Merge branch 'master' of https://github.com/taskcluster/generic-worker into no-more-nssm-merge-20190619

Resolved merge conflict:
  multiuser_windows.go

Author: petemoore

.taskcluster.yml

@@ -71,7 +71,7 @@ tasks:
         - C:\generic-worker\generic-worker-test-creds.cmd
         - copy "%TASK_USER_CREDENTIALS%" "%CD%\next-task-user.json"
         - 'go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=%revision%" -v -race ./...'
-        - set GW_TESTS_RUN_AS_TASK_USER=true
+        - set GW_TESTS_RUN_AS_CURRENT_USER=true
         - 'go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=%revision%" -v -race'
         - ineffassign .
       artifacts:
@@ -148,8 +148,10 @@ tasks:
         - set GORACE=history_size=7
         - C:\generic-worker\generic-worker-test-creds.cmd
         - copy "%TASK_USER_CREDENTIALS%" "%CD%\next-task-user.json"
+        # This env var is not set on Windows Server 2012 R2 CI tasks; we must set here since this worker type runs tasks from Z: drive
+        - set GW_SKIP_Z_DRIVE_TESTS=true
         - 'go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=%revision%" -v ./...'
-        - set GW_TESTS_RUN_AS_TASK_USER=true
+        - set GW_TESTS_RUN_AS_CURRENT_USER=true
         - 'go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=%revision%" -v'
         - ineffassign .
       artifacts:
@@ -232,8 +234,10 @@ tasks:
         - set GORACE=history_size=7
         - C:\generic-worker\generic-worker-test-creds.cmd
         - copy "%TASK_USER_CREDENTIALS%" "%CD%\next-task-user.json"
+        # This env var is not set on Windows Server 2012 R2 CI tasks; we must set here since this worker type runs tasks from Z: drive
+        - set GW_SKIP_Z_DRIVE_TESTS=true
         - 'go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=%revision%" -v -race ./...'
-        - set GW_TESTS_RUN_AS_TASK_USER=true
+        - set GW_TESTS_RUN_AS_CURRENT_USER=true
         - 'go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=%revision%" -v -race'
         - ineffassign .
       artifacts:
@@ -308,7 +312,7 @@ tasks:
             go install -tags simple -v -ldflags "-X main.revision=$(git rev-parse HEAD)" ./...
             # output of wc command can contain spaces on darwin, so no quotes around expression
             test $(git status --porcelain | wc -l) == 0
-            GORACE=history_size=7 CGO_ENABLED=1 go test -tags simple -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -race -v ./...
+            GORACE=history_size=7 CGO_ENABLED=1 go test -tags simple -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -v -race ./...
             ineffassign .
       artifacts:
         - name: public/build/generic-worker-darwin-amd64
@@ -378,8 +382,8 @@ tasks:
             # output of wc command can contain spaces on darwin, so no quotes around expression
             test $(git status --porcelain | wc -l) == 0
             cp "${TASK_USER_CREDENTIALS}" next-task-user.json
-            GORACE=history_size=7 CGO_ENABLED=1 go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -race -v ./...
-            GW_TESTS_RUN_AS_TASK_USER=true GORACE=history_size=7 CGO_ENABLED=1 go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -race -v
+            GW_TESTS_RUN_AS_CURRENT_USER=true GORACE=history_size=7 CGO_ENABLED=1 go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -v -race
+            GORACE=history_size=7 CGO_ENABLED=1 go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -v -race ./...
             ineffassign .
       artifacts:
         - name: public/build/generic-worker-darwin-amd64
@@ -469,6 +473,79 @@ tasks:
   #         format: tar.gz
 
 
+  ##########################################################
+  ############## Linux amd64 Multiuser Build ###############
+  ##########################################################
+
+  - provisionerId: pmoore-manual
+    workerType: linux-amd64
+    metadata:
+      name: "Build/test 64 bit generic-worker (multiuser engine) on Ubuntu 17.04 VM"
+      description: "This builds the 64 bit linux version of generic-worker (multiuser engine)"
+      owner: "{{ event.head.user.email }}" # the user who sent the pr/push e-mail will be inserted here
+      source: "{{ event.head.repo.url }}"  # the repo where the pr came from will be inserted here
+    extra:
+      github:
+        # Events that will trigger this task
+        events:
+          - pull_request.opened
+          - pull_request.synchronize
+          - push
+    scopes:
+      - generic-worker:cache:generic-worker-checkout
+      - secrets:get:repo:github.com/taskcluster/generic-worker
+    payload:
+      features:
+        taskclusterProxy:
+          true
+      maxRunTime: 3600
+      command:
+        - - /bin/bash
+          - -vxec
+          - |
+            export CGO_ENABLED=0
+            export GOROOT="$(pwd)/go1.10.8/go"
+            export GOPATH="$(pwd)/gopath1.10.8"
+            export PATH="${GOPATH}/bin:${GOROOT}/bin:${PATH}"
+            go version
+            go env
+            curl -s "${TASKCLUSTER_PROXY_URL}/secrets/v1/secret/repo:github.com/taskcluster/generic-worker" | sed -n 's/.*"b64_encoded_credentials_script": "\(.*\)".*/\1/p' | base64 -d > ~/env_private.sh
+            source ~/env_private.sh
+            mkdir -p "${GOPATH}/src/github.com/taskcluster"
+            cd "${GOPATH}/src/github.com/taskcluster"
+            if [ ! -d generic-worker/.git ]; then rm -rf generic-worker; git clone '{{ event.head.repo.url }}' 'generic-worker'; fi
+            cd 'generic-worker'
+            git fetch '{{ event.head.repo.url }}' "+{{ event.head.ref }}:refs/heads/X${TASK_ID}"
+            git checkout -f "X${TASK_ID}"
+            git reset --hard '{{ event.head.sha }}'
+            git clean -fdx
+            git checkout -B tmp -t "X${TASK_ID}"
+            go get -v -u github.com/taskcluster/livelog github.com/taskcluster/taskcluster-proxy github.com/gordonklaus/ineffassign
+            cd gw-codegen
+            go get -v
+            cd ..
+            go generate
+            go install -tags multiuser -v -ldflags "-X main.revision=$(git rev-parse HEAD)" ./...
+            test "$(git status --porcelain | wc -l)" == 0
+            # These lines should be enabled in bug 1499054:
+            # GORACE=history_size=7 CGO_ENABLED=1 go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -v -race ./...
+            # GW_TESTS_RUN_AS_CURRENT_USER=true GORACE=history_size=7 CGO_ENABLED=1 go test -tags multiuser -timeout 45m -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -race -v
+            "${GOPATH}/bin/ineffassign" .
+      artifacts:
+        - name: public/build/generic-worker-linux-amd64
+          path: gopath1.10.8/bin/generic-worker
+          expires: "{{ '2 weeks' | $fromNow }}"
+          type: file
+      mounts:
+        - cacheName: generic-worker-checkout
+          directory: gopath1.10.8/src
+        - content:
+            url: https://storage.googleapis.com/golang/go1.10.8.linux-amd64.tar.gz
+            sha256: d8626fb6f9a3ab397d88c483b576be41fa81eefcec2fd18562c87626dbb3c39e
+          directory: go1.10.8
+          format: tar.gz
+
+
   ##########################################################
   ################ Linux amd64 Simple Build ################
   ##########################################################
@@ -505,7 +582,7 @@ tasks:
             export PATH="${GOPATH}/bin:${GOROOT}/bin:${PATH}"
             go version
             go env
-            curl -s "${TASKCLUSTER_PROXY_URL}/secrets/v1/secret/repo:github.com/taskcluster/generic-worker" | sed -n 's/.*"b64_encoded_credentials_script": "\(.*\)".*/\1/p' | base64 -d > ~/env_private.sh
+            wget -q -O- "${TASKCLUSTER_PROXY_URL}/secrets/v1/secret/repo:github.com/taskcluster/generic-worker" | sed -n 's/.*"b64_encoded_credentials_script": "\(.*\)".*/\1/p' | base64 -d > ~/env_private.sh
             source ~/env_private.sh
             mkdir -p "${GOPATH}/src/github.com/taskcluster"
             cd "${GOPATH}/src/github.com/taskcluster"
@@ -576,7 +653,7 @@ tasks:
             export PATH="${GOPATH}/bin:${GOROOT}/bin:${PATH}"
             go version
             go env
-            curl -s "${TASKCLUSTER_PROXY_URL}/secrets/v1/secret/repo:github.com/taskcluster/generic-worker" | sed -n 's/.*"b64_encoded_credentials_script": "\(.*\)".*/\1/p' | base64 -d > ~/env_private.sh
+            wget -q -O- "${TASKCLUSTER_PROXY_URL}/secrets/v1/secret/repo:github.com/taskcluster/generic-worker" | sed -n 's/.*"b64_encoded_credentials_script": "\(.*\)".*/\1/p' | base64 -d > ~/env_private.sh
             source ~/env_private.sh
             mkdir -p "${GOPATH}/src/github.com/taskcluster"
             cd "${GOPATH}/src/github.com/taskcluster"

.travis.yml

@@ -3,16 +3,19 @@ go:
   - "1.10.8"
 
 env:
-  - "CGO_ENABLED=0 GIMME_OS=linux GIMME_ARCH=amd64 engine=docker"
-  - "CGO_ENABLED=0 GIMME_OS=linux GIMME_ARCH=386   engine=simple"
-  - "CGO_ENABLED=0 GIMME_OS=linux GIMME_ARCH=amd64 engine=simple"
-  - "CGO_ENABLED=0 GIMME_OS=linux GIMME_ARCH=arm   engine=simple"
-  # currently broken
-  # "CGO_ENABLED=0 GIMME_OS=linux   GIMME_ARCH=arm64 engine=simple"
+  - "CGO_ENABLED=0 GIMME_OS=linux   GIMME_ARCH=amd64 engine=docker"
+  - "CGO_ENABLED=0 GIMME_OS=linux   GIMME_ARCH=amd64 engine=simple"
+  - "CGO_ENABLED=0 GIMME_OS=linux   GIMME_ARCH=386   engine=simple"
+  - "CGO_ENABLED=0 GIMME_OS=linux   GIMME_ARCH=arm   engine=simple"
   - "CGO_ENABLED=0 GIMME_OS=darwin  GIMME_ARCH=amd64 engine=simple"
   - "CGO_ENABLED=0 GIMME_OS=darwin  GIMME_ARCH=amd64 engine=multiuser"
   - "CGO_ENABLED=0 GIMME_OS=windows GIMME_ARCH=amd64 engine=multiuser"
   - "CGO_ENABLED=0 GIMME_OS=windows GIMME_ARCH=386   engine=multiuser"
+  # This should be enabled in bug 1499054:
+  # - "CGO_ENABLED=0 GIMME_OS=linux   GIMME_ARCH=amd64 engine=multiuser"
+  #
+  # Currently broken:
+  # - "CGO_ENABLED=0 GIMME_OS=linux   GIMME_ARCH=arm64 engine=simple"
 
 install:
   - "test $GIMME_OS.$GIMME_ARCH != linux.amd64 || go get github.com/mattn/goveralls github.com/taskcluster/taskcluster-proxy github.com/taskcluster/livelog github.com/gordonklaus/ineffassign"

README.md

@@ -549,6 +549,7 @@ and reports back results to the queue.
                                             posses this scope, no crash reports will be sent.
                                             Similarly, if this property is not specified or
                                             is the empty string, no reports will be sent.
+                                            [default: generic-worker]
           shutdownMachineOnIdle             If true, when the worker is deemed to have been
                                             idle for enough time (see idleTimeoutSecs) the
                                             worker will issue an OS shutdown command. If false,
@@ -665,6 +666,50 @@ Then cd into the source directory, and run:
 go test -v ./...
 ```
 
+There are a few environment variables that you can set to influence the tests:
+
+### `GW_SKIP_INTEGRATION_TESTS`
+
+Set to a non-empty string if you wish to skip all tests that submit tasks to a
+real taskcluster Queue service.
+
+Otherwise you'll need to configure the taskcluster credentials for talking to
+the taskcluster Queue service:
+
+* `TASKCLUSTER_CLIENT_ID`
+* `TASKCLUSTER_ACCESS_TOKEN`
+* `TASKCLUSTER_ROOT_URL`
+* `TASKCLUSTER_CERTIFICATE` (only if using temp credentials)
+
+### `GW_SKIP_PERMA_CREDS_TESTS`
+
+Set to a non-empty string if you wish to skip tests that require permanent
+taskcluster credentials (e.g. if you only have temp credentials, and don't feel
+like creating a permanent client, or don't have the scopes to do so).
+
+### `GW_SKIP_Z_DRIVE_TESTS`
+
+Only used in a single __Windows-specific__ test - if you don't have a Z: drive
+setup on your computer, or you do but you also run tests from the Z: drive, you
+can set this env var to a non-empty string to skip this test.
+
+### `GW_TESTS_RUN_AS_CURRENT_USER`
+
+This environment variable applies only to the __multiuser__ engine.
+
+If `GW_TESTS_RUN_AS_CURRENT_USER` is not set, generic-worker will be tested
+running in its normal operational mode, i.e. running tasks as task users
+(config setting `runTasksAsCurrentUser` will be `false`).
+
+If `GW_TESTS_RUN_AS_CURRENT_USER` is a non-empty string, generic-worker will be
+tested running tasks as the same user that runs `go test` (config setting
+`runTasksAsCurrentUser` will be `true`). This is how the CI multiuser workers
+are configured, in order that the generic-worker under test has the required
+privileges to function correctly. Set this environment variable to ensure that
+the generic-worker under test will function correctly as a generic-worker CI
+worker.
+```
+
 # Making a new generic worker release
 
 Run the `release.sh` script like so:

artifacts.go

@@ -439,7 +439,7 @@ func (task *TaskRun) uploadArtifact(artifact TaskArtifact) *CommandExecutionErro
 			switch rootCause := t.RootCause.(type) {
 			case httpbackoff.BadHttpResponseCode:
 				if rootCause.HttpResponseCode/100 == 5 {
-					return ResourceUnavailable(fmt.Errorf("TASK EXCEPTION due to response code %v from Queue when uploading artifact %#v with CreateArtifact payload %v", rootCause.HttpResponseCode, artifact, string(payload)))
+					return ResourceUnavailable(fmt.Errorf("TASK EXCEPTION due to response code %v from Queue when uploading artifact %#v with CreateArtifact payload %v - HTTP response body: %v", rootCause.HttpResponseCode, artifact, string(payload), t.CallSummary.HTTPResponseBody))
 				}
 				// was artifact already uploaded ( => malformed payload)?
 				if rootCause.HttpResponseCode == 409 {
@@ -461,7 +461,7 @@ func (task *TaskRun) uploadArtifact(artifact TaskArtifact) *CommandExecutionErro
 					return nil
 				}
 				// assume a problem with the request == worker bug
-				panic(fmt.Errorf("WORKER EXCEPTION due to response code %v from Queue when uploading artifact %#v with CreateArtifact payload %v", rootCause.HttpResponseCode, artifact, string(payload)))
+				panic(fmt.Errorf("WORKER EXCEPTION due to response code %v from Queue when uploading artifact %#v with CreateArtifact payload %v - HTTP response body: %v", rootCause.HttpResponseCode, artifact, string(payload), t.CallSummary.HTTPResponseBody))
 			case *url.Error:
 				switch subCause := rootCause.Err.(type) {
 				case *net.OpError:

build.sh

@@ -59,26 +59,23 @@ function install {
 }
 
 if ${ALL_PLATFORMS}; then
-  install docker linux amd64
-
   install multiuser windows amd64
   install multiuser windows 386
 
-  install multiuser darwin amd64
-  install multiuser darwin 386
-
-  install simple darwin amd64
-  install simple darwin 386
+  install multiuser darwin  amd64
+  install simple    darwin  amd64
 
-  install simple linux amd64
-  install simple linux 386
-  install simple linux arm
-  install simple linux arm64
+  install multiuser linux   amd64
+  install docker    linux   amd64
+  install simple    linux   amd64
+  install simple    linux   arm
+  install simple    linux   arm64
 else
   MY_GOHOSTOS="$(go env GOHOSTOS)"
   MY_GOHOSTARCH="$(go env GOHOSTARCH)"
   case "${MY_GOHOSTOS}" in
       linux) install simple    "${MY_GOHOSTOS}" "${MY_GOHOSTARCH}"
+             install multiuser "${MY_GOHOSTOS}" "${MY_GOHOSTARCH}"
              install docker    "${MY_GOHOSTOS}" "${MY_GOHOSTARCH}"
              ;;
      darwin) install simple    "${MY_GOHOSTOS}" "${MY_GOHOSTARCH}"
@@ -95,8 +92,9 @@ CGO_ENABLED=0 go get github.com/taskcluster/livelog
 
 if $TEST; then
   go get github.com/taskcluster/taskcluster-proxy
-  CGO_ENABLED=1 GORACE="history_size=7" /usr/bin/sudo "GW_TESTS_RUN_AS_TASK_USER=true" "TASKCLUSTER_CERTIFICATE=$TASKCLUSTER_CERTIFICATE" "TASKCLUSTER_ACCESS_TOKEN=$TASKCLUSTER_ACCESS_TOKEN" "TASKCLUSTER_CLIENT_ID=$TASKCLUSTER_CLIENT_ID" "TASKCLUSTER_ROOT_URL=$TASKCLUSTER_ROOT_URL" go test -v -tags multiuser -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -race -timeout 1h ./...
-  if [ "$(go env GOHOSTOS)" == "linux" ]; then
+  CGO_ENABLED=1 GORACE="history_size=7" /usr/bin/sudo "GW_TESTS_RUN_AS_CURRENT_USER=" "TASKCLUSTER_CERTIFICATE=$TASKCLUSTER_CERTIFICATE" "TASKCLUSTER_ACCESS_TOKEN=$TASKCLUSTER_ACCESS_TOKEN" "TASKCLUSTER_CLIENT_ID=$TASKCLUSTER_CLIENT_ID" "TASKCLUSTER_ROOT_URL=$TASKCLUSTER_ROOT_URL" go test -v -tags multiuser -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -race -timeout 1h ./...
+  MYGOHOSTOS="$(go env GOHOSTOS)"
+  if [ "${MYGOHOSTOS}" == "linux" ] || [ "${MYGOHOSTOS}" == "darwin" ]; then
     CGO_ENABLED=1 GORACE="history_size=7" go test -v -tags docker -ldflags "-X github.com/taskcluster/generic-worker.revision=$(git rev-parse HEAD)" -race -timeout 1h ./...
   fi
 fi

chain_of_trust.go

@@ -4,7 +4,10 @@ package main
 
 import (
 	"encoding/json"
+	"errors"
+	"fmt"
 	"io/ioutil"
+	"log"
 	"path/filepath"
 
 	"golang.org/x/crypto/ed25519"
@@ -191,3 +194,16 @@ func (feature *ChainOfTrustTaskFeature) Stop(err *ExecutionErrors) {
 		},
 	))
 }
+
+func (cot *ChainOfTrustTaskFeature) ensureTaskUserCantReadPrivateCotKey() error {
+	c, err := cot.catCotKeyCommand()
+	if err != nil {
+		panic(fmt.Errorf("SERIOUS BUG: Could not create command (not even trying to execute it yet) to cat private chain of trust key %v - %v", config.Ed25519SigningKeyLocation, err))
+	}
+	r := c.Execute()
+	if !r.Failed() {
+		log.Print(r.String())
+		return errors.New(ChainOfTrustKeyNotSecureMessage)
+	}
+	return nil
+}

chain_of_trust_posix.go

@@ -3,26 +3,9 @@
 package main
 
 import (
-	"fmt"
-	"log"
-
 	"github.com/taskcluster/generic-worker/process"
 )
 
-func (cot *ChainOfTrustTaskFeature) ensureTaskUserCantReadPrivateCotKey() error {
-	signingKeyPaths := [2]string{
-		config.Ed25519SigningKeyLocation,
-	}
-	for _, path := range signingKeyPaths {
-		c, err := process.NewCommand([]string{"/bin/cat", path}, cwd, cot.task.EnvVars(), taskContext.pd)
-		if err != nil {
-			panic(fmt.Errorf("SERIOUS BUG: Could not create command (not even trying to execute it yet) to cat private chain of trust key %v - %v", path, err))
-		}
-		r := c.Execute()
-		if !r.Failed() {
-			log.Print(r.String())
-			return fmt.Errorf(ChainOfTrustKeyNotSecureMessage)
-		}
-	}
-	return nil
+func (cot *ChainOfTrustTaskFeature) catCotKeyCommand() (*process.Command, error) {
+	return process.NewCommand([]string{"/bin/cat", config.Ed25519SigningKeyLocation}, cwd, cot.task.EnvVars(), taskContext.pd)
 }

chain_of_trust_windows.go

@@ -1,26 +1,9 @@
 package main
 
 import (
-	"fmt"
-	"log"
-
 	"github.com/taskcluster/generic-worker/process"
 )
 
-func (cot *ChainOfTrustTaskFeature) ensureTaskUserCantReadPrivateCotKey() error {
-	signingKeyPaths := [2]string{
-		config.Ed25519SigningKeyLocation,
-	}
-	for _, path := range signingKeyPaths {
-		c, err := process.NewCommand([]string{"cmd.exe", "/c", "type", path}, cwd, nil, taskContext.pd)
-		if err != nil {
-			panic(fmt.Errorf("SERIOUS BUG: Could not create command (not even trying to execute it yet) to cat private chain of trust key %v - %v", path, err))
-		}
-		r := c.Execute()
-		if !r.Failed() {
-			log.Print(r.String())
-			return fmt.Errorf(ChainOfTrustKeyNotSecureMessage)
-		}
-	}
-	return nil
+func (cot *ChainOfTrustTaskFeature) catCotKeyCommand() (*process.Command, error) {
+	return process.NewCommand([]string{"cmd.exe", "/c", "type", config.Ed25519SigningKeyLocation}, cwd, nil, taskContext.pd)
 }