avoid false positive PermissionError in declare_dependency #14342
Conversation
Do the is_dir() test last, once it's known that the directory is related to the source directory. Signed-off-by: Paolo Bonzini <[email protected]>
| # Note that p.is_dir() can raise a PermissionError if a parent does not have | ||
| # the executable permission set. Test it last, and only after checking that | ||
| # v is within the project's source directory, to avoid false positives for | ||
| # e.g. root owned directories under /var. | ||
| if p.is_absolute() \ | ||
| and (self.is_subproject() or srcdir / self.subproject_dir not in p.parents) \ | ||
| and srcdir / self.root_subdir in [p] + list(Path(os.path.abspath(p)).parents) \ | ||
| and p.is_dir(): |
There was a problem hiding this comment.
Generally speaking, the issue here is that pathlib "concrete path" ops are bad and should not be used, use os.path.*() functions instead (and just pass pathlib "rich path" objects to it).
Basically, try to use pathlib.PurePath whenever possible and shun any function calls that are only available in Path and missing from PurePath.
There was a problem hiding this comment.
Ok, so to understand you're asking me to get rid of Path completely?
There was a problem hiding this comment.
It would probably be easier to do something meaningful by merging #14110 first and building on top of it...
There was a problem hiding this comment.
That's also a possibility, but (for what it's worth) I'm not sure that the OSError is an undesirable behavior—having an inaccessible directory inside the source tree is quite a bad idea after all, and Meson is able to report the error as a likely problematic build environment. And there are reasons in favor of both returning false like os.path.isdir() and letting the exception surface like Path.is_dir() (not the least: the latter can always be turned into the former).
So I still prefer to start with this patch to minimize the impact outside fixing the bug.
There was a problem hiding this comment.
How does one end up with an inaccessible directory inside the source tree? And should we similarly add special handling if subdir/meson.build is inaccessible/unreadable? (By which I mean to say, any code at all that attempts to care about the distinction, rather than treating it as "the user broke it and now gets to keep both pieces".)
Keep in mind that the "error case" here is,
someone attempts to export and then use a declare_dependency() directory variable, and the accessing code fails to be special cased but instead treats it as a setup-time error to try to utilize this (unreadable!) directory owned by a subproject.
Again, I think it's overall a systematic mistake to use pathlib.Path for e.g. checking filesystem availability because the stdlib is buggy and badly designed.
If a directory that is passed to declare_dependency is not accessible (a parent has the x permission cleared), this can result in an OSError:
This can cause false positives, for example, if the directory is under /var and root-owned. Do the is_dir() test last, once it's known that the directory is related to the source directory, to avoid the false positives.
Fixes: #13584