Closed Bug 1264831 Opened 4 years ago Closed 4 years ago

Misc pyconfigure changes and cleanups

Categories

(Firefox Build System :: General, defect)

defect
Not set

Tracking

(firefox48 fixed)

RESOLVED FIXED
mozilla48
Tracking Status
firefox48 --- fixed

People

(Reporter: glandium, Assigned: glandium)

References

(Blocks 1 open bug)

Details

Attachments

(5 files)

No description provided.
This removes the last use of complete configure sandbox unlocking.

Review commit: https://reviewboard.mozilla.org/r/46617/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/46617/
Comment on attachment 8741592 [details]
MozReview Request: Bug 1264831 - Add a few presumably harmless builtins to the sandbox. r?gps

https://reviewboard.mozilla.org/r/46609/#review43251
Attachment #8741592 - Flags: review?(gps) → review+
Comment on attachment 8741594 [details]
MozReview Request: Bug 1264831 - Work around issues with the exec statement in older python 2.7 versions. r?gps

https://reviewboard.mozilla.org/r/46613/#review43255

I really wish we could force people to use Python 2.7.9+ so we're guaranteed decent security/crypto defaults and no bugs like this. But too many distros still ship ancient Python 2.7 :/
Attachment #8741594 - Flags: review?(gps) → review+
Comment on attachment 8741595 [details]
MozReview Request: Bug 1264831 - Defer applying @imports until the function is actually called. r?gps

https://reviewboard.mozilla.org/r/46615/#review43259
Attachment #8741595 - Flags: review?(gps) → review+
Comment on attachment 8741596 [details]
MozReview Request: Bug 1264831 - Use @imports in find_program. r?gps

https://reviewboard.mozilla.org/r/46617/#review43261
Attachment #8741596 - Flags: review?(gps) → review+
Attachment #8741593 - Flags: review?(gps) → review+
Comment on attachment 8741593 [details]
MozReview Request: Bug 1264831 - Try to detect decorators declared in the sandbox and add some automatic @wraps. r?gps

https://reviewboard.mozilla.org/r/46611/#review43263
(In reply to Gregory Szorc [:gps] from comment #7)
> Comment on attachment 8741594 [details]
> MozReview Request: Bug 1264831 - Work around issues with the exec statement
> in older python 2.7 versions. r?gps
> 
> https://reviewboard.mozilla.org/r/46613/#review43255
> 
> I really wish we could force people to use Python 2.7.9+ so we're guaranteed
> decent security/crypto defaults and no bugs like this. But too many distros
> still ship ancient Python 2.7 :/

More than "too many distros", whatever we use on automation is what has the problem. The use of the exec statement with "in" was solely driven by the builds failing on automation otherwise. People may have filed bugs because it would have been broken on their system, but we've hit the problem on our own well before that. And they still haven't been upgraded.
(In reply to Gregory Szorc [:gps] from comment #7)
> Comment on attachment 8741594 [details]
> MozReview Request: Bug 1264831 - Work around issues with the exec statement
> in older python 2.7 versions. r?gps
> 
> https://reviewboard.mozilla.org/r/46613/#review43255
> 
> I really wish we could force people to use Python 2.7.9+ so we're guaranteed
> decent security/crypto defaults and no bugs like this. But too many distros
> still ship ancient Python 2.7 :/

Perhaps on a Windows build using mozilla-build, a fatal error could be produced if not running the latest mozilla-build version.  That would at least aid in figuring out how to avoid such issues for people using the supported build tools.
No longer blocks: 1264919
Duplicate of this bug: 1264919
Product: Core → Firefox Build System
You need to log in before you can comment on or make changes to this bug.