Google Git
Sign in
pigweed/third_party/github/bazelbuild/rules_python/6854dc3880b1ff81659ad4a36fb2e6551f41d0e2^!/.
commit
6854dc3880b1ff81659ad4a36fb2e6551f41d0e2
[log]
author
Matt Mackay <matthew.mackay@robinhood.com>
Sat Apr 05 14:42:03 2025 -0400
committer
GitHub <noreply@github.com>
Sat Apr 05 18:42:03 2025 +0000
tree
977b96bdd84d3206079619d9ebde86c6805d8507
parent
e5fa023b27cf3583eb9e45efcbcb887e660ce65f [diff]
fix: treat ignore_root_user_error either ignored or warning (#2739)

Previously
[#2636](https://github.com/bazel-contrib/rules_python/pull/2636) changed
the semantics of `ignore_root_user_error` from "ignore" to "warning".
This is now flipped back to ignoring the issue, and will only emit a
warning when the attribute is set `False`.

This does also change the semantics of what #2636 did by flipping the
attribute, as now there is no warning, and the user would have to
explicitly set it to `False` (they don't want to ignore the error) to
see the warning.

Co-authored-by: Richard Levasseur <rlevasseur@google.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5172e74..dbb0c03 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md

@@ -69,6 +69,10 @@
 * (toolchains) Remove all but `3.8.20` versions of the Python `3.8` interpreter who has
   reached EOL. If users still need other versions of the `3.8` interpreter, please supply
   the URLs manually {bzl:obj}`python.toolchain` or {bzl:obj}`python_register_toolchains` calls.
+* (toolchains) Previously [#2636](https://github.com/bazel-contrib/rules_python/pull/2636)
+  changed the semantics of `ignore_root_user_error` from "ignore" to "warning". This is now
+  flipped back to ignoring the issue, and will only emit a warning when the attribute is set
+  `False`.  
 * (pypi) The PyPI extension will no longer write the lock file entries as the
   extension has been marked reproducible.
   Fixes [#2434](https://github.com/bazel-contrib/rules_python/issues/2434).

diff --git a/python/private/python.bzl b/python/private/python.bzl
index 296fb0a..efc4294 100644
--- a/python/private/python.bzl
+++ b/python/private/python.bzl

@@ -803,8 +803,8 @@
 However, if the user is running Bazel as root, this read-onlyness is not
 respected. Bazel will print a warning message when it detects that the runtime
 installation is writable despite being made read only (i.e. it's running with
-root access). If this attribute is set to `False`, Bazel will make it a hard
-error to run with root access instead.
+root access) while this attribute is set `False`, however this messaging can be ignored by setting
+this to `False`.
 """,
             mandatory = False,
         ),

diff --git a/python/private/python_repository.bzl b/python/private/python_repository.bzl
index f3ec13d..cfc0645 100644
--- a/python/private/python_repository.bzl
+++ b/python/private/python_repository.bzl

@@ -137,28 +137,30 @@
             logger = logger,
         )
 
-        fail_or_warn = logger.warn if rctx.attr.ignore_root_user_error else logger.fail
-        exec_result = repo_utils.execute_unchecked(
-            rctx,
-            op = "python_repository.TestReadOnly",
-            arguments = [repo_utils.which_checked(rctx, "touch"), "lib/.test"],
-            logger = logger,
-        )
-
-        # The issue with running as root is the installation is no longer
-        # read-only, so the problems due to pyc can resurface.
-        if exec_result.return_code == 0:
-            stdout = repo_utils.execute_checked_stdout(
+        # If the user is not ignoring the warnings, then proceed to run a check,
+        # otherwise these steps can be skipped, as they both result in some warning.
+        if not rctx.attr.ignore_root_user_error:
+            exec_result = repo_utils.execute_unchecked(
                 rctx,
-                op = "python_repository.GetUserId",
-                arguments = [repo_utils.which_checked(rctx, "id"), "-u"],
+                op = "python_repository.TestReadOnly",
+                arguments = [repo_utils.which_checked(rctx, "touch"), "lib/.test"],
                 logger = logger,
             )
-            uid = int(stdout.strip())
-            if uid == 0:
-                fail_or_warn("The current user is root, which can cause spurious cache misses or build failures with the hermetic Python interpreter. See https://github.com/bazel-contrib/rules_python/pull/713.")
-            else:
-                fail_or_warn("The current user has CAP_DAC_OVERRIDE set, which can cause spurious cache misses or build failures with the hermetic Python interpreter. See https://github.com/bazel-contrib/rules_python/pull/713.")
+
+            # The issue with running as root is the installation is no longer
+            # read-only, so the problems due to pyc can resurface.
+            if exec_result.return_code == 0:
+                stdout = repo_utils.execute_checked_stdout(
+                    rctx,
+                    op = "python_repository.GetUserId",
+                    arguments = [repo_utils.which_checked(rctx, "id"), "-u"],
+                    logger = logger,
+                )
+                uid = int(stdout.strip())
+                if uid == 0:
+                    logger.warn("The current user is root, which can cause spurious cache misses or build failures with the hermetic Python interpreter. See https://github.com/bazel-contrib/rules_python/pull/713.")
+                else:
+                    logger.warn("The current user has CAP_DAC_OVERRIDE set, which can cause spurious cache misses or build failures with the hermetic Python interpreter. See https://github.com/bazel-contrib/rules_python/pull/713.")
 
     python_bin = "python.exe" if ("windows" in platform) else "bin/python3"