: #9408
Fixes: #11842

[olekw]

I can confirm that this PR allows the Bazel binary to be safely stripped and will resolve #11842. I tested with a build and install in the current Debian unstable.

[michajlo]

Folding --version into regular option handling is something I had wanted to do when first adding it, but I didn't want to go too deep into figuring out/defining how it would get along with the option parsing semantics and the things that can go wrong between the 3rd line of Main and options parsing. Do you have any thoughts on those?

Also, documentation will need to be updated to reflect that --version is more lenient now, and we should add at least one test to show how it interacts with other options.

[meteorcloudy]

Folding --version into regular option handling is something I had wanted to do when first adding it, but I didn't want to go too deep into figuring out/defining how it would get along with the option parsing semantics and the things that can go wrong between the 3rd line of Main and options parsing. Do you have any thoughts on those?

So with the implementation in this PR. If the option parsing succeeded and --version is passed, Bazel will just print the version info, ignore other flags and possible bazel command, and exits. Comparing to the current behaviour that Bazel complains --version is not a recognized flag when other flags are passed, I think it is better.

Also, documentation will need to be updated to reflect that --version is more lenient now, and we should add at least one test to show how it interacts with other options.

Adding documentation and test sounds a good idea. Is there any original doc or test for --version available somewhere?

[meteorcloudy]

Test and documentation added, please take another look ;)

[philwo]

LGTM except for the build failures ;)

[meteorcloudy]

Oops, forgot to run git add 😅

Thanks for the fast review!

[meteorcloudy]

@michajlo Thanks for the review, please take another look ;)

[michajlo]

i wonder if people will nitpick on this... but all other flags aren't completely ignored... they're parsed (i believe including rc files) then dropped.

actually, this makes me think, should we skip rc parsing if --version is specified, so that a bad rc file doesn't mess things up? i also wonder if we can disallow --version from rc files, but that's probably not worth it...

[meisterT]

actually, this makes me think, should we skip rc parsing if --version is specified

Sounds like a good idea, but would implement in a different PR.

[michajlo]

document the intended use? (when install base is considered trusted, right?)

[michajlo]

This is making me realize, the semantics of --version differ now based on if --trust_install_base is specified. With --trust_install_base we print the version of the server, without --trust_install_base we print the version of the client. These could differ. This should definitely be documented, or (probably overkill) we could have separate flags...

[philwo]

These could differ.

How?

[michajlo]

Client and server versions fall out of sync. Could be user points client at diff install base, or that some update doesn't go as expected.

[olekw]

Client and server versions fall out of sync. Could be user points client at diff install base, or that some update doesn't go as expected.

FWIW, this would be a highly improbable situation in the Debian package. Certainly possible, but someone would have to purposely hack some things that they shouldn't be touching unless they're a Bazel developer or Debian package manager. ;)

[michajlo]

This would be for uses outside of debian as well.

[olekw]

Well of course! I'm just commenting within the scope of my expertise. 🙂 Additional uses are likely in the future but the official Debian package is presently the only user of the trust-install-base option.

[meisterT]

actually, this makes me think, should we skip rc parsing if --version is specified

Sounds like a good idea, but would implement in a different PR.

[meisterT]

I am a little surprised to see this down here.

What's the expected behavior of this option when no install base exists? I would not assume that it should create one (but it does above).

[mcarpenter]

Meanwhile... workaround for debian/ubuntu users whose bazel gets zapped by the prelinker:

# echo '-b /usr/bin/bazel-real' >> /etc/prelink.conf

(prelink(8) is invoked from /etc/cron.daily/prelink on Ubuntu 20.04).

[meisterT]

Yun, what's the state of this PR?

[meteorcloudy]

Sorry, I haven't found time for this recently. But it's on my to-do list. Will take on this ASAP!

[aiuto]

Friendly ping. If this will never merge, can you close it. That way we will stop seeing it in bug triage.

[meteorcloudy]

Sorry, about that. I'll close this for now until I have time to work on it again.