It seems that if you have a pex_binary that uses t...
# generala
average-flag-94768
02/20/2023, 11:42 AMIt seems that if you have a pex_binary that uses the loose layout and you use the new docker environment you get a very cryptic error
Error expanding output globs: Permission denied (os error 13)average-flag-94768
02/20/2023, 11:50 AMI've raised a bug for it here: https://github.com/pantsbuild/pants/issues/18306
h
happy-kitchen-89482
02/20/2023, 2:25 PMSorry for the trouble, and thanks for the bug report!
a
average-flag-94768
02/20/2023, 2:26 PMIt's expected its a brand new feature on an unstable version, no need to apologise haha
h
happy-kitchen-89482
02/20/2023, 2:33 PMAnd thanks for the other bug reports! As you say, new feature, so chaos...
e
enough-analyst-54434
02/20/2023, 3:47 PMI'm pretty sure both of the bugs you hit @average-flag-94768 are due to a lack of attempting to handle the user executing docker actions (you) vs the user in the container image - typically
rootenough-analyst-54434
02/20/2023, 3:48 PM@happy-kitchen-89482 it seemed clear to me a week ago 2.15.x should be divorced from a feature. This just makes it more clear. This is presumably broken for ~every Linux docker image + host.
a
average-flag-94768
02/20/2023, 3:51 PMYeah that seems likely it's a classic executing in docker issue IMO, I normally have to do very ill advised things with permissions when mounting stuff into docker containers by hand to get round this.
e
enough-analyst-54434
02/20/2023, 3:51 PMYup, exactly.
enough-analyst-54434
02/20/2023, 3:54 PMI did this in Pex a long time ago to ~generically work around this issue:
+ https://github.com/pantsbuild/pex/blob/main/docker/user/Dockerfile
+ https://github.com/pantsbuild/pex/blob/main/docker/user/create_docker_image_user.sh
Basically take any existing image and make it have a user that matches me.
enough-analyst-54434
02/20/2023, 3:54 PMPants could do something similar here or it could just try getting away with actually passing uid:gid.
enough-analyst-54434
02/20/2023, 3:56 PMThe image shim trick - which is I think basically all MS dev containers are - is trickier on a generic image since you don't know for sure what user and group administration commands exist in the base image. That varies per distro, and the commands might not exist at all for a containerless style super-slim image.
a
average-flag-94768
02/20/2023, 4:03 PMThat is a really neat trick
average-flag-94768
02/20/2023, 4:14 PMIt also highlights the one weakness I think the current docker support has which is support for runtime build args that aren't env vars. I mean env vars do work, but they make explaining how to build a docker image to a member of a team very onerous, or require a wrapper script which annoys me as I feel the way pants could let any dev checkout the code and do
pants lint test package publish ::