Launchpad itself

Merge ~cjwatson/launchpad:bpb-librarian-auth into launchpad:master

  1. Git
  2. lp:~cjwatson/launchpad
  3. bpb-librarian-auth
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 95779342f992f0c90be8fc33a26dfc2f5470888d
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:bpb-librarian-auth
Merge into: launchpad:master
Diff against target: 223 lines (+37/-58)
2 files modified
lib/lp/soyuz/model/binarypackagebuildbehaviour.py (+8/-25)
lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py (+29/-33)
Reviewer Review Type Date Requested Status
Jürgen Gmach Approve
Review via email: mp+429703@code.launchpad.net

Commit message

Fetch files for private BPBs from librarian

Description of the change

This will allow us to lift the requirement for the source for private binary package builds to be published before we can dispatch them. We were already using macaroon authentication for private source files due to the `SnapBase` work last year; this just switches from having the private PPA server do the authorization to having the librarian do it.

We now always fetch files for binary package builds using HTTPS, even for public builds, which seems like a better idea now that we no longer need the long-fat-pipe mitigations for Boston builders.

This is roughly half of https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/373741, but rebased on master and with some more precise tests for the behaviour of public builds.

To post a comment you must log in.
Revision history for this message
Jürgen Gmach (jugmac00) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/lib/lp/soyuz/model/binarypackagebuildbehaviour.py b/lib/lp/soyuz/model/binarypackagebuildbehaviour.py
index 79bb712..9cef29a 100644
--- a/lib/lp/soyuz/model/binarypackagebuildbehaviour.py
+++ b/lib/lp/soyuz/model/binarypackagebuildbehaviour.py
@@ -22,13 +22,11 @@ from lp.buildmaster.model.buildfarmjobbehaviour import (
22from lp.registry.interfaces.pocket import PackagePublishingPocket22from lp.registry.interfaces.pocket import PackagePublishingPocket
23from lp.services.config import config23from lp.services.config import config
24from lp.services.twistedsupport import cancel_on_timeout24from lp.services.twistedsupport import cancel_on_timeout
25from lp.services.webapp import urlappend
26from lp.soyuz.adapters.archivedependencies import (25from lp.soyuz.adapters.archivedependencies import (
27 get_primary_current_component,26 get_primary_current_component,
28 get_sources_list_for_building,27 get_sources_list_for_building,
29)28)
30from lp.soyuz.enums import ArchivePurpose29from lp.soyuz.enums import ArchivePurpose
31from lp.soyuz.model.publishing import makePoolPath
3230
3331
34@implementer(IBuildFarmJobBehaviour)32@implementer(IBuildFarmJobBehaviour)
@@ -70,35 +68,20 @@ class BinaryPackageBuildBehaviour(BuildFarmJobBehaviourBase):
70 """See `IBuildFarmJobBehaviour`."""68 """See `IBuildFarmJobBehaviour`."""
71 # Build filemap structure with the files required in this build69 # Build filemap structure with the files required in this build
72 # and send them to the worker.70 # and send them to the worker.
73 if self.build.archive.private:
74 # Builds in private archive may have restricted files that
75 # we can't obtain from the public librarian. Prepare a pool
76 # URL from which to fetch them.
77 pool_url = urlappend(
78 self.build.archive.archive_url,
79 makePoolPath(
80 self.build.source_package_release.sourcepackagename.name,
81 self.build.current_component.name,
82 ),
83 )
84 filemap = OrderedDict()71 filemap = OrderedDict()
85 macaroon_raw = None72 macaroon_raw = None
86 for source_file in self.build.source_package_release.files:73 for source_file in self.build.source_package_release.files:
87 lfa = source_file.libraryfile74 lfa = source_file.libraryfile
88 if not self.build.archive.private:75 filemap[lfa.filename] = {
89 filemap[lfa.filename] = {76 "sha1": lfa.content.sha1,
90 "sha1": lfa.content.sha1,77 "url": lfa.https_url,
91 "url": lfa.http_url,78 }
92 }79 if self.build.archive.private:
93 else:
94 if macaroon_raw is None:80 if macaroon_raw is None:
95 macaroon_raw = yield self.issueMacaroon()81 macaroon_raw = yield self.issueMacaroon()
96 filemap[lfa.filename] = {82 filemap[lfa.filename].update(
97 "sha1": lfa.content.sha1,83 username="", password=macaroon_raw
98 "url": urlappend(pool_url, lfa.filename),84 )
99 "username": "buildd",
100 "password": macaroon_raw,
101 }
102 return filemap85 return filemap
10386
104 def verifyBuildRequest(self, logger):87 def verifyBuildRequest(self, logger):
diff --git a/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py b/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py
index 2d1a99b..f3625ec 100644
--- a/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py
+++ b/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py
@@ -18,7 +18,6 @@ from twisted.internet import defer
18from zope.component import getUtility18from zope.component import getUtility
19from zope.security.proxy import removeSecurityProxy19from zope.security.proxy import removeSecurityProxy
2020
21from lp.archivepublisher.diskpool import poolify
22from lp.archivepublisher.interfaces.archivegpgsigningkey import (21from lp.archivepublisher.interfaces.archivegpgsigningkey import (
23 IArchiveGPGSigningKey,22 IArchiveGPGSigningKey,
24)23)
@@ -92,8 +91,6 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
92 archive,91 archive,
93 archive_purpose,92 archive_purpose,
94 component=None,93 component=None,
95 extra_uploads=None,
96 filemap_names=None,
97 ):94 ):
98 matcher = yield self.makeExpectedInteraction(95 matcher = yield self.makeExpectedInteraction(
99 builder,96 builder,
@@ -103,8 +100,6 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
103 archive,100 archive,
104 archive_purpose,101 archive_purpose,
105 component,102 component,
106 extra_uploads,
107 filemap_names,
108 )103 )
109 self.assertThat(call_log, matcher)104 self.assertThat(call_log, matcher)
110105
@@ -118,8 +113,6 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
118 archive,113 archive,
119 archive_purpose,114 archive_purpose,
120 component=None,115 component=None,
121 extra_uploads=None,
122 filemap_names=None,
123 ):116 ):
124 """Build the log of calls that we expect to be made to the worker.117 """Build the log of calls that we expect to be made to the worker.
125118
@@ -144,11 +137,17 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
144 arch_indep = das.isNominatedArchIndep137 arch_indep = das.isNominatedArchIndep
145 if component is None:138 if component is None:
146 component = build.current_component.name139 component = build.current_component.name
147 if filemap_names is None:140 files = build.source_package_release.files
148 filemap_names = []
149 if extra_uploads is None:
150 extra_uploads = []
151141
142 uploads = [(chroot.http_url, "", "")]
143 for sprf in files:
144 if build.archive.private:
145 password = MacaroonVerifies(
146 "binary-package-build", build.archive
147 )
148 else:
149 password = ""
150 uploads.append((sprf.libraryfile.https_url, "", password))
152 upload_logs = [151 upload_logs = [
153 MatchesListwise(152 MatchesListwise(
154 [Equals("ensurepresent")]153 [Equals("ensurepresent")]
@@ -157,7 +156,7 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
157 for item in upload156 for item in upload
158 ]157 ]
159 )158 )
160 for upload in [(chroot.http_url, "", "")] + extra_uploads159 for upload in uploads
161 ]160 ]
162161
163 extra_args = {162 extra_args = {
@@ -182,7 +181,7 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
182 build.build_cookie,181 build.build_cookie,
183 "binarypackage",182 "binarypackage",
184 chroot.content.sha1,183 chroot.content.sha1,
185 filemap_names,184 [sprf.libraryfile.filename for sprf in files],
186 extra_args,185 extra_args,
187 )186 )
188 ]187 ]
@@ -208,6 +207,10 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
208 build = self.factory.makeBinaryPackageBuild(207 build = self.factory.makeBinaryPackageBuild(
209 builder=builder, archive=archive208 builder=builder, archive=archive
210 )209 )
210 build.source_package_release.addFile(
211 self.factory.makeLibraryFileAlias(db_only=True),
212 filetype=SourcePackageFileType.ORIG_TARBALL,
213 )
211 lf = self.factory.makeLibraryFileAlias(db_only=True)214 lf = self.factory.makeLibraryFileAlias(db_only=True)
212 build.distro_arch_series.addOrUpdateChroot(lf)215 build.distro_arch_series.addOrUpdateChroot(lf)
213 bq = build.queueBuild()216 bq = build.queueBuild()
@@ -248,6 +251,10 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
248 build = self.factory.makeBinaryPackageBuild(251 build = self.factory.makeBinaryPackageBuild(
249 builder=builder, archive=archive252 builder=builder, archive=archive
250 )253 )
254 build.source_package_release.addFile(
255 self.factory.makeLibraryFileAlias(db_only=True),
256 filetype=SourcePackageFileType.ORIG_TARBALL,
257 )
251 self.factory.makeSourcePackagePublishingHistory(258 self.factory.makeSourcePackagePublishingHistory(
252 distroseries=build.distro_series,259 distroseries=build.distro_series,
253 archive=archive.distribution.main_archive,260 archive=archive.distribution.main_archive,
@@ -284,6 +291,10 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
284 build = self.factory.makeBinaryPackageBuild(291 build = self.factory.makeBinaryPackageBuild(
285 builder=builder, archive=archive292 builder=builder, archive=archive
286 )293 )
294 build.source_package_release.addFile(
295 self.factory.makeLibraryFileAlias(db_only=True),
296 filetype=SourcePackageFileType.ORIG_TARBALL,
297 )
287 lf = self.factory.makeLibraryFileAlias(db_only=True)298 lf = self.factory.makeLibraryFileAlias(db_only=True)
288 build.distro_arch_series.addOrUpdateChroot(lf)299 build.distro_arch_series.addOrUpdateChroot(lf)
289 bq = build.queueBuild()300 bq = build.queueBuild()
@@ -325,21 +336,10 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
325 build = self.factory.makeBinaryPackageBuild(336 build = self.factory.makeBinaryPackageBuild(
326 builder=builder, archive=archive337 builder=builder, archive=archive
327 )338 )
328 sprf = build.source_package_release.addFile(339 build.source_package_release.addFile(
329 self.factory.makeLibraryFileAlias(db_only=True),340 self.factory.makeLibraryFileAlias(db_only=True),
330 filetype=SourcePackageFileType.ORIG_TARBALL,341 filetype=SourcePackageFileType.ORIG_TARBALL,
331 )342 )
332 sprf_url = (
333 "http://private-ppa.launchpad.test/%s/%s/ubuntu/pool/%s/%s"
334 % (
335 archive.owner.name,
336 archive.name,
337 poolify(
338 build.source_package_release.sourcepackagename.name, "main"
339 ).as_posix(),
340 sprf.libraryfile.filename,
341 )
342 )
343 lf = self.factory.makeLibraryFileAlias(db_only=True)343 lf = self.factory.makeLibraryFileAlias(db_only=True)
344 build.distro_arch_series.addOrUpdateChroot(lf)344 build.distro_arch_series.addOrUpdateChroot(lf)
345 bq = build.queueBuild()345 bq = build.queueBuild()
@@ -357,14 +357,6 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
357 lf,357 lf,
358 archive,358 archive,
359 ArchivePurpose.PPA,359 ArchivePurpose.PPA,
360 extra_uploads=[
361 (
362 Equals(sprf_url),
363 Equals("buildd"),
364 MacaroonVerifies("binary-package-build", archive),
365 )
366 ],
367 filemap_names=[sprf.libraryfile.filename],
368 )360 )
369361
370 @defer.inlineCallbacks362 @defer.inlineCallbacks
@@ -379,6 +371,10 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
379 build = self.factory.makeBinaryPackageBuild(371 build = self.factory.makeBinaryPackageBuild(
380 builder=builder, archive=archive372 builder=builder, archive=archive
381 )373 )
374 build.source_package_release.addFile(
375 self.factory.makeLibraryFileAlias(db_only=True),
376 filetype=SourcePackageFileType.ORIG_TARBALL,
377 )
382 lf = self.factory.makeLibraryFileAlias(db_only=True)378 lf = self.factory.makeLibraryFileAlias(db_only=True)
383 build.distro_arch_series.addOrUpdateChroot(lf)379 build.distro_arch_series.addOrUpdateChroot(lf)
384 bq = build.queueBuild()380 bq = build.queueBuild()

Subscribers

People subscribed via source and target branches

to status/vote changes: