Closed
Bug 1370964
Opened 7 years ago
Closed 6 years ago
In one-click loaner wizard, the "Clone gecko" option fails with "current Python does not support protocol setting tls1.2"
Categories
(Taskcluster :: General, defect)
Taskcluster
General
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: gbrown, Assigned: gbrown)
References
Details
root@9a961974e054:~# run-wizard This wizard can help you get started with some common debugging workflows. What would you like to do? 1) Resume task - Resume the original task without modification. This can be useful for passively monitoring it from another shell. 2) Setup task - Setup the task (download the application and tests) but don't run the tests just yet. The tests can be run with a custom configuration later. This will provide a mach environment (experimental). 3) Clone gecko - Perform a clone of gecko using the task's repo and update it to the task's revision. 4) Exit - Exit this wizard and return to the shell. Select one of the above options: 3 /usr/bin/hg robustcheckout --sharebase ~/checkouts/hg-store --purge --upstream https://hg.mozilla.org/mozilla-unified --revision 335dffbfae9da3f38f6cdb5cc8264b0184649646 https://hg.mozilla.org/try/ /home/wo rker/gecko ensuring https://hg.mozilla.org/try/@335dffbfae9da3f38f6cdb5cc8264b0184649646 is available at /home/worker/gecko (cloning from upstream repo https://hg.mozilla.org/mozilla-unified) warning: connecting to hg.mozilla.org using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info abort: current Python does not support protocol setting tls1.2 (upgrade Python or disable setting since only TLS 1.0 is supported) Finished cloning to /home/worker/gecko at revision 335dffbfae9da3f38f6cdb5cc8264b0184649646. Use the 'run-wizard' command to start this wizard again.
Assignee | ||
Comment 2•7 years ago
|
||
fwiw, I think I was using a loaner for a Linux mochitest when I reported comment 0. I notice jobs like eslint perform a robustcheckout using practically the same command without any trouble: https://public-artifacts.taskcluster.net/Iwm_8xqqQxaFTSbxjYYt8A/0/public/logs/live_backing.log [setup 2017-06-08T00:43:08.640219Z] run-task started [setup 2017-06-08T00:43:08.643423Z] running as worker:worker [vcs 2017-06-08T00:43:08.643493Z] executing ['hg', 'robustcheckout', '--sharebase', '/home/worker/checkouts/hg-store', '--purge', '--upstream', 'https://hg.mozilla.org/mozilla-unified', '--revision', '76dd2108b4ae49d518e70a97e5070894685af41f', 'https://hg.mozilla.org/integration/mozilla-inbound/', '/home/worker/checkouts/gecko'] [vcs 2017-06-08T00:43:08.710926Z] ensuring https://hg.mozilla.org/integration/mozilla-inbound/@76dd2108b4ae49d518e70a97e5070894685af41f is available at /home/worker/checkouts/gecko [vcs 2017-06-08T00:43:08.711110Z] (existing repository shared store: /home/worker/checkouts/hg-store/8ba995b74e18334ab3707f27e9eb8f4e37ba3d29/.hg) [vcs 2017-06-08T00:43:08.844131Z] (pulling to obtain 76dd2108b4ae49d518e70a97e5070894685af41f) [vcs 2017-06-08T00:43:09.692071Z] searching for changes [vcs 2017-06-08T00:43:12.409884Z] adding changesets [vcs 2017-06-08T00:43:12.411830Z] adding manifests [vcs 2017-06-08T00:43:12.484177Z] adding file changes [vcs 2017-06-08T00:43:12.779621Z] added 6 changesets with 18 changes to 18 files [vcs 2017-06-08T00:43:12.819905Z] (purging working directory) [vcs 2017-06-08T00:43:16.621817Z] [vcs 2017-06-08T00:43:17.224069Z] updating [=> ] 100/2348 [vcs 2017-06-08T00:43:17.224141Z] [vcs 2017-06-08T00:43:17.250802Z] 1457 files updated, 0 files merged, 891 files removed, 0 files unresolved [vcs 2017-06-08T00:43:17.305725Z] updated to 76dd2108b4ae49d518e70a97e5070894685af41f Curious.
Comment 3•7 years ago
|
||
Hm, maybe mercurial recently started requiring tls1.2, but the python in the 'test' image doesn't support it. Lint tasks might be working because they might either be using a newer python or older mercurial? I haven't had a chance to dig into this yet, but that's my best guess.
Flags: needinfo?(ahalberstadt)
Comment 4•7 years ago
|
||
Is this test job using Ubuntu 12.04 or Ubuntu 16.04? Upgrading might be a quick fix.
Comment 5•7 years ago
|
||
What I don't understand is what changed that regressed this. Also I don't think tls1.2 is supported in any python 2.7, so why is robustcheckout trying to use it all of a sudden? Gps, you might know what's going on here. (Btw, I'm having trouble even loading a one-click-loaner, so haven't been able to reproduce.. shell webpage loads, but never drops me to the prompt)
Flags: needinfo?(gps)
Assignee | ||
Comment 6•7 years ago
|
||
In a try push, I ran robustcheckout from mozharness on Ubuntu 16.04 and that worked fine, so I suspect the issue is "Clone gecko" is busted on Ubuntu 12.04...not sure if that's worth fixing.
Comment 7•7 years ago
|
||
Regression from https://hg.mozilla.org/mozilla-central/rev/26b7053440a5. The proper fix is to upgrade the Python that Mercurial is using to 2.7.9+. But we shouldn't do that for the system Python in Docker images because it could interfere with system operations. The proper way to do this is to install a Mercurial package referencing a modern Python binary. Which Docker image is this?
Depends on: 1355624
Flags: needinfo?(gps)
Comment 8•7 years ago
|
||
Sounds like it's this one: https://dxr.mozilla.org/mozilla-central/source/taskcluster/docker/desktop-test I think there's only a handful of tasks that are still using it, most have migrated to the 16.06 image, which looks like it has a modern enough python.
Comment 9•7 years ago
|
||
The quick fix for this is to append the following to /etc/mercurial/hgrc when starting the ad-hoc task: [hostsecurity] minimumprotocol = tls1.0 This will of course reduce security protection of TLS. But as long as we're not running this for actual automation or sending sensitive credentials over the wire, I don't think it matters that much.
Assignee | ||
Comment 10•6 years ago
|
||
Lots of things have changed since this was reported. I haven't had any recent trouble.
Assignee: nobody → gbrown
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•