Compiling go code, inside host mounted folder prevent the binary file being executable #602
Comments
|
Digging a little bit more into that running the go compiler with I tried to cp an executable file to a mounted dir and it lost its executable bit |
|
I can reproduce this, on my machine. It gets 644 on sshfs, and 755 in $HOME. |
|
I've seen this also. |
|
Go does some kind of special trick, to try to determine the umask. Apparently it goes horribly wrong, under sshfs. // The perm argument is meant to be adjusted according to umask,
// but we don't know what the umask is.
// Create a dummy file to find out.
// This avoids build tags and works even on systems like Plan 9
// where the file mask computation incorporates other information.
mode := perm
f, err := os.OpenFile(filepath.Clean(dst)+"-go-tmp-umask", os.O_WRONLY|os.O_CREATE|os.O_EXCL, perm)
if err == nil {
fi, err := f.Stat()
if err == nil {
mode = fi.Mode() & 0777
}
name := f.Name()
f.Close()
os.Remove(name)
}
if err := os.Chmod(src, mode); err == nil {
if err := os.Rename(src, dst); err == nil {
if cfg.BuildX {
b.Showcmd("", "mv %s %s", src, dst)
}
return nil
}
}Sadly it never logs the secret But it is clearly visible when using $HOME: /tmp/lima: EDIT: That would be $HOME in the VM, not $HOME on the host i.e. |
|
Reproducer: package main import (
"fmt"
"io/fs"
"os"
)
func main() {
perm := fs.FileMode(0777)
dst := "test"
mode := perm
f, err := os.OpenFile(dst+"-go-tmp-umask", os.O_WRONLY|os.O_CREATE|os.O_EXCL, perm)
if err == nil {
fi, err := f.Stat()
if err == nil {
mode = fi.Mode() & 0777
}
name := f.Name()
f.Close()
os.Remove(name)
}
fmt.Printf("%s: %v\n", dst, mode)
}
$ go version
go version go1.17 linux/amd64
$ umask
0002
|
|
This is a bug, in the SFTP server that lima is using (through sshocker): Apparently it has been broken since day one, in the github.com/pkg/sftp server: f, err := os.OpenFile(toLocalPath(p.Path), osFlags, 0644)
if err != nil {
return statusFromError(p.ID, err)
}So always uses |
|
I fixed the code, but it sorta made it worse. There is no agreement on using umask, so now the go binary is According to docs, https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7.6 Currently, neither Maybe it should be ported to the Go package, so that you end up with some sane default like https://bugzilla.mindrot.org/show_bug.cgi?id=1844 EDIT: Here was the code: afbjorklund/sftp@244f752 |
Lima manages virtual machines on macOS, which can be used as a replacement to `Docker Desktop`. Currently, Lima contains a bug that leads to go binaries not being executable if they have been built inside a mounted volume (lima-vm/lima#602). As a workaround, add execution to the file permissions explicitly. This should be a no-op when Lima is not used, for example on Linux systems.
Lima manages virtual machines on macOS, which can be used as a replacement to `Docker Desktop`. Currently, Lima contains a bug that leads to go binaries not being executable if they have been built inside a mounted volume (lima-vm/lima#602). As a workaround, add execution to the file permissions explicitly. This should be a no-op when Lima is not used, for example on Linux systems.
Lima manages virtual machines on macOS, which can be used as a replacement to `Docker Desktop`. Currently, Lima contains a bug that leads to go binaries not being executable if they have been built inside a mounted volume (lima-vm/lima#602). As a workaround, add execution to the file permissions explicitly. This should be a no-op when Lima is not used, for example on Linux systems.
Lima manages virtual machines on macOS, which can be used as a replacement to `Docker Desktop`. Currently, Lima contains a bug that leads to go binaries not being executable if they have been built inside a mounted volume (lima-vm/lima#602). As a workaround, add execution to the file permissions explicitly. This should be a no-op when Lima is not used, for example on Linux systems.
Lima manages virtual machines on macOS, which can be used as a replacement to `Docker Desktop`. Currently, Lima contains a bug that leads to go binaries not being executable if they have been built inside a mounted volume (lima-vm/lima#602). As a workaround, add execution to the file permissions explicitly. This should be a no-op when Lima is not used, for example on Linux systems.
Lima manages virtual machines on macOS, which can be used as a replacement to `Docker Desktop`. Currently, Lima contains a bug that leads to go binaries not being executable if they have been built inside a mounted volume (lima-vm/lima#602). As a workaround, add execution to the file permissions explicitly. This should be a no-op when Lima is not used, for example on Linux systems.
Lima manages virtual machines on macOS, which can be used as a replacement to `Docker Desktop`. Currently, Lima contains a bug that leads to go binaries not being executable if they have been built inside a mounted volume (lima-vm/lima#602). As a workaround, add execution to the file permissions explicitly. This should be a no-op when Lima is not used, for example on Linux systems.
Description
limactl version 0.8.1After picking up a shell session on the lima vm or running from inside a docker container, building go binaries inside a mount:
go build -o $MOUNTED_HOST_FOLDER ./cmd/server/main.goresults in creating the main file not executable:
-rw-r--r-- 1 lima dialout 35264925 Jan 27 15:00 mainSame done to a vm folder:
go build -o $HOME ./cmd/server/main.goresults in:
-rwxrwxr-x 1 lima lima 35264925 Jan 27 15:03 mainThis prevents us from switching from Docker Desktop to lima + docker seamlessly without modification to our workflows expecting the binary to be executable after compilation.
NOTE: chmod on the file works as intended, we have a workaround but requires us some modifications.
The text was updated successfully, but these errors were encountered: