We are developing and using a deterministic build system (BuildStream) to build GNOME.
Since by default, cargo wants to contact the internet at build time, we are vendoring all the dependencies continuously only for the crates we depend on, into a separate repo which appears at /usr/share/crates in the sandboxed build environment.
The problem is that when building a component that depends on larlpop, the build fails because larlpop tries to write to something inside /usr/share/crates, which is intentionally read-only.
Here is the relevant part of the build output when trying to build librsvg which depends on larlpop:
Compiling lalrpop v0.13.1
Running `rustc --crate-name build_script_build /usr/share/crates/lalrpop/build.rs --crate-type bin --emit=dep-info,link -C opt-level=3 -C metadata=a81abc411cf1e2ff -C extra-filename=-a81abc411cf1e2ff --out-dir /buildstream/build/rust/target/release/build/lalrpop-a81abc411cf1e2ff -L dependency=/buildstream/build/rust/target/release/deps --extern lalrpop_snap=/buildstream/build/rust/target/release/deps/liblalrpop_snap-bbd43b86986a6077.rlib --cap-lints allow`
Running `/buildstream/build/rust/target/release/build/lalrpop-a81abc411cf1e2ff/build-script-build`
error: failed to run custom build command for `lalrpop v0.13.1`
process didn't exit successfully: `/buildstream/build/rust/target/release/build/lalrpop-a81abc411cf1e2ff/build-script-build` (exit code: 101)
--- stdout
processing file `/usr/share/crates/lalrpop/src/parser/lrgrammar.lalrpop`
--- stderr
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Error { repr: Os { code: 30, message: "Read-only file system" } }', src/libcore/result.rs:860:4
stack backtrace:
0: std::sys::imp::backtrace::tracing::imp::unwind_backtrace
1: std::sys_common::backtrace::_print
2: std::panicking::default_hook::{{closure}}
3: std::panicking::default_hook
4: std::panicking::rust_panic_with_hook
5: std::panicking::begin_panic_new
6: std::panicking::begin_panic_fmt
7: rust_begin_unwind
8: core::panicking::panic_fmt
9: core::result::unwrap_failed
10: build_script_build::main
11: __rust_maybe_catch_panic
12: std::rt::lang_start
13: __libc_start_main
14: _start
We are developing and using a deterministic build system (BuildStream) to build GNOME.
Since by default, cargo wants to contact the internet at build time, we are vendoring all the dependencies continuously only for the crates we depend on, into a separate repo which appears at
/usr/share/cratesin the sandboxed build environment.The problem is that when building a component that depends on larlpop, the build fails because larlpop tries to write to something inside
/usr/share/crates, which is intentionally read-only.Here is the relevant part of the build output when trying to build librsvg which depends on larlpop: