New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tempfile: Add support for TempFile
#239
Conversation
Side note...I have kind of lost track of how many times I have implemented Linux O_TMPFILE stuff. A long time ago I wrote a C implementation of this in ostree, then cleaned it up and factored it out into https://gitlab.gnome.org/GNOME/libglnx where I also did fd-relative i.e. C Then...Rust came along, I eventually decided to build on openat and reimplement it again in openat-ext. So this is at least the 4th time, but I am pretty sure I also did some stuff around this in glib but at this point that's getting to be a distant memory. But anyways, I for one am looking forward to going into the second half of my career mostly writing Rust code, and also hopefully not writing basic code to manipulate temporary files again... |
5210dc7
to
459eb9c
Compare
OK I belatedly realized that having the API pass in (The latter path will want the "compute current process umask" code that lives in the test suite for now) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK I belatedly realized that having the API pass in
Permissions
was really just a workaround for a long ago fixed glibc bug. I think we can relatively safely rely on that being fixed - if some user shows up bitten by it, we could have rustix do the direct syscall path, or perhaps try to detect it and fall back to not usingO_TMPFILE
.
According to the linked bug report, the bug is present in glibc 2.20, however Rust itself is only now updating its minimum glibc version to 2.17. Unless it's a major obstacle, I'd prefer to have cap-std continue to support the versions of glibc supported by Rust.
0c99e11
to
1f5f2a5
Compare
OK, MacOS and Windows should compile at least now. |
Yeah, fair. Though it should be noted, it looks like the tempfile crate uses this unconditionally today.
Perhaps one possible trick here could be to use a weak symbol to detect if we have a new enough glibc? I'd guess rustix could expose some API for this, given that it's effectively doing it internally; for example if we have |
The `cap-tempfile` crate ironically only supports temporary directories right now. This adapts code I wrote as part of https://github.com/coreos/cap-std-ext/ to add support for temporary files that can also be atomically linked into place.
1f5f2a5
to
daddde7
Compare
Or we could use |
I think to do that nicely we'd want to make |
(Don't worry about the windows-2016 failure btw.) I think this PR is in good shape; I just want to figure out the
If I understand correctly, that code in the tempfile is using
My sense here is that this is something that would be better to handle internally in rustix, rather than exposing an API. Detecting it by using the |
Ah yes, I think you're right.
Sounds good to me! |
I briefly looked at this, and today the Here's my hack to duplicate it:
|
This works around https://sourceware.org/bugzilla/show_bug.cgi?id=17523 Where the `openat` wrapper is buggy if `O_TMPFILE` is provided on (now quite old) glibc versions. Use the presence of the `getrandom` symbol to detect if we have a fixed glibc or not. Will be used by bytecodealliance/cap-std#239 which is wiring up use of `O_TMPFILE` in cap-std.
OK moving that bit to bytecodealliance/rustix#268 |
This works around https://sourceware.org/bugzilla/show_bug.cgi?id=17523 Where the `openat` wrapper is buggy if `O_TMPFILE` is provided on (now quite old) glibc versions. Use the presence of the `getrandom` symbol to detect if we have a fixed glibc or not. Will be used by bytecodealliance/cap-std#239 which is wiring up use of `O_TMPFILE` in cap-std.
This works around https://sourceware.org/bugzilla/show_bug.cgi?id=17523 Where the `openat` wrapper is buggy if `O_TMPFILE` is provided on (now quite old) glibc versions. Use the presence of the `getrandom` symbol to detect if we have a fixed glibc or not. Will be used by bytecodealliance/cap-std#239 which is wiring up use of `O_TMPFILE` in cap-std.
This works around https://sourceware.org/bugzilla/show_bug.cgi?id=17523 Where the `openat` wrapper is buggy if `O_TMPFILE` is provided on (now quite old) glibc versions. Use the presence of the `getrandom` symbol to detect if we have a fixed glibc or not. Will be used by bytecodealliance/cap-std#239 which is wiring up use of `O_TMPFILE` in cap-std.
This works around https://sourceware.org/bugzilla/show_bug.cgi?id=17523 Where the `openat` wrapper is buggy if `O_TMPFILE` is provided on (now quite old) glibc versions. Use the presence of the `getrandom` symbol to detect if we have a fixed glibc or not. Will be used by bytecodealliance/cap-std#239 which is wiring up use of `O_TMPFILE` in cap-std.
This works around https://sourceware.org/bugzilla/show_bug.cgi?id=17523 Where the `openat` wrapper is buggy if `O_TMPFILE` is provided on (now quite old) glibc versions. Use the presence of the `getrandom` symbol to detect if we have a fixed glibc or not. Will be used by bytecodealliance/cap-std#239 which is wiring up use of `O_TMPFILE` in cap-std.
This works around https://sourceware.org/bugzilla/show_bug.cgi?id=17523 Where the `openat` wrapper is buggy if `O_TMPFILE` is provided on (now quite old) glibc versions. Use the presence of the `getrandom` symbol to detect if we have a fixed glibc or not. Will be used by bytecodealliance/cap-std#239 which is wiring up use of `O_TMPFILE` in cap-std.
This works around https://sourceware.org/bugzilla/show_bug.cgi?id=17523 Where the `openat` wrapper is buggy if `O_TMPFILE` is provided on (now quite old) glibc versions. Use the presence of the `getrandom` symbol to detect if we have a fixed glibc or not. Will be used by bytecodealliance/cap-std#239 which is wiring up use of `O_TMPFILE` in cap-std.
bytecodealliance/rustix#268 is now released, in rustix 0.33.6. |
Anything else that needs doing from my side for this? |
Ah, thanks for the ping. Looks like this is ready to go, the CI failure is just windows-2016 which is fixed on main. |
Now that all the core logic has been drained into `cap_tempfile::TempFile` in bytecodealliance/cap-std#239 we can just use it directly. NOTE: This changes the semantics of some of the APIs; the previous `replace()` API tried to do "reuse previous file mode if it existed" but I think that's just a confusing trap. Anything writing the file in the general case needs to know the permissions it wants to use.
Follow up to this in coreos/cap-std-ext#12 |
Now that all the core logic has been drained into `cap_tempfile::TempFile` in bytecodealliance/cap-std#239 we can just use it directly. NOTE: This changes the semantics of some of the APIs; the previous `replace()` API tried to do "reuse previous file mode if it existed" but I think that's just a confusing trap. Anything writing the file in the general case needs to know the permissions it wants to use.
The
cap-tempfile
crate ironically only supports temporarydirectories right now.
This adapts code I wrote as part of https://github.com/coreos/cap-std-ext/
to add support for temporary files that can also be atomically
linked into place.