If branch is unset this is just a nicer way to set a
particular commit. However if both are set, then we verify
that the branch/tag is at that particular commit. This is
a nice way to document that we want to use a particular tag
but still protect against the tag changing or a MITM attack
modifying what that tag means.
We're doing a post-commit checkout directly to the app dir, which
means the fuse filesystem cache may get out of sync with the backing
directory. So, to ensure this doesn't happen we mount a fresh rofiles
fs for each build.
Instead of building directly into the app directory we build into a
rofiles-fuse mount of it, which allows us to safely check out the
cache into the app directory using hardlinks (because rofiles-fuse
will not let you modify hardlinked files).
Additionally, every time we commit to the cache we check out all
the new and modified files into the appdir so that we get hardlinks
to the repo for the new files too.
The advantage of having hardlinks to the repo is that we can commit
much more efficient since we don't have to do a full checksum of
the hardlinked files.
There are some issues here:
eu-strip fails due to doing in-place editin
rofiles-fuse is using lots of CPU, unclear if this is faster, needs
measurements
needs testing of how well the fallback works (ie. if fuse is not
working).
rofuse: use kernel caches
rofiles: check out after commit
Use devino cache
Only check out new files from cache after commit
This replaces all current callers of gs_file_ensure_directory with
equivalent code.
Actually, two instances were calling gs_file_ensure_directory with
FALSE, i.e. error out on EEXIST, but those cases seem fine with the
do-nothing-if-exists semantics.
Instead of a single ref we use one ref per stage (init, build module X,
cleanup, finish). This means we don't have to iterate in the cache
lookup, and it also means we get clean refs for each stage so one
can easily inspect the differences between the stages.
This has two advantages:
1) If building as non-root, then we can't modify xattrs, such as
selinux ones, yet selinux will write then, making a bare repo
not match the checksums (it has unexpected xattrs that selinux made)
2) We check out as MODE_NONE, not MODE_USER, which in combination with
BARE_USER forces the files to be copied out of the cache, rather
than using hardlinks into the cache which could mutate the cache.
