author Gregory Szorc <gps@mozilla.com>
Tue, 18 Oct 2016 09:46:55 -0700
changeset 318787 332a08725ed02da8c58470a8c87e82a3deac18a8
parent 318786 4d50a677b98973910b94eddf4753c2209d017efc
permissions -rwxr-xr-x
Bug 1292071 - Put Mercurial store on same cache as checkout; r=dustin We were seeing issues with the Mercurial working directory not being pristine. While I can't reproduce this, I have a hunch it is due to mixing and matching stores and checkouts in TaskCluster. For example, if a worker supports running concurrent tasks and 2 tasks arrive at the same time, the caches for the store and checkout may look like: (store0, checkout0) (store1, checkout1) However, the next task may get: (store1, checkout0) This may confuse Mercurial. This commit eliminates the "hg-shared" cache and places the shared stores as a sibling directory of the checkout. MozReview-Commit-ID: 8SzyS6wWf9C

#!/usr/bin/python2.7 -u
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

"""Run a task after performing common actions.

This script is meant to be the "driver" for TaskCluster based tasks.
It receives some common arguments to control the run-time environment.

It performs actions as requested from the arguments. Then it executes
the requested process and prints its output, prefixing it with the
current time to improve log usefulness.

from __future__ import absolute_import, print_function, unicode_literals

import argparse
import datetime
import errno
import grp
import json
import os
import pwd
import re
import stat
import subprocess
import sys
import urllib2

FINGERPRINT_URL = 'http://taskcluster/secrets/v1/secret/project/taskcluster/gecko/hgfingerprint'

def print_line(prefix, m):
    now = datetime.datetime.utcnow()
    print(b'[%s %sZ] %s' % (prefix, now.isoformat(), m), end=b'')

def run_and_prefix_output(prefix, args, extra_env=None):
    """Runs a process and prefixes its output with the time.

    Returns the process exit code.
    print_line(prefix, b'executing %s\n' % args)

    env = dict(os.environ)
    env.update(extra_env or {})

    # Note: TaskCluster's stdin is a TTY. This attribute is lost
    # when we pass sys.stdin to the invoked process. If we cared
    # to preserve stdin as a TTY, we could make this work. But until
    # someone needs it, don't bother.
    p = subprocess.Popen(args,
                         # Disable buffering because we want to receive output
                         # as it is generated so timestamps in logs are
                         # accurate.
                         # So \r in progress bars are rendered as multiple
                         # lines, preserving progress indicators.

    while True:
        data = p.stdout.readline()
        if data == b'':

        print_line(prefix, data)

    return p.wait()

def vcs_checkout(source_repo, dest, base_repo=None, revision=None, branch=None):
    # Specify method to checkout a revision. This defaults to revisions as
    # SHA-1 strings, but also supports symbolic revisions like `tip` via the
    # branch flag.
    if revision:
        revision_flag = b'--revision'
        revision_value = revision
    elif branch:
        revision_flag = b'--branch'
        revision_value = branch
        print('revision is not specified for checkout')

    # Obtain certificate fingerprints.
        print_line(b'vcs', 'fetching hg.mozilla.org fingerprint from %s\n' %
        res = urllib2.urlopen(FINGERPRINT_URL, timeout=10)
        secret = res.read()
            secret = json.loads(secret, encoding='utf-8')
        except ValueError:
            print_line(b'vcs', 'invalid JSON in hg fingerprint secret')
    except urllib2.URLError:
        print_line(b'vcs', 'Unable to retrieve current hg.mozilla.org fingerprint'
                           'using the secret service, using fallback instead.')
        # XXX This fingerprint will not be accurate if running on an old
        #     revision after the server fingerprint has changed.
        secret = {'secret': FALLBACK_FINGERPRINT}

    hgmo_fingerprint = secret['secret']['fingerprints'].encode('ascii')

    # Put the shared stores as a sibling of the checkout directory. This ensures
    # they are on the same cache.
    share_base = os.path.normpath(os.path.join(os.path.dirname(dest), b'hg-shared'))

    args = [
        b'--config', b'hostsecurity.hg.mozilla.org:fingerprints=%s' % hgmo_fingerprint,
        b'--sharebase', share_base,

    if base_repo:
        args.extend([b'--upstream', base_repo])

        revision_flag, revision_value,
        source_repo, dest,

    res = run_and_prefix_output(b'vcs', args,
                                extra_env={b'PYTHONUNBUFFERED': b'1'})
    if res:

    # Meant to be temporary to flush out what's going on in bug 1292071.
    print_line(b'vcs', b'verifying working directory is clean\n')
    status = subprocess.check_output([b'/usr/bin/hg', b'status', b'--all'],
                                     cwd=dest, stderr=subprocess.STDOUT)
    status = status.strip()
    status_lines = [l for l in status.splitlines() if not l.startswith(b'C ')]
    if status_lines:
        print_line(b'vcs', b'Error: checkout is not pristine! '
                           b'Report this in bug 1292071\n')
        for line in status_lines:
            print_line(b'vcs', b'%s\n' % line)

    # Update the current revision hash and ensure that it is well formed.
    revision = subprocess.check_output(
        [b'/usr/bin/hg', b'log',
         b'--rev', b'.',
         b'--template', b'{node}'],

    assert re.match('^[a-f0-9]{40}$', revision)
    return revision

def main(args):
    print_line(b'setup', b'run-task started\n')

    if os.getuid() != 0:
        print('assertion failed: not running as root')
        return 1

    # Arguments up to '--' are ours. After are for the main task
    # to be executed.
        i = args.index('--')
        our_args = args[0:i]
        task_args = args[i + 1:]
    except ValueError:
        our_args = args
        task_args = []

    parser = argparse.ArgumentParser()
    parser.add_argument('--user', default='worker', help='user to run as')
    parser.add_argument('--group', default='worker', help='group to run as')
    # We allow paths to be chowned by the --user:--group before permissions are
    # dropped. This is often necessary for caches/volumes, since they default
    # to root:root ownership.
    parser.add_argument('--chown', action='append',
                        help='Directory to chown to --user:--group')
    parser.add_argument('--chown-recursive', action='append',
                        help='Directory to recursively chown to --user:--group')
                        help='Directory where Gecko checkout should be created')
                        help='Directory where build/tools checkout should be created')

    args = parser.parse_args(our_args)

        user = pwd.getpwnam(args.user)
    except KeyError:
        print('could not find user %s; specify --user to a known user' %
        return 1
        group = grp.getgrnam(args.group)
    except KeyError:
        print('could not find group %s; specify --group to a known group' %
        return 1

    uid = user.pw_uid
    gid = group.gr_gid

    # Find all groups to which this user is a member.
    gids = [g.gr_gid for g in grp.getgrall() if args.group in g.gr_mem]

    wanted_dir_mode = stat.S_IXUSR | stat.S_IRUSR | stat.S_IWUSR

    def set_dir_permissions(path, uid, gid):
        st = os.lstat(path)

        if st.st_uid != uid or st.st_gid != gid:
            os.chown(path, uid, gid)

        # Also make sure dirs are writable in case we need to delete
        # them.
        if st.st_mode & wanted_dir_mode != wanted_dir_mode:
            os.chmod(path, st.st_mode | wanted_dir_mode)

    # Change ownership of requested paths.
    # FUTURE: parse argument values for user/group if we don't want to
    # use --user/--group.
    for path in args.chown or []:
        print_line(b'chown', b'changing ownership of %s to %s:%s\n' % (
                   path, user.pw_name, group.gr_name))
        set_dir_permissions(path, uid, gid)

    for path in args.chown_recursive or []:
        print_line(b'chown', b'recursively changing ownership of %s to %s:%s\n' %
                   (path, user.pw_name, group.gr_name))

        set_dir_permissions(path, uid, gid)

        for root, dirs, files in os.walk(path):
            for d in dirs:
                set_dir_permissions(os.path.join(root, d), uid, gid)

            for f in files:
                # File may be a symlink that points to nowhere. In which case
                # os.chown() would fail because it attempts to follow the
                # symlink. We only care about directory entries, not what
                # they point to. So setting the owner of the symlink should
                # be sufficient.
                os.lchown(os.path.join(root, f), uid, gid)

    def prepare_checkout_dir(checkout):
        if not checkout:

        # Ensure the directory for the source checkout exists.
        except OSError as e:
            if e.errno != errno.EEXIST:

        # And that it is owned by the appropriate user/group.
        os.chown(os.path.dirname(checkout), uid, gid)

        # And ensure the shared store path (derived from the checkout path)
        # exists and has proper permissions.
        share_path = os.path.join(os.path.dirname(checkout), 'hg-shared')
        except OSError as e:
            if e.errno != errno.EEXIST:

        os.chown(share_path, uid, gid)


    # Drop permissions to requested user.
    # This code is modeled after what `sudo` was observed to do in a Docker
    # container. We do not bother calling setrlimit() because containers have
    # their own limits.
    print_line(b'setup', b'running as %s:%s\n' % (args.user, args.group))
    os.setresgid(gid, gid, gid)
    os.setresuid(uid, uid, uid)

    # Checkout the repository, setting the GECKO_HEAD_REV to the current
    # revision hash. Revision hashes have priority over symbolic revisions. We
    # disallow running tasks with symbolic revisions unless they have been
    # resolved by a checkout.
    if args.vcs_checkout:
        base_repo = os.environ.get('GECKO_BASE_REPOSITORY')
        # Some callers set the base repository to mozilla-central for historical
        # reasons. Switch to mozilla-unified because robustcheckout works best
        # with it.
        if base_repo == 'https://hg.mozilla.org/mozilla-central':
            base_repo = b'https://hg.mozilla.org/mozilla-unified'

        os.environ['GECKO_HEAD_REV'] = vcs_checkout(

    elif not os.environ.get('GECKO_HEAD_REV') and \
        print('task should be defined in terms of non-symbolic revision')
        return 1

    if args.tools_checkout:
                     # Always check out the latest commit on default branch.
                     # This is non-deterministic!

    return run_and_prefix_output(b'task', task_args)

if __name__ == '__main__':
    # Unbuffer stdio.
    sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0)
    sys.stderr = os.fdopen(sys.stderr.fileno(), 'w', 0)