Adds --disable-sandbox to esy b (and esy-build-package)

esy · Aug 1, 2019 · df516af · df516af
1 parent adeffd5
commit df516af
Show file tree

Hide file tree

Showing 14 changed files with 123 additions and 30 deletions.
diff --git a/bin/Project.re b/bin/Project.re
@@ -151,6 +151,7 @@ let makeProject = (makeSolved, projcfg: ProjectConfig.t) => {
 
     RunAsync.ofBosError(
       EsyBuildPackage.Config.make(
+        ~disableSandbox=false,
         ~storePath,
         ~localStorePath=EsyInstall.SandboxSpec.storePath(projcfg.spec),
         ~projectPath=projcfg.spec.path,
@@ -709,13 +710,15 @@ let buildDependencies =
   };
 };
 
-let buildPackage = (~quiet, ~buildOnly, projcfg, sandbox, plan, pkg) => {
+let buildPackage =
+    (~quiet, ~disableSandbox, ~buildOnly, projcfg, sandbox, plan, pkg) => {
   checkSymlinks();
   let () =
     Logs.info(m =>
       m(
-        "running:@[<v>@;%s build-package \\@;%a@]",
+        "running:@[<v>@;%s build-package (disable-sandbox: %s)\\@;%a@]",
         projcfg.ProjectConfig.mainprg,
+        string_of_bool(disableSandbox),
         PackageId.pp,
         pkg.Package.id,
       )
@@ -725,6 +728,7 @@ let buildPackage = (~quiet, ~buildOnly, projcfg, sandbox, plan, pkg) => {
     ~force=true,
     ~quiet,
     ~buildOnly,
+    ~disableSandbox,
     sandbox,
     plan,
     pkg.id,

diff --git a/bin/Project.rei b/bin/Project.rei
@@ -69,6 +69,7 @@ let buildDependencies:
 let buildPackage:
   (
     ~quiet: bool,
+    ~disableSandbox: bool,
     ~buildOnly: bool,
     ProjectConfig.t,
     BuildSandbox.t,

diff --git a/bin/esy.re b/bin/esy.re
@@ -462,6 +462,7 @@ let build =
       ~skipStalenessCheck=false,
       mode,
       pkgarg,
+      disableSandbox,
       cmd,
       proj: Project.t,
     ) => {
@@ -485,6 +486,7 @@ let build =
       Project.buildPackage(
         ~quiet=true,
         ~buildOnly,
+        ~disableSandbox,
         proj.projcfg,
         fetched.Project.sandbox,
         plan,
@@ -547,9 +549,10 @@ let execEnv = (asJson, pkgarg, proj: Project.t) =>
     (),
   );
 
-let exec = (mode, chdir, pkgarg, cmd, proj: Project.t) => {
+let exec = (mode, chdir, pkgarg, disableSandbox, cmd, proj: Project.t) => {
   open RunAsync.Syntax;
-  let%bind () = build(~buildOnly=false, mode, PkgArg.root, None, proj);
+  let%bind () =
+    build(~buildOnly=false, mode, PkgArg.root, disableSandbox, None, proj);
   let f = pkg =>
     Project.execCommand(
       ~checkIfDependenciesAreBuilt=false, /* not needed as we build an entire sandbox above */
@@ -1370,11 +1373,12 @@ let printHeader = (~spec=?, name) =>
 
 let default = (chdir, cmdAndPkg, proj: Project.t) => {
   open RunAsync.Syntax;
+  let disableSandbox = false;
   let%lwt fetched = Project.fetched(proj);
   switch (fetched, cmdAndPkg) {
   | (Ok(_), None) =>
     let%lwt () = printHeader(~spec=proj.projcfg.spec, "esy");
-    build(BuildDev, PkgArg.root, None, proj);
+    build(BuildDev, PkgArg.root, disableSandbox, None, proj);
   | (Ok(_), Some((None, cmd))) =>
     switch (Scripts.find(Cmd.getTool(cmd), proj.scripts)) {
     | Some(script) => runScript(script, Cmd.getArgs(cmd), proj)
@@ -1389,7 +1393,7 @@ let default = (chdir, cmdAndPkg, proj: Project.t) => {
     let%bind () = solveAndFetch(proj);
     let%bind (proj, files) = Project.make(proj.projcfg);
     let%bind () = Project.write(proj, files);
-    build(BuildDev, PkgArg.root, None, proj);
+    build(BuildDev, PkgArg.root, disableSandbox, None, proj);
   | (Error(_) as err, Some((None, cmd))) =>
     switch (Scripts.find(Cmd.getTool(cmd), proj.scripts)) {
     | Some(script) => runScript(script, Cmd.getArgs(cmd), proj)
@@ -1487,7 +1491,16 @@ let commandsConfig = {
 
   let commands = {
     let buildCommand = {
-      let run = (mode, pkgarg, install, skipStalenessCheck, cmd, proj) => {
+      let run =
+          (
+            mode,
+            pkgarg,
+            disableSandbox,
+            install,
+            skipStalenessCheck,
+            cmd,
+            proj,
+          ) => {
         let () =
           switch (cmd) {
           | None =>
@@ -1502,6 +1515,7 @@ let commandsConfig = {
           ~skipStalenessCheck,
           mode,
           pkgarg,
+          disableSandbox,
           cmd,
           proj,
         );
@@ -1517,6 +1531,11 @@ let commandsConfig = {
           const(run)
           $ modeTerm
           $ pkgTerm
+          $ Arg.(
+              value
+              & flag
+              & info(["disable-sandbox"], ~doc="Disables sandbox")
+            )
           $ Arg.(
               value
               & flag
@@ -1581,6 +1600,11 @@ let commandsConfig = {
           $ modeTerm
           $ chdirTerm
           $ pkgTerm
+          $ Arg.(
+              value
+              & flag
+              & info(["disable-sandbox"], ~doc="Disables sandbox")
+            )
           $ Cli.cmdTerm(
               ~doc="Command to execute within the sandbox environment.",
               ~docv="COMMAND",

diff --git a/esy-build-package/Build.re b/esy-build-package/Build.re
@@ -211,7 +211,7 @@ let configureBuild = (~cfg: Config.t, plan: Plan.t) => {
         };
       Ok({Sandbox.allowWrite: allowWrite});
     };
-    Sandbox.init(config);
+    Sandbox.init(config, ~noSandbox=cfg.disableSandbox);
   };
 
   return({

diff --git a/esy-build-package/Config.re b/esy-build-package/Config.re
@@ -5,6 +5,7 @@ type t = {
   projectPath: EsyLib.Path.t,
   storePath: EsyLib.Path.t,
   localStorePath: EsyLib.Path.t,
+  disableSandbox: bool,
 };
 
 type config = t;
@@ -42,7 +43,7 @@ let rec configureStorePath = cfg => {
   return(path);
 };
 
-let make = (~storePath, ~projectPath, ~localStorePath, ()) => {
+let make = (~storePath, ~projectPath, ~localStorePath, ~disableSandbox, ()) => {
   open Run;
   let%bind storePath = configureStorePath(storePath);
   let%bind () =
@@ -61,7 +62,7 @@ let make = (~storePath, ~projectPath, ~localStorePath, ()) => {
       };
     };
   let%bind () = initStore(localStorePath);
-  return({projectPath, storePath, localStorePath});
+  return({projectPath, storePath, localStorePath, disableSandbox});
 };
 
 let render = (cfg, v) => {

diff --git a/esy-build-package/Config.rei b/esy-build-package/Config.rei
@@ -3,6 +3,7 @@ type t =
     projectPath: Fpath.t,
     storePath: Fpath.t,
     localStorePath: Fpath.t,
+    disableSandbox: bool,
   };
 
 let pp: Fmt.t(t);
@@ -21,6 +22,7 @@ let make:
     ~storePath: storePathConfig,
     ~projectPath: Fpath.t,
     ~localStorePath: Fpath.t,
+    ~disableSandbox: bool,
     unit
   ) =>
   Run.t(t, _);

diff --git a/esy-build-package/Sandbox.re b/esy-build-package/Sandbox.re
@@ -115,14 +115,21 @@ module NoSandbox = {
   };
 };
 
-let init = (config: config) =>
-  switch (EsyLib.System.Platform.host) {
-  | Windows => Windows.sandboxExec(config)
-  | Darwin => Darwin.sandboxExec(config)
-  | _ => NoSandbox.sandboxExec(config)
+let init = (config: config, ~noSandbox) =>
+  if (noSandbox) {
+    NoSandbox.sandboxExec(config);
+  } else {
+    switch (EsyLib.System.Platform.host) {
+    | Windows => Windows.sandboxExec(config)
+    | Darwin => Darwin.sandboxExec(config)
+    | _ => NoSandbox.sandboxExec(config)
+    };
   };
 
 let exec = (~env, sandbox: sandbox, cmd) => {
+  /* print_endline(Astring.String.Map.get("PATH", env)); */
+  /* print_endline(Astring.String.Map.get("LD_LIBRARY_PATH", env)); */
+  /* print_endline(Astring.String.Map.get("PKG_CONFIG_PATH", env)); */
   let result = sandbox(~env, cmd);
   (result: result(_, err) :> Run.t(_, _));
 };
diff --git a/esy-build-package/Sandbox.rei b/esy-build-package/Sandbox.rei
@@ -13,7 +13,7 @@ type config = {allowWrite: list(pattern)};
 type sandbox;
 
 /* Init sandbox */
-let init: config => Run.t(sandbox, _);
+let init: (config, ~noSandbox: bool) => Run.t(sandbox, _);
 
 /* Exec command in the sandbox. */
 let exec:

diff --git a/esy-build-package/bin/esyBuildPackageCommand.re b/esy-build-package/bin/esyBuildPackageCommand.re
@@ -14,6 +14,7 @@ type commonOpts = {
   localStorePath: option(Fpath.t),
   projectPath: option(Fpath.t),
   logLevel: option(Logs.level),
+  disableSandbox: bool,
 };
 
 let setupLog = (style_renderer, level) => {
@@ -26,7 +27,7 @@ let setupLog = (style_renderer, level) => {
 
 let createConfig = (copts: commonOpts) => {
   open Run;
-  let {storePath, localStorePath, projectPath, _} = copts;
+  let {storePath, localStorePath, projectPath, disableSandbox, _} = copts;
   let%bind currentPath = Bos.OS.Dir.current();
   let projectPath = Option.orDefault(~default=currentPath, projectPath);
   let storePath =
@@ -39,6 +40,7 @@ let createConfig = (copts: commonOpts) => {
     ~localStorePath=
       Option.orDefault(~default=projectPath / "_store", localStorePath),
     ~projectPath,
+    ~disableSandbox,
     (),
   );
 };
@@ -236,18 +238,33 @@ let () = {
         & info(["plan", "p"], ~env, ~docs, ~docv="PATH", ~doc)
       );
     };
+    let disableSandbox = {
+      let doc = "Disables sandboxing and builds the package without. CAUTION: this can be dangerous";
+      Arg.(value & flag & info(["disable-sandbox"], ~docs, ~doc));
+    };
     let setupLogT =
       Term.(
         const(setupLog)
         $ Fmt_cli.style_renderer()
         $ Logs_cli.level(~env=Arg.env_var("ESY__LOG"), ())
       );
-    let parse = (projectPath, storePath, localStorePath, planPath, logLevel) => {
-      projectPath,
-      storePath,
-      localStorePath,
-      planPath,
-      logLevel,
+    let parse =
+        (
+          projectPath,
+          storePath,
+          localStorePath,
+          planPath,
+          logLevel,
+          disableSandbox,
+        ) => {
+      {
+        projectPath,
+        storePath,
+        localStorePath,
+        planPath,
+        logLevel,
+        disableSandbox,
+      };
     };
     Term.(
       const(parse)
@@ -256,6 +273,7 @@ let () = {
       $ localStorePath
       $ planPath
       $ setupLogT
+      $ disableSandbox
     );
   };
   /* Command terms */

diff --git a/esy-build/BuildSandbox.re b/esy-build/BuildSandbox.re
@@ -1097,7 +1097,8 @@ let makeSymlinksToStore = (sandbox, task) => {
   return();
 };
 
-let buildTask = (~quiet=?, ~buildOnly=?, ~logPath=?, sandbox, task) => {
+let buildTask =
+    (~quiet=?, ~buildOnly=?, ~logPath=?, ~disableSandbox=?, sandbox, task) => {
   open RunAsync.Syntax;
   let%lwt () = Logs_lwt.debug(m => m("build %a", Task.pp, task));
   let plan = Task.plan(task);
@@ -1108,6 +1109,7 @@ let buildTask = (~quiet=?, ~buildOnly=?, ~logPath=?, sandbox, task) => {
         ~quiet?,
         ~buildOnly?,
         ~logPath?,
+        ~disableSandbox?,
         sandbox.cfg,
         plan,
       )
@@ -1125,18 +1127,41 @@ let buildTask = (~quiet=?, ~buildOnly=?, ~logPath=?, sandbox, task) => {
 };
 
 let buildOnly =
-    (~force, ~quiet=?, ~buildOnly=?, ~logPath=?, sandbox, plan, id) =>
+    (
+      ~force,
+      ~quiet=?,
+      ~buildOnly=?,
+      ~logPath=?,
+      ~disableSandbox=?,
+      sandbox,
+      plan,
+      id,
+    ) =>
   RunAsync.Syntax.(
     switch (Plan.get(plan, id)) {
     | Some(task) =>
       if (!force) {
         if%bind (isBuilt(sandbox, task)) {
           return();
         } else {
-          buildTask(~quiet?, ~buildOnly?, ~logPath?, sandbox, task);
+          buildTask(
+            ~quiet?,
+            ~buildOnly?,
+            ~logPath?,
+            ~disableSandbox?,
+            sandbox,
+            task,
+          );
         };
       } else {
-        buildTask(~quiet?, ~buildOnly?, ~logPath?, sandbox, task);
+        buildTask(
+          ~quiet?,
+          ~buildOnly?,
+          ~logPath?,
+          ~disableSandbox?,
+          sandbox,
+          task,
+        );
       }
     | None => RunAsync.return()
     }

diff --git a/esy-build/BuildSandbox.rei b/esy-build/BuildSandbox.rei
@@ -100,6 +100,7 @@ let buildOnly:
     ~quiet: bool=?,
     ~buildOnly: bool=?,
     ~logPath: Path.t=?,
+    ~disableSandbox: bool=?,
     t,
     Plan.t,
     PackageId.t