cache icon indicating copy to clipboard operation
cache copied to clipboard

Published 20 hours ago verified publisher icon actions

BUG: dumb check makes cache fail

Open jelmd opened this issue 3 years ago • 5 comments 

...
      - name: Fetch stack cache
        id: stack_cache
        uses: actions/cache@v2
        with:
          path: /var/tmp/stack
          key: stack-${{ runner.os }}
...

fails with Preventing creation of stack root '/tmp/stack/'. Parent directory '/tmp/' is owned by someone else. This is absolutely non-sense because such directories (/tmp, /var/tmp, /dev/shm and possibly others) are especially made writeable by anybody - have mode 01777. So please skip such bogus checks and just try-and-error to get a robust implementation (or is handling ACLs on the todo list as well?).

jelmd avatar Dec 10 '21 08:12 jelmd

@jelmd can you please share full logs for the step/job

bishal-pdMSFT avatar Dec 21 '21 03:12 bishal-pdMSFT

You may check https://github.com/jelmd/Hets/actions - somewhere in the 150+ try and error runs it is buried (don't know any trick, how to grab all ...). Anyway, setting STACK_ROOT: /var/tmp/stack in https://github.com/jelmd/Hets/blob/master/.github/workflows/ci-test.yml should trigger the error.

jelmd avatar Dec 21 '21 05:12 jelmd

Cache action does not use /tmp path directly nor does it restrict by doing such a check.

However, the runner may not have access to /tmp and it is recommended to use runner's dedicated temp directory. You can use RUNNER_TEMP environment variable in the workflow file and workflow orchestration ensures that runner has access to this path. Let me know if this helps.

bishal-pdMSFT avatar Jan 26 '22 17:01 bishal-pdMSFT

This is a workaround but not a fix. The check is buggy and needs to be fixed (it draws a wrong conclusion: the OS allows writing because its perms are rwxrwxrwxt aka 01777 - actions are absolutely useless, if I have to write my own OS dependent shell scripts to circumvent all the bugs of GHA). BTW: On Linux/*x a lot of utilities rely on /tmp and /var/tmp to be writeable by anyone and GHA should adhere to it, i.e not prevent its use and follow POSIX standard:

E.g.

The Open Group Base Specifications Issue 7, 2018 edition IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008) Copyright © 2001-2018 IEEE and The Open Group.

10.1 Directory Structure and Files ... The following directories shall exist on conforming systems and conforming applications shall make use of them only as described. Strictly conforming applications shall not assume the ability to create files in any of these directories, unless specified below. ...

/tmp A directory made available for applications that need a place to create temporary files. Applications shall be allowed to create files in this directory, but shall not assume that such files are preserved between invocations of the application. ...

jelmd avatar Jan 27 '22 03:01 jelmd

A car cleaning app model. It can provide bookings, select cars and location to locate, and other features to place order.

beendonbrown avatar Jun 18 '22 19:06 beendonbrown

The action does not do any explicit check on access to /tmp. It fails as it tries to read/write there and fails. If you think the action should have this access, please create an issue on runner repo.

bishal-pdMSFT avatar Nov 24 '22 06:11 bishal-pdMSFT