For some reason, the locales package is not installed anymore during the
docker image build, which leads to the locale-gen command failing, since
it's not there.
Mercurial uses the latest version of TLS that is both supported by
Python and the server.
In automation, the servers we care about should all support TLS 1.2.
The Python side is trickier. Modern versions of Python (typically 2.7.9+)
support TLS 1.1 and 1.2. Mercurial will default to allowing TLS 1.1+ -
explicitly disallowing TLS 1.0. However, legacy versions of Python
don't support TLS 1.1+, so Mercurial will allow TLS 1.0+ rather than
prevent connections at all.
TLS 1.0 is borderline secure these days. I think it is a bug for TLS
1.0 to be used anywhere in the Firefox release process. This simple
patch changes our default Mercurial config in TaskCluster to require
TLS 1.2+ for all https:// communications. For modern Python versions,
this effectively prevents potential downgrade attacks to TLS 1.1
(connections before should have negotiated the use of TLS 1.2).
I expect this change to break things. Finding and fixing automation
that isn't capable of speaking TLS 1.1+ should be encouraged.
MozReview-Commit-ID: 876YpL5vB3T
This is a pretty straightforward change. Just bumping package versions
and hashes. Behavior should be almost identical to the previous 4.1.1+
packages.
MozReview-Commit-ID: CaVjM0JHYKi
We recently changed how image compression works (bug 1350447) and
upgraded to Mercurial 4.1.1 (this bug). It's time to roll a new
image_builder Docker image.
This commit updates the version and hash of the image. The image
is already pushed to Docker Hub/Cloud. We just need to whitelist
it and deploy this change.
MozReview-Commit-ID: KQwJZ2OSGlt
We've been running Mercurial 3.9 in automation for a while. Mercurial
4.1 is out. It has the usual performance improvements and bug fixes,
making it an attractive upgrade. But what really makes it enticing
is support for zstandard compression over the wire protocol. This will
reduce server-side CPU load and make transfers between 4.1+ servers
faster.
So, let's upgrade to Mercurial 4.1.1.
The produced packages are built from the current tip of the
stable Mercurial branch, not exactly 4.1.1. Specifically, they
correspond to revision ed5b25874d99. I did this because there is
a patch in the stable branch that drastically improves performance
on repos with many heads. When 4.1.2 is released in a few days, we
can upgrade to it and do away with the one-off.
MozReview-Commit-ID: 6BPhVheHQXI
Using --no-install-recommends prevents installation of unwanted
packages and helps reduce image bloat. Using it in image_builder
reduces the image size from ~212.5 MB to ~203.6 MB. Not the
biggest savings. But savings nonetheless.
I kept python-pip separate because using --no-install-recommends with
it fails to pull in setuptools, gcc, and other packages required for
building Python packages. Since these packages are only needed
for generating the Docker image, I didn't feel like teasing out
the actual dependencies. It takes a little longer to install
temporary packages and build the image. But the end result should
mostly be the same.
MozReview-Commit-ID: EVURGKFuWzb
The goal of this change is to switch to python-zstandard for Docker
image compression so we can employ multi-threaded compression. This will
cut down the wall time it takes to compress images, decreasing end-to-end
times.
In order to use python-zstandard, I needed to write a Python script
for doing the compression. Since I was writing a Python script, I
figured I'd move Docker image downloading to that script as well.
This way, the raw Docker image never hits disk: it is streamed straight
from Docker into a zstandard compressor and that output is written to
disk. For large images, this will eliminate a few gigabytes of disk
writes.
The one extra complication about this I don't care for is you need a
special Python package to teach the "requests" package how to download
from UNIX domain sockets.
MozReview-Commit-ID: EufaRzR6A4Y
Update rust-build docker image source to v0.4.3. This includes
some recent to how verification and taskcluster work to maintain
working scripts, and some changes for the newer cargo-building-
cargo build system, which aren't sufficient for bootstrapping.
MozReview-Commit-ID: 4IdbKVvco8m
Apply a 2-character indent to in-tree tooltool manifests to make
them easier to read, and to make the formatting more consistent
so automating updates is simpler.
Modern editors will maintain json indentation. The only long
lines we have are already over 80 characters, so the extra space
shouldn't create new long lines.
Also update mercurial installer script to generate json with
the same indentation, even though its output is temporary.
Tooltool itself was updated to generate manifests with this
indentation in Bug 1325225.
MozReview-Commit-ID: DKj6nL9OENv
This introduces a new docker image: `index-task`,
which given a taskId and a set of namespaces will
index the given taskId under said namespaces.
Modified to include a script with a descriptive name that curious users can
find in the source code.
MozReview-Commit-ID: KPHVT0XPfsb
* add run.using = 'run-task' for native-engine
* modify run-task to run on OS X
- not as root
- without assuming /home/worker (using ~ and os.expanduser instead)
- hg is in /usr/local/bin on OS X; trust the PATH
* add_build_dependency isn't docker-worker specific, so just rename
* support_vcs_checkout modified to omit caches on native-engine
* don't download fingerprints on OS X; these hosts are configured with
the proper fingerprint via puppet
MozReview-Commit-ID: C83XClXtcn4
Revert the bump to beta for the android builders now that 1.15.0
is in stable release.
Generalize the cargo tarball name mangling to use a regular
expression to hand the tiny revision added for the stable
release, as suggested by mshal in bug 1332759.
MozReview-Commit-ID: 2xZWpvKxY77
The patch, taken from upstream libxcb version 1.11, and applied to the libxcb
1.8 version we use on the 12.04 testers, fixes the "xcb_conn.c:186: write_vec:
Assertion `!c->out.queue_len' failed" error that has been plaguing us in bug
1293474.
The Ubuntu 16.04 testers do not need to be patched becaused they are running
a newer version of libxcb that already has the upstream fix.
MozReview-Commit-ID: AoRNonpK0Dr
Bump the Android builders to the latest beta release to reduce
the variance when we update Firefox 53 to 1.15.0 stable early
in the Aurora phase.
Android builds were moved to 1.15 early to address a code generation
issue with devices without neon.
Work around an issue with tarball naming in the cargo packages.
MozReview-Commit-ID: KQfkWmXV9hQ
Use sha256sum from coreutils instead of shasum to verify
rust releases when not running on MacOS. This makes the
repack script more portable between MacOS and Linux.
MozReview-Commit-ID: BxFDquTVklu
Use sha256sum from coreutils instead of shasum to verify
rust releases when not running on MacOS. This makes the
repack script more portable between MacOS and Linux.
MozReview-Commit-ID: BxFDquTVklu
