bug 1507012 - set up and start gnome-keyring-daemon so libsecret works in Firefox in our test environment r=dustin
authorDana Keeler <dkeeler@mozilla.com>
Tue, 27 Nov 2018 15:50:21 +0000
changeset 508527 c6135d5825bbfc19dfd4400a807bbbfaa16a22b1
parent 508526 0e2e18a54e1c8b0e04d4aa62f9fe0cec65fa74d4
child 508528 4002b751596ed32ace109b4e14145b0720065184
push id1905
push userffxbld-merge
push dateMon, 21 Jan 2019 12:33:13 +0000
treeherdermozilla-release@c2fca1944d8c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdustin
bugs1507012
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1507012 - set up and start gnome-keyring-daemon so libsecret works in Firefox in our test environment r=dustin Counterintuitively, gnome-keyring-daemon needs its capabilities removed in order for it to run in docker (doing so means that it can't lock secrets in memory, but since this is for tests and we aren't storing any actually sensitive secrets, this should be fine). This patch also makes sure gnome-keyring-daemon is running with an unlocked keychain before the tests are run. Differential Revision: https://phabricator.services.mozilla.com/D13020
taskcluster/docker/desktop1604-test/Dockerfile
taskcluster/scripts/tester/test-linux.sh
--- a/taskcluster/docker/desktop1604-test/Dockerfile
+++ b/taskcluster/docker/desktop1604-test/Dockerfile
@@ -109,10 +109,16 @@ ADD fonts.conf /builds/worker/.fonts.con
 
 # Set up first-run experience for interactive mode
 ADD motd /etc/taskcluster-motd
 ADD taskcluster-interactive-shell /bin/taskcluster-interactive-shell
 RUN chmod +x /bin/taskcluster-interactive-shell
 
 RUN chown -R worker:worker /builds/worker
 
+# gnome-keyring-daemon is configured to have the IPC_LOCK capability (to lock pages with secrets in
+# memory), but docker isn't run with that capability granted. So, if we were to try running
+# gnome-keyring-daemon without first clearing the capability, it would just exit with the message
+# "Operation not permitted". Luckily it doesn't actually require the capability.
+RUN setcap -r /usr/bin/gnome-keyring-daemon
+
 # Set a default command useful for debugging
 CMD ["/bin/bash", "--login"]
--- a/taskcluster/scripts/tester/test-linux.sh
+++ b/taskcluster/scripts/tester/test-linux.sh
@@ -142,16 +142,22 @@ if $NEED_WINDOW_MANAGER; then
 
     # Turn off the screen saver and screen locking
     gsettings set org.gnome.desktop.screensaver idle-activation-enabled false
     gsettings set org.gnome.desktop.screensaver lock-enabled false
     gsettings set org.gnome.desktop.screensaver lock-delay 3600
     # Disable the screen saver
     xset s off s reset
 
+    # This starts the gnome-keyring-daemon with an unlocked login keyring. libsecret uses this to
+    # store secrets. Firefox uses libsecret to store a key that protects sensitive information like
+    # credit card numbers.
+    eval `dbus-launch --sh-syntax`
+    eval `echo '' | /usr/bin/gnome-keyring-daemon -r -d --unlock --components=secrets`
+
     if [ "${UBUNTU_1604}" ]; then
         # start compiz for our window manager
         compiz 2>&1 &
         #TODO: how to determine if compiz starts correctly?
     fi
 fi
 
 if [ "${UBUNTU_1604}" ]; then