https://pantsbuild.org/ logo
#general
Title
# general
a

average-flag-94768

02/20/2023, 11:42 AM
It seems that if you have a pex_binary that uses the loose layout and you use the new docker environment you get a very cryptic error
Error expanding output globs: Permission denied (os error 13)
h

happy-kitchen-89482

02/20/2023, 2:25 PM
Sorry for the trouble, and thanks for the bug report!
a

average-flag-94768

02/20/2023, 2:26 PM
It's expected its a brand new feature on an unstable version, no need to apologise haha
h

happy-kitchen-89482

02/20/2023, 2:33 PM
And thanks for the other bug reports! As you say, new feature, so chaos...
e

enough-analyst-54434

02/20/2023, 3:47 PM
I'm pretty sure both of the bugs you hit @average-flag-94768 are due to a lack of attempting to handle the user executing docker actions (you) vs the user in the container image - typically
root
. I've gedankened this then found code to back up the guess on the tickets.
@happy-kitchen-89482 it seemed clear to me a week ago 2.15.x should be divorced from a feature. This just makes it more clear. This is presumably broken for ~every Linux docker image + host.
a

average-flag-94768

02/20/2023, 3:51 PM
Yeah that seems likely it's a classic executing in docker issue IMO, I normally have to do very ill advised things with permissions when mounting stuff into docker containers by hand to get round this.
e

enough-analyst-54434

02/20/2023, 3:51 PM
Yup, exactly.
I did this in Pex a long time ago to ~generically work around this issue: + https://github.com/pantsbuild/pex/blob/main/docker/user/Dockerfile + https://github.com/pantsbuild/pex/blob/main/docker/user/create_docker_image_user.sh Basically take any existing image and make it have a user that matches me.
Pants could do something similar here or it could just try getting away with actually passing uid:gid.
The image shim trick - which is I think basically all MS dev containers are - is trickier on a generic image since you don't know for sure what user and group administration commands exist in the base image. That varies per distro, and the commands might not exist at all for a containerless style super-slim image.
a

average-flag-94768

02/20/2023, 4:03 PM
That is a really neat trick
It also highlights the one weakness I think the current docker support has which is support for runtime build args that aren't env vars. I mean env vars do work, but they make explaining how to build a docker image to a member of a team very onerous, or require a wrapper script which annoys me as I feel the way pants could let any dev checkout the code and do
pants lint test package publish ::
is amazing and I don't want to add any more complexity to that command unless super neccesary.