Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the shared ccache optional #844

Merged
merged 2 commits into from
Nov 26, 2020
Merged

Make the shared ccache optional #844

merged 2 commits into from
Nov 26, 2020

Conversation

cottsay
Copy link
Member

@cottsay cottsay commented Nov 11, 2020

It isn't obvious or expected that running buildfarm tasks locally (outside of Jenkins) could modify the local ccache of the user invoking the command. This change disables ccache sharing by default. It can be re-enabled using the newly added shared_ccache build file option.

@cottsay
Make the shared ccache optional
d46ab45 
It isn't obvious or expected that running buildfarm tasks locally
(outside of Jenkins) could modify the local ccache of the user invoking
the command. This change disables ccache sharing by default. It can be
re-enabled using the newly added `shared_ccache` build file option.
@cottsay cottsay self-assigned this Nov 11, 2020
nuclearsandwich
nuclearsandwich approved these changes Nov 12, 2020
View reviewed changes
Copy link
Contributor

@nuclearsandwich nuclearsandwich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making sure the new option is documented. Looks good to me.

@nuclearsandwich nuclearsandwich merged commit b112ab9 into master Nov 26, 2020
@nuclearsandwich nuclearsandwich deleted the cottsay/optional_ccache branch November 26, 2020 01:00
@mathias-luedtke
Copy link
Contributor

This PR disables the ccache sharing by default..
Where did you set the option to true for the buildfarm?

And am I right that there is no way to enable it for pre-release tests?

@mathias-luedtke mathias-luedtke mentioned this pull request May 4, 2021
Open
@cottsay
Copy link
Member Author

cottsay commented May 4, 2021

This is disabled on build.ros.org and build.ros2.org.

The approach implemented in ros_buildfarm shares the cache among ALL packages and ALL jobs. We've concluded that the benefits provided by ccache do not outweigh the risks of a misconfigured or malicious package poisoning that global cache.

Additional development is necessary to either secure the cache by enforcing that only authorized (signed) compilers are contributing to it, or making the cache local to only the package or job. Right now, we don't have any plans to implement either of those features. Pull requests are welcome, as always.

@mathias-luedtke
Copy link
Contributor

Thanks for the clarification!

I will try to add a CLI option for the generation scripts..

This was referenced May 11, 2022
Closed
Open
@j-rivero j-rivero mentioned this pull request Feb 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nuclearsandwich nuclearsandwich nuclearsandwich approved these changes

Assignees

@cottsay cottsay

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cottsay @mathias-luedtke @nuclearsandwich