Google Git
Sign in
go / pkgsite-metrics / 5c7d30806a3b38e6d075033564079dc8f03b88aa^! / .
commit5c7d30806a3b38e6d075033564079dc8f03b88aa[log] [tgz]
authorJonathan Amsterdam <jba@google.com>Fri Feb 24 06:58:37 2023 -0500
committerJonathan Amsterdam <jba@google.com>Fri Feb 24 20:10:32 2023 +0000
treecc79d5c98590459001e1c25f9f6dfc47c2897403
parent23ca4bb8143c161af8931c3d2772077fc87ff014 [diff]
internal/worker: use default sandbox module cache

When running in the sandbox, use the default Go module cache.

This lets us remove some bits of code that dealt with alternative
paths to the module cache.

Change-Id: I8943c5e558d834b44b9a4d9bdd0059136d983d10
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/471120
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

diff --git a/cmd/vulncheck_sandbox/vulncheck_sandbox.go b/cmd/vulncheck_sandbox/vulncheck_sandbox.go
index 700cfca..88b27b7 100644
--- a/cmd/vulncheck_sandbox/vulncheck_sandbox.go
+++ b/cmd/vulncheck_sandbox/vulncheck_sandbox.go

@@ -31,17 +31,11 @@
 	// file containing a timestamp.
 	vulnDBDir = flag.String("vulndb", "/go-vulndb", "directory of local vuln DB")
 
-	modCacheDir = flag.String("gomodcache", "", "override GOMODCACHE env var")
-
 	clean = flag.Bool("clean", false, "clean caches instead of running a module")
 )
 
 func main() {
 	flag.Parse()
-	if *modCacheDir != "" {
-		// Change the location of the module cache.
-		os.Setenv("GOMODCACHE", *modCacheDir)
-	}
 	if *clean {
 		cleanGoCaches()
 	} else {

diff --git a/internal/worker/vulncheck_scan.go b/internal/worker/vulncheck_scan.go
index d093428..53462b1 100644
--- a/internal/worker/vulncheck_scan.go
+++ b/internal/worker/vulncheck_scan.go

@@ -312,12 +312,15 @@
 	return unmarshalVulncheckOutput(stdout)
 }
 
-const sandboxGoModCache = "go/pkg/mod"
+// The Go module cache resides in its default location, $HOME/go/pkg/mod.
+// Inside the sandbox, the user is root and their home directory is /root.
+const sandboxGoModCache = "root/go/pkg/mod"
 
 func runSourceScanSandbox(ctx context.Context, modulePath, version, mode string, proxyClient *proxy.Client, sbox *sandbox.Sandbox) ([]byte, error) {
 	sandboxDir := "/modules/" + modulePath + "@" + version
 	imageDir := "/bundle/rootfs" + sandboxDir
 	defer os.RemoveAll(imageDir)
+
 	log.Infof(ctx, "downloading %s@%s to %s", modulePath, version, imageDir)
 	if err := modules.Download(ctx, modulePath, version, imageDir, proxyClient, true); err != nil {
 		log.Debugf(ctx, "download error: %v (%[1]T)", err)
@@ -338,7 +341,7 @@
 	}
 	log.Infof(ctx, "go mod download succeeded")
 	log.Infof(ctx, "%s@%s: running vulncheck in sandbox", modulePath, version)
-	stdout, err := sbox.Run(ctx, "/binaries/vulncheck_sandbox", "-gomodcache", "/"+sandboxGoModCache, mode, sandboxDir)
+	stdout, err := sbox.Run(ctx, "/binaries/vulncheck_sandbox", mode, sandboxDir)
 	if err != nil {
 		return nil, errors.New(derrors.IncludeStderr(err))
 	}
@@ -747,7 +750,7 @@
 	if s.insecure {
 		out, err = exec.Command("go", "clean", "-cache", "-modcache").CombinedOutput()
 	} else {
-		out, err = s.sbox.Run(ctx, "/binaries/vulncheck_sandbox", "-gomodcache", "/"+sandboxGoModCache, "-clean")
+		out, err = s.sbox.Run(ctx, "/binaries/vulncheck_sandbox", "-clean")
 	}
 	if err != nil {
 		return fmt.Errorf("cleaning Go caches: %s", derrors.IncludeStderr(err))