Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement macOS sandbox #7

Merged
merged 5 commits into from
Jun 2, 2024
Merged

Implement macOS sandbox #7

merged 5 commits into from
Jun 2, 2024

Conversation

erikreinert
Copy link
Member

@erikreinert erikreinert commented Jun 1, 2024
edited
Loading

Changes

  • implements sandbox-exec implementation for macOS
  • set warning only current support is macOS
  • cache checking on both client and server

@erikreinert
refactor(proto): remove Status and Retrieve RPCs from PackageService
a8cb4ab 
- Removed `Status` and `Retrieve` RPCs from `PackageService` in `package.proto`.
- Updated `BuildRequest` message to remove `ignore_paths` field and adjust field numbers.
- Removed `StatusRequest`, `StatusResponse`, `RetrieveRequest`, and `RetrieveResponse` messages from `package.proto`.

refactor(service): update service implementation to match proto changes

- Removed `Status` and `Retrieve` RPC implementations from `service.rs`.
- Updated `Build` RPC implementation to handle new `BuildRequest` structure.
- Refactored variable names for clarity and consistency.
- Added TODO comments for future implementation steps.

refactor(database): add find_source_by_id function

- Added `find_source_by_id` function to `database/mod.rs` to query source by ID.
- Renamed `find_source` to `find_source_by_uri` for clarity.
@erikreinert
refactor(builder): modularize build and prepare logic
25086a1 
- Moved build logic to `src/builder/build/mod.rs`
- Moved prepare logic to `src/builder/prepare/mod.rs`
- Updated `src/builder/service.rs` to use the new modularized functions
- Added `mod build` and `mod prepare` to `src/builder/mod.rs` for module inclusion
- Simplified `impl PackageService for Packager` by delegating to the new modularized functions
@erikreinert
feat: add new dependencies and update build process
da956aa 
- Added new dependencies: `bstr`, `crossbeam-deque`, `crossbeam-epoch`, `crossbeam-utils`, `globset`, `globwalk`, `ignore`, `pest`, `pest_derive`, `pest_generator`, `pest_meta`, `ryu`, `serde_json`, `signal-hook-registry`, `tera`, `ucd-trie`, `unic-char-property`, `unic-char-range`, `unic-common`, `unic-segment`, `unic-ucd-segment`, `unic-ucd-version`, `tempfile`.
- Updated `Cargo.lock` and `Cargo.toml` to include new dependencies.
- Modified `package.proto` to change `source_id` type from `string` to `int32` and renamed `BuildResponse` field `data` to `package_data`.
- Updated `flake.nix` with new `cargoSha256`.
- Enhanced build process in `build/mod.rs` to include new steps for handling temporary directories, scripts, and sandbox execution.
- Added `sandbox_default.rs` for sandbox profile template.
- Updated `prepare/mod.rs` to handle new source directory structure and unpacking logic.
- Modified database schema and functions to store and retrieve source by `hash` and `name` instead of `uri`.
- Refactored `store/mod.rs` to include new utility functions for handling paths, file hashes, and source unpacking.
- Updated `notary/mod.rs` to use async file operations and reduced key size to 2048 bits.
@erikreinert erikreinert self-assigned this Jun 2, 2024
@erikreinert erikreinert changed the title Implement sandbox envs Implement macOS sandbox Jun 2, 2024
@erikreinert
chore: add TODO comment to improve profile with more granular permiss…
7ad2b92 
…ions in sandbox_default.rs
@erikreinert
feat(api, builder): add compression flag to BuildResponse
79efd72 
- Updated `package.proto` to include `is_compressed` field in `BuildResponse` message.
- Modified `run` function in `mod.rs` to set `is_compressed` flag based on the presence of tar file.
- Added OS type check to ensure the build runs only on macOS.
- Adjusted build output path logic to handle both compressed and uncompressed package data.
- Improved logging to display the correct build output path.
@erikreinert erikreinert merged commit c0b89b6 into main Jun 2, 2024
2 checks passed
@erikreinert erikreinert deleted the feature/2-hermetically-sealed-sandboxes branch June 2, 2024 10:22
@erikreinert erikreinert mentioned this pull request Jun 2, 2024
Closed
2 tasks
@erikreinert erikreinert added this to the 0.1.0 milestone Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@erikreinert erikreinert

Labels
None yet
Projects
None yet
Milestone
0.1.0
Development

Successfully merging this pull request may close these issues.
1 participant
@erikreinert