Bug 1305095 - Add a fallback hg fingerprint, supports timeouts in automation and supports local developers who wish to use 'run locally'. r=dustin,gps, a=test-only
authorJustin Wood <Callek@gmail.com>
Mon, 17 Oct 2016 10:45:02 -0400
changeset 356212 56cbbfe9798191e0fd5226ef7f05fe7e5a6bdd1e
parent 356211 ed0f8f33f1de959fd1d62495f42d98c2e217821d
child 356213 4c20c80bf18a8ececa61d9e0440e6f4aa916d455
push id6570
push userraliiev@mozilla.com
push dateMon, 14 Nov 2016 12:26:13 +0000
treeherdermozilla-beta@f455459b2ae5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdustin, gps, test-only
bugs1305095
milestone51.0a2
Bug 1305095 - Add a fallback hg fingerprint, supports timeouts in automation and supports local developers who wish to use 'run locally'. r=dustin,gps, a=test-only MozReview-Commit-ID: 66ctmZdSZkC
testing/docker/recipes/run-task
--- a/testing/docker/recipes/run-task
+++ b/testing/docker/recipes/run-task
@@ -25,16 +25,20 @@ import pwd
 import re
 import stat
 import subprocess
 import sys
 import urllib2
 
 
 FINGERPRINT_URL = 'http://taskcluster/secrets/v1/secret/project/taskcluster/gecko/hgfingerprint'
+FALLBACK_FINGERPRINT = {
+    'fingerprints':
+        "sha256:8e:ad:f7:6a:eb:44:06:15:ed:f3:e4:69:a6:64:60:37:2d:ff:98:88:37"
+        ":bf:d7:b8:40:84:01:48:9c:26:ce:d9"}
 
 
 def print_line(prefix, m):
     now = datetime.datetime.utcnow()
     print(b'[%s %sZ] %s' % (prefix, now.isoformat(), m), end=b'')
 
 
 def run_and_prefix_output(prefix, args):
@@ -95,25 +99,27 @@ def vcs_checkout(args):
         sys.exit(1)
 
     # Obtain certificate fingerprints.
     try:
         print_line(b'vcs', 'fetching hg.mozilla.org fingerprint from %s\n' %
                    FINGERPRINT_URL)
         res = urllib2.urlopen(FINGERPRINT_URL, timeout=10)
         secret = res.read()
-    except urllib2.URLError as e:
-        print('error retrieving hg fingerprint: %s' % e)
-        sys.exit(1)
-
-    try:
-        secret = json.loads(secret, encoding='utf-8')
-    except ValueError:
-        print('invalid JSON in hg fingerprint secret')
-        sys.exit(1)
+        try:
+            secret = json.loads(secret, encoding='utf-8')
+        except ValueError:
+            print_line(b'vcs', 'invalid JSON in hg fingerprint secret')
+            sys.exit(1)
+    except urllib2.URLError:
+        print_line(b'vcs', 'Unable to retrieve current hg.mozilla.org fingerprint'
+                           'using the secret service, using fallback instead.')
+        # XXX This fingerprint will not be accurate if running on an old
+        #     revision after the server fingerprint has changed.
+        secret = {'secret': FALLBACK_FINGERPRINT}
 
     hgmo_fingerprint = secret['secret']['fingerprints'].encode('ascii')
 
     res = run_and_prefix_output(b'vcs', [
         b'/usr/bin/hg',
         b'--config', b'hostsecurity.hg.mozilla.org:fingerprints=%s' % hgmo_fingerprint,
         b'robustcheckout',
         b'--sharebase', b'/home/worker/hg-shared',
@@ -184,16 +190,17 @@ def main(args):
 
     uid = user.pw_uid
     gid = group.gr_gid
 
     # Find all groups to which this user is a member.
     gids = [g.gr_gid for g in grp.getgrall() if args.group in g.gr_mem]
 
     wanted_dir_mode = stat.S_IXUSR | stat.S_IRUSR | stat.S_IWUSR
+
     def set_dir_permissions(path, uid, gid):
         st = os.lstat(path)
 
         if st.st_uid != uid or st.st_gid != gid:
             os.chown(path, uid, gid)
 
         # Also make sure dirs are writable in case we need to delete
         # them.