Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hugo having issues in the sandbox #27

Open
ryanrf-ac opened this issue Jul 14, 2020 · 5 comments
Open

Hugo having issues in the sandbox #27

ryanrf-ac opened this issue Jul 14, 2020 · 5 comments

Comments

@ryanrf-ac
Copy link
Contributor

ryanrf-ac commented Jul 14, 2020

I realize this sounds a bit like the first issue on this repo, but I'm a bit unclear why execution_requirements = {'no-sandbox'} was removed. @gertvdijk could you please elaborate?

I'm hitting this issue, where Hugo is complaining about symlinks. I realize this is Bazel creating symlinks in an attempt to sandbox the inputs, but I'm not clear on how to resolve it. When I added execution_requirements = {'no-sandbox'} bazel was able to build my site successfully.

I should add that I'm using Bazel 0.26, so perhaps @gertvdijk's fix was related to a later version. I also realize that the .bazelversion in this project has 1.1.0, so maybe this is a bit of a shot in the dark for me. I'm also using Hugo 0.73.0.
The specific error I'm getting is

Error: add site dependencies: load resources: loading templates: symlinks not allowed in this filesystem
@ryanrf-ac
Copy link
Contributor Author

I just tried this with version bazel version 1.1.0 and I have the same results.

@uhthomas
Copy link

uhthomas commented Aug 7, 2020

@ryanrf-ac Did you ever get it to work? I'm also coming across this issue using Hugo v0.74.3. There's some discussion around a change on v0.56.0 which broke this behaviour.

It looks like this project is no longer maintained, so it might be worth making a fork.

@ryanrf-ac
Copy link
Contributor Author

@uhthomas I did sort of get it to work. I mean it worked, but I had to re-disable the sandbox mode that bazel uses. I started looking at bazel's sandboxfs, but couldn't get it to work.
I ended up forking this repo.

@uhthomas
Copy link

Perfect! Thanks for the reference.

I think this is more of a shame on Hugo's part, rather than the rules. I can't really understand why they would disallow symbolic links.

@ryanrf-ac
Copy link
Contributor Author

@uhthomas I think this is a mixture of both hugo and bazel. Bazel is choosing to fallback on creating a sandbox using symlinks to run everything from what it considers a safer location. Ideally, the sandbox would using isolation techniques like namespacing and cgroups, which can be used on linux, but on mac there's no such luck. I feel like getting sandboxfs to work would also be another solution here that would avoid symlinks, but I couldn't get that working, and the only docs I could find were a few years old.

From Hugo's point of view, my understanding is that symlinks can invite unwanted access in some cases, and can be messy. So discouraging their use makes sense, but I agree, preventing the use of symlinks seems a bit aggressive.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants