Virtual-environments: Caching Android ndk fails with permission
Describe the bug
Since Android NDK is not preinstalled (https://github.com/actions/virtual-environments/issues/643), I'm writing custom cache rule:
- name: NDK Cache
id: ndk-cache
uses: actions/cache@v2
with:
path: |
/usr/local/lib/android/sdk/ndk
key: ndk-cache-21.0.6113669
When github action restores cache, I'm seeing following error:
/bin/tar: ../../../../../usr/local/lib/android/sdk/ndk: Cannot mkdir: Permission denied
Area for Triage: Android
Question, Bug, or Feature?: Feature
Virtual environments affected
- [ ] macOS 10.15
- [ ] Ubuntu 16.04 LTS
- [ ] Ubuntu 18.04 LTS
- [ ] Ubuntu 20.04 LTS
- [ ] Windows Server 2016 R2
- [ ] Windows Server 2019
Expected behavior
setting proper permission to /usr/local/lib/android/sdk/ndk so it can be cached
Actual behavior
cache restoring fails with permission issue
daisy1754
All 7 comments
Not sure if this would help / is a good idea, but I had tried to work around it by adding this follow step before the NDK cache step:
- id: fix-ndk-permission
name: Fix the NDK folder permission to allow caching
shell: bash
run: |
sudo mkdir ${ANDROID_HOME}/ndk
sudo chmod -R a+rwx ${ANDROID_HOME}/ndk
TL;DR: I had tried to create the ndk folder under ${ANDROID_HOME} manually and grant a 777 permission to all
But yea I admit this seems to be hacky and it would be great if the team can fix it in a more proper way / enable NDK caching by default
htbkoo
on 31 Jul 2020
Hello everyone,
We would like to get additional discussion with actions/cache team because fix from image side doesn't look good from long term perspective.
Just to summarize context of problem:
1) Folder /usr/local/lib/android/sdk/ndk doesn't exist on image by default
2) Root permissions are set for whole /usr/local directory and it is available only with sudo (it is expected for Linux images)
3) Repro steps:
- User runs
sudo /usr/local/lib/android/sdk/tools/bin/sdkmanager --install "ndk;20.0.5594570"(sudo is necessary here because of permissions) - User cache this directory
/usr/local/lib/android/sdk/ndkthat is created by first command actions/cachecan't restore this folder because it doesn't use sudo
Workaround:
Add before cache step:
sudo mkdir ${ANDROID_HOME}/ndk
sudo chmod -R a+rwx ${ANDROID_HOME}/ndk
Solution
As a solution, we can create /usr/local/lib/android/sdk/ndk folder on image and set proper permissions for whole /usr/local/lib/android folder. And this solution will resolve this particular issue. But the root cause is deeper and I anticipate more issues in future with other tools and same root cause.
Simple example:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
with:
path: /usr/local/my_awesome_tool
key: mykey
- name: Install awesome tool
run: |
sudo mkdir /usr/local/my_awesome_tool
echo "binary file is here" | sudo tee -a /usr/local/my_awesome_tool/binary
This example shows that any other customer can face with the same issue with any other tool and actions/cache.
How can we help customer with this case? I don't think that setting user permissions on the whole /usr/local folder (or even whole machine) is good idea.
I understand position of actions/cache owners that action shouldn't use sudo tar everywhere because it could cause problems on self-hosted machines. But may be we could find better way to handle it.
@joshmgross, what do you think about it?
maxim-lobanov
on 4 Aug 2020
We have merged the PR that sets proper permissions for whole /usr/local/lib/android folder. Images with changes will be rolled out around next week.
nikita-bykov
on 12 Aug 2020
All changes were successfully deployed.
nikita-bykov
on 28 Aug 2020
Reopened issue since caching still doesn't work properly for some components
cc: @dmitry-shibanov to take a look
maxim-lobanov
on 28 Aug 2020
Hello, we merged new fix for permissions. Changes will be added in next images rollout.
dmitry-shibanov
on 1 Sep 2020
Hello, changes were added. If you have any concerns feel free to reopen the issue.
dmitry-shibanov
on 15 Sep 2020
Related issues
ydnar
路
3Comments
jayaddison
路
3Comments
Tnze
路
4Comments
raulpopadineti
路
3Comments
motss
路
3Comments
Most helpful comment
Hello everyone,
We would like to get additional discussion with
actions/cacheteam because fix from image side doesn't look good from long term perspective.Just to summarize context of problem:
1) Folder
/usr/local/lib/android/sdk/ndkdoesn't exist on image by default2) Root permissions are set for whole
/usr/localdirectory and it is available only with sudo (it is expected for Linux images)3) Repro steps:
sudo /usr/local/lib/android/sdk/tools/bin/sdkmanager --install "ndk;20.0.5594570"(sudo is necessary here because of permissions)/usr/local/lib/android/sdk/ndkthat is created by first commandactions/cachecan't restore this folder because it doesn't use sudoWorkaround:
Add before cache step:
Solution
As a solution, we can create
/usr/local/lib/android/sdk/ndkfolder on image and set proper permissions for whole/usr/local/lib/androidfolder. And this solution will resolve this particular issue. But the root cause is deeper and I anticipate more issues in future with other tools and same root cause.Simple example:
This example shows that any other customer can face with the same issue with any other tool and
actions/cache.How can we help customer with this case? I don't think that setting user permissions on the whole
/usr/localfolder (or even whole machine) is good idea.I understand position of
actions/cacheowners that action shouldn't usesudo tareverywhere because it could cause problems on self-hosted machines. But may be we could find better way to handle it.@joshmgross, what do you think about it?