Closed Bug 1232314 Opened 10 years ago Closed 8 years ago

[Taskcluster] Add new script to permits community phone builds

Categories

(Taskcluster :: Services, defect)

Product:
Taskcluster
Component:
Services
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: sousmangoosta, Assigned: sousmangoosta)

References

Details

Attachments

(1 file)

1dc7529f30ad.patch
4.74 KB, patch
Details | Diff | Splinter Review
We need to add some files on gecko to easily permit taskcluster usage by mozilla's community.
Assignee: nobody → sousmangoosta
Blocks: 1232581
Status: NEW → ASSIGNED
Comment on attachment 8698040 [details] [diff] [review] 1dc7529f30ad.patch Review of attachment 8698040 [details] [diff] [review]: ----------------------------------------------------------------- There are some concerns about accessing an external repositories and making blobs public available. ::: testing/taskcluster/scripts/community-phone-builder/pre-build.sh @@ +18,5 @@ > + > +. ../builder/setup-ccache.sh > + > +# Figure out where the remote manifest. > +B2G_CONFIG="https://github.com/b2g-community-builds/b2g-config.git" We need to check if we are ok with repositories out of git.m.o. I am not sure who to ask. @@ +19,5 @@ > +. ../builder/setup-ccache.sh > + > +# Figure out where the remote manifest. > +B2G_CONFIG="https://github.com/b2g-community-builds/b2g-config.git" > +BLOBS="http://b2g-community-builds.github.io/blobs-zips/$TARGET.tar.bz2" What are these blobs? If they are vendor blobs, I am afraid we may have legal issues here. I didn't participate on community builds discussions, so I might be missing something here. @@ +25,5 @@ > +git clone $B2G_CONFIG $WORKSPACE/b2g-config > +cp $WORKSPACE/b2g-config/$TARGET/sources.xml $WORKSPACE/sources.xml > + > +git config --global --add color.ui auto > +git clone https://git.mozilla.org/b2g/B2G.git $WORKSPACE/B2G Depending on the number of builds we do per minute, we might cause a DoS attack on git.m.o, better using tc-vcs for closing repos. @@ +35,5 @@ > +git commit -m manifest > +git branch -m master > +cd $WORKSPACE/B2G > +./repo init -b master -u $WORKSPACE/B2G/.tc-vcs-manifest -m sources.xml --repo-url https://git.mozilla.org/external/google/gerrit/git-repo.git --repo-branch master > +./repo sync -j100 -q I am not sure what this tc-vcs trick is for, but tc-vcs has a "repo-checkout" command iirc.
Attachment #8698040 - Flags: review?(wcosta)
(In reply to Wander Lairson Costa [:wcosta] from comment #2) > Comment on attachment 8698040 [details] [diff] [review] > 1dc7529f30ad.patch > > Review of attachment 8698040 [details] [diff] [review]: > ----------------------------------------------------------------- > > There are some concerns about accessing an external repositories and making > blobs public available. > > ::: testing/taskcluster/scripts/community-phone-builder/pre-build.sh > @@ +18,5 @@ > > + > > +. ../builder/setup-ccache.sh > > + > > +# Figure out where the remote manifest. > > +B2G_CONFIG="https://github.com/b2g-community-builds/b2g-config.git" > > We need to check if we are ok with repositories out of git.m.o. I am not > sure who to ask. No pb to use git.m.o, but need more flexibility on community's file push. > > @@ +19,5 @@ > > +. ../builder/setup-ccache.sh > > + > > +# Figure out where the remote manifest. > > +B2G_CONFIG="https://github.com/b2g-community-builds/b2g-config.git" > > +BLOBS="http://b2g-community-builds.github.io/blobs-zips/$TARGET.tar.bz2" > > What are these blobs? If they are vendor blobs, I am afraid we may have > legal issues here. I didn't participate on community builds discussions, so > I might be missing something here. Yes there are, when you start building, for blobfree or not, you need those blobs. They will not be publicly available on moz platforms, only private on TC. > > @@ +25,5 @@ > > +git clone $B2G_CONFIG $WORKSPACE/b2g-config > > +cp $WORKSPACE/b2g-config/$TARGET/sources.xml $WORKSPACE/sources.xml > > + > > +git config --global --add color.ui auto > > +git clone https://git.mozilla.org/b2g/B2G.git $WORKSPACE/B2G > > Depending on the number of builds we do per minute, we might cause a DoS > attack on git.m.o, better using tc-vcs for closing repos. > I'm ok with that, but needs to launch tc-vcs builds before, and community can't have rights to do that. For hacking new devices, it should not be usable. > > @@ +35,5 @@ > > +git commit -m manifest > > +git branch -m master > > +cd $WORKSPACE/B2G > > +./repo init -b master -u $WORKSPACE/B2G/.tc-vcs-manifest -m sources.xml --repo-url https://git.mozilla.org/external/google/gerrit/git-repo.git --repo-branch master > > +./repo sync -j100 -q > > I am not sure what this tc-vcs trick is for, but tc-vcs has a > "repo-checkout" command iirc. It's only same name of command used by official phone-builder script, not really tc.
Elvin, Peter, Can we have your point of view about those security concerns.
Flags: needinfo?(pdolanjski)
Flags: needinfo?(ellee)
(In reply to Ronald Claveau [:sousmangoosta] from comment #3) > (In reply to Wander Lairson Costa [:wcosta] from comment #2) > > Comment on attachment 8698040 [details] [diff] [review] > > 1dc7529f30ad.patch > > > > Review of attachment 8698040 [details] [diff] [review]: > > ----------------------------------------------------------------- > > > > There are some concerns about accessing an external repositories and making > > blobs public available. > > > > ::: testing/taskcluster/scripts/community-phone-builder/pre-build.sh > > @@ +18,5 @@ > > > + > > > +. ../builder/setup-ccache.sh > > > + > > > +# Figure out where the remote manifest. > > > +B2G_CONFIG="https://github.com/b2g-community-builds/b2g-config.git" > > > > We need to check if we are ok with repositories out of git.m.o. I am not > > sure who to ask. > > No pb to use git.m.o, but need more flexibility on community's file push. > I am not sure who you should talk to, someone on #releng might help. > > > > @@ +19,5 @@ > > > +. ../builder/setup-ccache.sh > > > + > > > +# Figure out where the remote manifest. > > > +B2G_CONFIG="https://github.com/b2g-community-builds/b2g-config.git" > > > +BLOBS="http://b2g-community-builds.github.io/blobs-zips/$TARGET.tar.bz2" > > > > What are these blobs? If they are vendor blobs, I am afraid we may have > > legal issues here. I didn't participate on community builds discussions, so > > I might be missing something here. > > Yes there are, when you start building, for blobfree or not, you need those > blobs. > They will not be publicly available on moz platforms, only private on TC. > Ok, if blob images will not be public, I think that's fine, but better hearing that from someone from legal team. Maybe :mahe can help you on that. > > > > @@ +25,5 @@ > > > +git clone $B2G_CONFIG $WORKSPACE/b2g-config > > > +cp $WORKSPACE/b2g-config/$TARGET/sources.xml $WORKSPACE/sources.xml > > > + > > > +git config --global --add color.ui auto > > > +git clone https://git.mozilla.org/b2g/B2G.git $WORKSPACE/B2G > > > > Depending on the number of builds we do per minute, we might cause a DoS > > attack on git.m.o, better using tc-vcs for closing repos. > > > > I'm ok with that, but needs to launch tc-vcs builds before, and community > can't have rights to do that. For hacking new devices, it should not be > usable. > You can talk to :selenamarie or :garndt about tc-vcs stuff you need. > > > > @@ +35,5 @@ > > > +git commit -m manifest > > > +git branch -m master > > > +cd $WORKSPACE/B2G > > > +./repo init -b master -u $WORKSPACE/B2G/.tc-vcs-manifest -m sources.xml --repo-url https://git.mozilla.org/external/google/gerrit/git-repo.git --repo-branch master > > > +./repo sync -j100 -q > > > > I am not sure what this tc-vcs trick is for, but tc-vcs has a > > "repo-checkout" command iirc. > > It's only same name of command used by official phone-builder script, not > really tc. Ok, fine.
(In reply to Wander Lairson Costa [:wcosta] from comment #5) > (In reply to Ronald Claveau [:sousmangoosta] from comment #3) > > (In reply to Wander Lairson Costa [:wcosta] from comment #2) > > > Comment on attachment 8698040 [details] [diff] [review] > > > 1dc7529f30ad.patch > > > > > > Review of attachment 8698040 [details] [diff] [review]: > > > ----------------------------------------------------------------- > > > > > > There are some concerns about accessing an external repositories and making > > > blobs public available. > > > > > > ::: testing/taskcluster/scripts/community-phone-builder/pre-build.sh > > > @@ +18,5 @@ > > > > + > > > > +. ../builder/setup-ccache.sh > > > > + > > > > +# Figure out where the remote manifest. > > > > +B2G_CONFIG="https://github.com/b2g-community-builds/b2g-config.git" > > > > > > We need to check if we are ok with repositories out of git.m.o. I am not > > > sure who to ask. > > > > No pb to use git.m.o, but need more flexibility on community's file push. > > > > I am not sure who you should talk to, someone on #releng might help. > Ok I'll try to have something there. > > > > > > @@ +19,5 @@ > > > > +. ../builder/setup-ccache.sh > > > > + > > > > +# Figure out where the remote manifest. > > > > +B2G_CONFIG="https://github.com/b2g-community-builds/b2g-config.git" > > > > +BLOBS="http://b2g-community-builds.github.io/blobs-zips/$TARGET.tar.bz2" > > > > > > What are these blobs? If they are vendor blobs, I am afraid we may have > > > legal issues here. I didn't participate on community builds discussions, so > > > I might be missing something here. > > > > Yes there are, when you start building, for blobfree or not, you need those > > blobs. > > They will not be publicly available on moz platforms, only private on TC. > > > > Ok, if blob images will not be public, I think that's fine, but better > hearing that from someone from legal team. Maybe :mahe can help you on that. > Elvin, Mahendra, Need you on this legal possible issue. Wander, Can't we use a worker in Francfort (no software patents) to avoid this point ? > > > > > > @@ +25,5 @@ > > > > +git clone $B2G_CONFIG $WORKSPACE/b2g-config > > > > +cp $WORKSPACE/b2g-config/$TARGET/sources.xml $WORKSPACE/sources.xml > > > > + > > > > +git config --global --add color.ui auto > > > > +git clone https://git.mozilla.org/b2g/B2G.git $WORKSPACE/B2G > > > > > > Depending on the number of builds we do per minute, we might cause a DoS > > > attack on git.m.o, better using tc-vcs for closing repos. > > > > > > > I'm ok with that, but needs to launch tc-vcs builds before, and community > > can't have rights to do that. For hacking new devices, it should not be > > usable. > > > > You can talk to :selenamarie or :garndt about tc-vcs stuff you need. I think you're right on this, do you have a way to get the last TC task id ?
Flags: needinfo?(mpotharaju)
Hi Ron, let's set up a time to chat briefly to make sure I understand what is being proposed/asked. Peter, I'll loop you in as well.
Flags: needinfo?(ellee)
Elvin, Please add me to the meeting, will be quite helpful. Thanks
Flags: needinfo?(mpotharaju)
(In reply to Elvin Lee [:ellee] from comment #7) > Hi Ron, let's set up a time to chat briefly to make sure I understand what > is being proposed/asked. Peter, I'll loop you in as well. Elvin, can we set this meeting up?
Flags: needinfo?(pdolanjski) → needinfo?(ellee)
Flags: needinfo?(ellee)
Moving to TaskCluster component...
Component: TaskCluster → Integration
Product: Testing → Taskcluster
Component: Integration → Platform and Services
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Component: Platform and Services → Services
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: