Bundled compile cache modified if writeable #4120
Description
Working on a Docker container image, I noticed that layers were getting modified when they shouldn't (i.e., when doing simple read-only operations). I reduced it down to the following:
❯ docker run --rm -it julia:1.11 -e 'using Pkg; run(`ls -la /usr/local/julia/share/julia/compiled/v1.11/Pkg`)'
total 184384
drwxr-xr-x 1 1000 1000 112 Dec 1 20:19 .
drwxr-xr-x 1 1000 1000 1002 Dec 1 20:19 ..
-rw-r--r-- 1 1000 1000 577081 Dec 20 08:29 tUTdb_4x0TT.ji
-rwxr-xr-x 1 1000 1000 90088808 Dec 1 20:19 tUTdb_4x0TT.so
-rw-r--r-- 1 1000 1000 577081 Dec 1 20:19 tUTdb_OhzNv.ji
-rwxr-xr-x 1 1000 1000 97561296 Dec 1 20:19 tUTdb_OhzNv.so
Notice how I'm simply importing Pkg here, which touches a ji file part of the bundled depot at /usr/local/julia (which is where Julia is installed, and is not the user depot which sits at /root/.julia). That seems very unexpected to me. Simply switching to another user that cannot write to these files prevents this from happening, without any error from Julia:
❯ docker run --rm -it --user 999 julia:1.11 -e 'using Pkg; run(`ls -la /usr/local/julia/share/julia/compiled/v1.11/Pkg`)'
total 184384
drwxr-xr-x 1 1000 1000 112 Dec 1 20:19 .
drwxr-xr-x 1 1000 1000 1002 Dec 1 20:19 ..
-rw-r--r-- 1 1000 1000 577081 Dec 1 20:19 tUTdb_4x0TT.ji
-rwxr-xr-x 1 1000 1000 90088808 Dec 1 20:19 tUTdb_4x0TT.so
-rw-r--r-- 1 1000 1000 577081 Dec 1 20:19 tUTdb_OhzNv.ji
-rwxr-xr-x 1 1000 1000 97561296 Dec 1 20:19 tUTdb_OhzNv.so
Running with JULIA_DEBUG=loading doesn't reveal anything:
❯ diff -u5 /tmp/good.log /tmp/bad.log
--- /tmp/good.log 2024-12-20 09:33:10.251674895 +0100
+++ /tmp/bad.log 2024-12-20 09:33:18.141641672 +0100
@@ -41,9 +41,9 @@
┌ Debug: Loading object cache file /usr/local/julia/share/julia/compiled/v1.11/Pkg/tUTdb_4x0TT.so for Pkg [44cfe95a-1eb2-52ea-b672-e2afdf69b78f]
└ @ Base loading.jl:1244
total 184384
drwxr-xr-x 1 1000 1000 112 Dec 1 20:19 .
drwxr-xr-x 1 1000 1000 1002 Dec 1 20:19 ..
--rw-r--r-- 1 1000 1000 577081 Dec 1 20:19 tUTdb_4x0TT.ji
+-rw-r--r-- 1 1000 1000 577081 Dec 20 08:33 tUTdb_4x0TT.ji
-rwxr-xr-x 1 1000 1000 90088808 Dec 1 20:19 tUTdb_4x0TT.so
-rw-r--r-- 1 1000 1000 577081 Dec 1 20:19 tUTdb_OhzNv.ji
-rwxr-xr-x 1 1000 1000 97561296 Dec 1 20:19 tUTdb_OhzNv.soIt also happens with other stdlibs, e.g., Test:
❯ docker run --rm -it julia:1.11 -e 'using Test; run(`ls -la /usr/local/julia/share/julia/compiled/v1.11/Test`)'
total 10432
drwxr-xr-x 1 1000 1000 112 Dec 1 20:19 .
drwxr-xr-x 1 1000 1000 1002 Dec 1 20:19 ..
-rw-r--r-- 1 1000 1000 98538 Dec 20 08:36 JfdTE_4x0TT.ji
-rwxr-xr-x 1 1000 1000 5141568 Dec 1 20:19 JfdTE_4x0TT.so
-rw-r--r-- 1 1000 1000 98538 Dec 1 20:19 JfdTE_OhzNv.ji
-rwxr-xr-x 1 1000 1000 5332784 Dec 1 20:19 JfdTE_OhzNv.so
❯ docker run --rm -it julia:1.10 -e 'using Test; run(`ls -la /usr/local/julia/share/julia/compiled/v1.10/Test`)'
total 8572
drwxr-xr-x 1 1000 1000 140 Nov 26 16:10 .
drwxr-xr-x 1 1000 1000 382 Nov 26 16:10 ..
-rw-r--r-- 1 1000 1000 2607001 Nov 26 16:10 JfdTE_3ZKsT.ji
-rw-r--r-- 1 1000 1000 94509 Nov 26 16:10 JfdTE_WHJbb.ji
-rwxr-xr-x 1 1000 1000 2990040 Nov 26 16:10 JfdTE_WHJbb.so
-rw-r--r-- 1 1000 1000 94509 Dec 20 08:36 JfdTE_WUnMZ.ji
-rwxr-xr-x 1 1000 1000 2979544 Nov 26 16:10 JfdTE_WUnMZ.so
Note how the above also shows that this doesn't happen on 1.10.
Finally, it's (at least for my use case) possible to work around this by forcing Julia to not have access to the bundled depot, by setting JULIA_DEPOT_PATH to something that doesn't include a trailing : (i.e., building on JuliaLang/julia#51448)