Closed
Bug 1284492
Opened 8 years ago
Closed 8 years ago
Taskcluster cannot use sccache with temporary s3 credentials
Categories
(Taskcluster :: UI, defect)
Taskcluster
UI
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: garndt, Assigned: ted)
References
Details
Temporary s3 credentials do not allow operations to set the ACL of an object that it uploads. This is an intentional choice to prevent escalation of permissions. To work around this, sccache could be updated to try putting an object with that ACL and upon failure, try uploading without it.
Assignee | ||
Comment 1•8 years ago
|
||
We discussed this on IRC, and decided that since the S3 buckets were configured to have public GET access via policy, sccache does not need to set it. I removed the setting of the ACL header from the sccache2 code and pushed it to try and it seems to be able to write to the bucket without issue on the TC Windows builds: https://treeherder.mozilla.org/#/jobs?repo=try&revision=e94a641026eb7ec98a55b902c1786a762a876702 Let's just say this will be fixed by bug 1286934. We should document our sccache setup somewhere--we'll want to ensure that any future sccache buckets are created with the right policy.
Depends on: 1286934
Assignee | ||
Comment 2•8 years ago
|
||
We fixed this by making sccache2 not try to set the ACL, and by having the S3 buckets set public access by policy. jonas documented the bucket setup here: https://mana.mozilla.org/wiki/display/TAS/General+Purpose+S3+Buckets
Assignee: garndt → ted
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Updated•5 years ago
|
Component: Tools → UI and Tools
You need to log in
before you can comment on or make changes to this bug.
Description
•