-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bundle Extraction Directory: Default to a users-specific tmp directory on Unix systems #3846
Comments
Isn't the plan to forgo the entire bundle extraction mechanism in future, and read all bundle constituents from mmap? |
@am11 in .net 5, we'll reduce the reliance on extraction for single-file apps. However, extraction may still be supported for including custom native DLLs within the single-file app. We also want to fix the extraction directory permission issue for a servicing fix to 3.1. |
In order to fix this problem, a few options are:
If single-file bundles use extraction in .net 5 (for certain file types), we should use solution (4) above. In .net 3.1 servicing fix, we’ll go after a simpler solution, by extracting to a user-specific directory: |
…e-file apps (#2329) In .net core 3, single file apps run by extracting the bundled contents to a temp directory. The extraction directory is machine specific, and can be set through DOTNET_BUNDLE_EXTRACT_BASE_DIR environment variable. When this setting is not configured, the host tries to use certain default directories. On windows, extraction is within %TMPDIR%, which is user specific. On Unix systems $TMPDIR/.net if set, which may be user specific (ex: MAC) Otherwise, the extraction directory is within /var/tmp/ or /tmp/ which is common to all users, and may be locked by a specific user on first creation. Therefore, this change fixes this issue by defaulting the extraction base directory in Unix systems to `<temp-dir>/.net/<user-ID>` , where `<temp-dir>/.net/` has permission 0777, and `<temp-dir>/.net/<user-ID>/` has permission 01700. This fix will be migrated to coreclr/3.1 branch for servicing. Testing: Manual testing on Unix/Mac systems, since we don't have the setup to add automated tests with multiple users. Issue #3846
…tory dotnet/runtime#3846 On some Unix systems, multiple users cannot use single-file apps on the same machine. In .net core 3, single file apps run by extracting the bundled contents to a temp directory. The extraction directory is machine specific, and can be set through DOTNET_BUNDLE_EXTRACT_BASE_DIR environment variable. When this setting is not configured, the host tries to use certain default directories. On windows, extraction is within %TMPDIR%, which is user specific. On Unix systems $TMPDIR/.net if set, which may be user specific (ex: MAC) Otherwise, the extraction directory is within /var/tmp/ or /tmp/ which is common to all users, and may be locked by a specific user on first creation. This change fixes this issue by defaulting the extraction base directory in Unix systems to <temp-dir>/.net/<user-ID> , where <temp-dir>/.net/ has permission 0777, and <temp-dir>/.net/<user-ID>/ has permission 0700. Low, scenario is contained, change is small. dotnet/runtime#2329
…tory dotnet/runtime#3846 On some Unix systems, multiple users cannot use single-file apps on the same machine. In .net core 3, single file apps run by extracting the bundled contents to a temp directory. The extraction directory is machine specific, and can be set through DOTNET_BUNDLE_EXTRACT_BASE_DIR environment variable. When this setting is not configured, the host tries to use certain default directories. On windows, extraction is within %TMPDIR%, which is user specific. On Unix systems $TMPDIR/.net if set, which may be user specific (ex: MAC) Otherwise, the extraction directory is within /var/tmp/ or /tmp/ which is common to all users, and may be locked by a specific user on first creation. This change fixes this issue by defaulting the extraction base directory in Unix systems to <temp-dir>/.net/<user-ID> , where <temp-dir>/.net/ has permission 0777, and <temp-dir>/.net/<user-ID>/ has permission 0700. Low, scenario is contained, change is small. dotnet/runtime#2329
…tory ** Issue dotnet/runtime#3846 ** Customer Scenario On some Unix systems, multiple users cannot use single-file apps on the same machine. ** Problem In .net core 3, single file apps run by extracting the bundled contents to a temp directory. The extraction directory is machine specific, and can be set through DOTNET_BUNDLE_EXTRACT_BASE_DIR environment variable. When this setting is not configured, the host tries to use certain default directories. On windows, extraction is within %TMPDIR%, which is user specific. On Unix systems $TMPDIR/.net if set, which may be user specific (ex: MAC) Otherwise, the extraction directory is within /var/tmp/ or /tmp/ which is common to all users, and may be locked by a specific user on first creation. ** Solution This change fixes this issue by defaulting the extraction base directory in Unix systems to <temp-dir>/.net/<user-ID> , where <temp-dir>/.net/ has permission 0777, and <temp-dir>/.net/<user-ID>/ has permission 0700. ** Risk Low, scenario is contained, change is small. ** Master Branch dotnet/runtime#2329
…tory (#9011) ** Issue dotnet/runtime#3846 ** Customer Scenario On some Unix systems, multiple users cannot use single-file apps on the same machine. ** Problem In .net core 3, single file apps run by extracting the bundled contents to a temp directory. The extraction directory is machine specific, and can be set through DOTNET_BUNDLE_EXTRACT_BASE_DIR environment variable. When this setting is not configured, the host tries to use certain default directories. On windows, extraction is within %TMPDIR%, which is user specific. On Unix systems $TMPDIR/.net if set, which may be user specific (ex: MAC) Otherwise, the extraction directory is within /var/tmp/ or /tmp/ which is common to all users, and may be locked by a specific user on first creation. ** Solution This change fixes this issue by defaulting the extraction base directory in Unix systems to <temp-dir>/.net/<user-ID> , where <temp-dir>/.net/ has permission 0777, and <temp-dir>/.net/<user-ID>/ has permission 0700. ** Risk Low, scenario is contained, change is small. ** Master Branch dotnet/runtime#2329
Hey @swaroop-sridhar, could you let me know if this fix is expected to land in 3.1.4, or maybe has already landed in 3.1.x series? Thank you in advance for answering. |
This fix is expected in 3.1.4. |
Same here! |
I just tried the 3.1.4 build, and it hasn't really improved the bundle extraction. It still requires the user to set Example:
And if you set
After creating the EDIT: After reading through the PR carefully, this change will only work if the |
@xPaw can you please add a few more details:
|
I built on Windows 10, and then tried to run it on Debian 10 (both a separate server, and WSL). It was built with 3.1.4. The problem is that Besides, as you can see changing |
Thanks for confirming @xPaw. Any colliding directory structures that mask the extraction directory (whether created by an earlier .net host, or via any other process will need to be cleaned up) for the apps to work correctly. Otherwise, a non-colliding path should be specified using Did you provide an absolute path in |
In .net core 3, single file apps run by extracting the bundled contents to a temp directory.
The extraction directory is machine specific, and can be set through
DOTNET_BUNDLE_EXTRACT_BASE_DIR
environment variable.When this setting is not configured, the host tries to use certain default directories.
On windows, extraction is within
%TMPDIR%
, which is user specific.On Unix systems (like MAC) where
$TMPDIR
is set, extraction happens there -- and this is also user specific.Otherwise, the extraction directory is within
/var/tmp/
or/tmp/
which is common to all users, and may be locked by a specific user on first creation. Therefore, fix this issue by choosing something like/var/tmp/<user-id>/.net/...
or$HOME/.net/...
.This fix ameliorates the current problem, but is still robust -- especially within the TMP directory because any user can create a similar directory structure inaccessible to others. So the best way to configure the extraction directory is by setting
BUNDLE_EXTRACTION_BASE_DIR
.The text was updated successfully, but these errors were encountered: