From patchwork Fri Apr 22 09:07:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 12823146 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7EDBC433FE for ; Fri, 22 Apr 2022 09:14:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233491AbiDVJRA (ORCPT ); Fri, 22 Apr 2022 05:17:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59406 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1445855AbiDVJKi (ORCPT ); Fri, 22 Apr 2022 05:10:38 -0400 Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD0AB51E6E for ; Fri, 22 Apr 2022 02:07:45 -0700 (PDT) Received: by mail-wr1-x42a.google.com with SMTP id v12so3300839wrv.10 for ; Fri, 22 Apr 2022 02:07:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=WAofSxgNZM/NsWsnBvdlUXY92iBc6eKlrtlstoIyNy8=; b=ccl0zRGIcc3dbn/PH3et509ZPy4R6D3yawOo1f98mHBwJVoRYpZDgZX3cgoqeoOazv xyHxekg64YuSy4gm98TNtgb11Vdj1PyhxBlBO2AtUxdiT3DpN9SLyRFTYwpvKz3t4Eh/ rbLpQEEDNPdq99TExT3uVgGmGQFUqRI3xYN3C2oNg7ggZitJ0zInF4rLA3Qibkbfl8ig 70EZmmc70QQNwx6ohdq5W+ApFbgzaT6gka6YrSsQOov/f17UGf5e3eFiheycGLYWQ3g8 +6jVNr6qNOiXeRlUIhvWt3hblOyej+K0VGFRFk9CRoHgtiX1VRzGcO+VcFx0BIrdQ3al E30A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WAofSxgNZM/NsWsnBvdlUXY92iBc6eKlrtlstoIyNy8=; b=A2xdq21NZYxWCVP7bbeIoCv8loiuTDxnREd+3yQNNppVQaFQdWlS2jeQ4FP80YiQfN m1BWa6jOuyMlJaQQnqp9cvZiyELky3M56AprVVFEC79ThXlD6K4RMQuLokycB7aWXNmf ERc4kcsz1MgsyOIGZzPzda/0MCumiUVUGIb8xqDiDq7eouEZE23YMtraj+cs6GtaXmQd YF/go3OstzUcEUs0mN5ydwoc1QYky6PcWXQh9/t0kjDgikeHVEXSmOdogFnJ6XQeaNw5 vNfICGINDA15gWBbEuCimzIFOyQAHP/0PnTVXq6SDpd3QPH3mK5e8ETEGC1dRuNMZV7Z m2DQ== X-Gm-Message-State: AOAM533vhYlkJO18Vtotkg72TGZvuqlbBlRxPg9UaeSk5HVM3osPCkxp c/5pjX7IfsSw9hLDv3lt+hcWrjsH+/AFbw== X-Google-Smtp-Source: ABdhPJyGE+2cPo7WrULvdJkNKI9thBhWSp37b+CERozUQKs4R9/LjWY6UkMWfgz2nvCAKaEVs//Ugw== X-Received: by 2002:a5d:6487:0:b0:20a:a575:c136 with SMTP id o7-20020a5d6487000000b0020aa575c136mr2896121wri.402.1650618464120; Fri, 22 Apr 2022 02:07:44 -0700 (PDT) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id n68-20020a1c2747000000b0038e6b4d5395sm1282700wmn.16.2022.04.22.02.07.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 02:07:43 -0700 (PDT) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Eric Sunshine , Derrick Stolee , =?utf-8?q?SZEDER_G=C3=A1bor?= , Taylor Blau , Johannes Schindelin , =?utf-8?q?Carlo_Marcelo_A?= =?utf-8?q?renas_Bel=C3=B3n?= , =?utf-8?b?w4Z2YXIgQXJu?= =?utf-8?b?ZmrDtnLDsCBCamFybWFzb24=?= Subject: [PATCH v2 1/3] CI: run "brew install perforce" without past workarounds Date: Fri, 22 Apr 2022 11:07:37 +0200 Message-Id: X-Mailer: git-send-email 2.36.0.879.g56a83971f3f In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Remove the alternating between --no-quarantine, --cask and fallback "git pull" updating of the "perforce" package. As can be seen in [1], [2] and [3] these were workarounds for various past CI issues. Running "brew install perforce" works now in GitHub CI, so there's no need to alternate between package names, and the "git pull" method was a workaround for some staleness issue on the Azure pipelines removed in [4]. We do have a really common issue with this failing, but that's unrelated to any of those past fixes, and removing these old workarounds makes dealing with that a lot easier. 1. 0eb3671ed96 (ci(osx): use new location of the `perforce` cask, 2019-10-23) 2. 5ed9fc3fc86 (ci: prevent `perforce` from being quarantined, 2020-02-27) 3. 3831132ace6 (ci/install-depends: attempt to fix "brew cask" stuff, 2021-01-14) 4. 6081d3898fe (ci: retire the Azure Pipelines definition, 2020-04-11) Signed-off-by: Ævar Arnfjörð Bjarmason --- ci/install-dependencies.sh | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/ci/install-dependencies.sh b/ci/install-dependencies.sh index dbcebad2fb2..82fa87f97af 100755 --- a/ci/install-dependencies.sh +++ b/ci/install-dependencies.sh @@ -37,13 +37,7 @@ macos-latest) test -z "$BREW_INSTALL_PACKAGES" || brew install $BREW_INSTALL_PACKAGES brew link --force gettext - brew install --cask --no-quarantine perforce || { - # Update the definitions and try again - cask_repo="$(brew --repository)"/Library/Taps/homebrew/homebrew-cask && - git -C "$cask_repo" pull --no-stat --ff-only && - brew install --cask --no-quarantine perforce - } || - brew install homebrew/cask/perforce + brew install perforce if test -n "$CC_PACKAGE" then From patchwork Fri Apr 22 09:07:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 12823144 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DCA8C4167D for ; Fri, 22 Apr 2022 09:14:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233718AbiDVJQy (ORCPT ); Fri, 22 Apr 2022 05:16:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59440 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1445857AbiDVJKl (ORCPT ); Fri, 22 Apr 2022 05:10:41 -0400 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89CE251E6E for ; Fri, 22 Apr 2022 02:07:47 -0700 (PDT) Received: by mail-wr1-x42c.google.com with SMTP id k22so10115753wrd.2 for ; Fri, 22 Apr 2022 02:07:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+xgedhMa4ID+6ZRxWmK8qnafzwevXp3shayu7Vvskus=; b=G8+GJM32MEhqbg5MQPeJedmmasIySvWXNDtHT19qhUtDeCXXWxCHiINqHDxvNLlCWl h+PACWnV1ROXjXF36G1s1gGUe26Q4db5HuvOFJaGi/icGv30N/4SwB18b3NSaRHFI8WF 6JJpjO8PKG8CMCJR40CpbVdlcNNyDDvDaisTMBSHW65XXAu4jeqsVv2+RscuE/b2RpJE O00RT/9Bg19l8lfXqoe75Ah7W8bmx9ecsgjF55ZAdlKYo05GeXA0Ax8h2ygcRm00tmpe qN8CnGasYT+bmCjp8XifmsreyD7NAEV14VVDQlgvd6+dJZNx2YoMnyky2MKtR1fNdyHy Rm0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+xgedhMa4ID+6ZRxWmK8qnafzwevXp3shayu7Vvskus=; b=LDmrFgb7MBOw0XqJCdLJOUDPs5iQ+MnXvhkYn5xsKmyRZ5KuiJ9JdCmzY6yKOW95Rb N4xI9Y/WOWgiHdHPaPC1BNoHaE3fxP+T/FylOp6Ml6HEQbpo1MhyMFlttCBAv7nRkwWc 0oxe3/rKm648F0SHExNSOo+JoW1nJ3cHQeB0IcYcl50Lk4deUmEsdpGGtTJeEMBUQSpG 4aL4ErMlRlrhBeLWG3Rtn2ybq6n0D6kICcj3TxdHTMhXqPNls6vZFpYjOJwMKTC2I69q XuL2LZWxAS+fyV12zW78slfD6hJj8/1tEKOCgWRlqQY1nLfMhKhWY3LKYJsmfaBKMA+Y JxqQ== X-Gm-Message-State: AOAM530hB4tfhwuYQ3vwclKeA2WxBzQ4Snx5ef7QSK7fbdWaRwLo8urC 8Cq6ju/2t43mquUyfnU7S/XXgRifSj48JA== X-Google-Smtp-Source: ABdhPJzVmYB4GGlHuXHBqp54M/gYQEimWPqQCMqSvUG4Mi3nYLBB94jVWdcVWRPwLtbExqmHnTja7A== X-Received: by 2002:a5d:4d91:0:b0:207:ac32:cffb with SMTP id b17-20020a5d4d91000000b00207ac32cffbmr2882217wru.644.1650618465056; Fri, 22 Apr 2022 02:07:45 -0700 (PDT) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id n68-20020a1c2747000000b0038e6b4d5395sm1282700wmn.16.2022.04.22.02.07.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 02:07:44 -0700 (PDT) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Eric Sunshine , Derrick Stolee , =?utf-8?q?SZEDER_G=C3=A1bor?= , Taylor Blau , Johannes Schindelin , =?utf-8?q?Carlo_Marcelo_A?= =?utf-8?q?renas_Bel=C3=B3n?= , =?utf-8?b?w4Z2YXIgQXJu?= =?utf-8?b?ZmrDtnLDsCBCamFybWFzb24=?= Subject: [PATCH v2 2/3] CI: don't care about SHA256 mismatch on upstream "perforce" package Date: Fri, 22 Apr 2022 11:07:38 +0200 Message-Id: X-Mailer: git-send-email 2.36.0.879.g56a83971f3f In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org As can be seen in the commit history[1] of the upstream perforce.rb in homebrew-cask the upstream perforce package URL and its SHA-256 are aren't a unique pair. The upstream will start publishing an updated package at the same URL as the previous version, causing the CI to routinely fail with errors like: ==> Downloading https://cdist2.perforce.com/perforce/r21.2/bin.macosx1015x86_64/helix-core-server.tgz Error: SHA256 mismatch Expected: ffc757b9d4d0629b2594e2777edfb18097825e29c70d8f33a444c7482d622806 Actual: 37bc306f0bdfd1d63cfcea113ada132d96f89d53cbb20c282735d51d06223054 Once someone gets around to updating the perforce.rb the failure of git's CI will be cleared up, but in the meantime all osx-{gcc,clang} jobs will encounter hard failures. Let's not be so anal about this and fallback to a "sha256 :no_check" on failure. For the "ubuntu-latest" jobs just a few lines earlier we "wget" and chmod binaries from http://filehost.perforce.com (no https!). We're already trusting the DNS in the CI to do the right thing here, and for there not to be any MitM attacks between the CI and filehost.perforce.com. Even if someone managed to get in the middle the worst they could do is run arbitrary code in the CI environment. The only thing we were getting out of the SHA-256 check was to serve as a canary that the homebrew-cask repository itself was drifting out of date. It seems sensible to just cut it out as a middle-man entirely (as the ubuntu-latest jobs do). We want to run the t/*-git-p4-*.sh tests, not to validate the chain of custody between perforce.com and the homebrew-cask repository. See [2] for the "no_check" syntax, and [3] for an example of a failure in "seen" before this change. It's been suggested as an alternative [4] to simply disable the p4 tests if we can't install the package from homebrew. While I don't really care, I think that would be strictly worse. Before this change we've either run the p4 tests or failed, and we'll still fail now if we can't run the p4 tests. Whereas skipping them entirely as [4] does is introducing the caveat that our test coverage in these jobs today might be different than the coverage tomorrow. If we do want to introduce such dynamic runs to CI I think they should use the relevant "needs" or "if" features, so that the UX can make it obvious what was or wasn't dynamically skipped. 1. https://github.com/Homebrew/homebrew-cask/commits/master/Casks/perforce.rb 2. https://docs.brew.sh/Cask-Cookbook#required-stanzas 3. https://github.com/git/git/runs/6104156856?check_suite_focus=true 4. https://lore.kernel.org/git/20220421225515.6316-1-carenas@gmail.com/ --- ci/install-dependencies.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ci/install-dependencies.sh b/ci/install-dependencies.sh index 82fa87f97af..cab6e04a358 100755 --- a/ci/install-dependencies.sh +++ b/ci/install-dependencies.sh @@ -37,7 +37,14 @@ macos-latest) test -z "$BREW_INSTALL_PACKAGES" || brew install $BREW_INSTALL_PACKAGES brew link --force gettext - brew install perforce + brew install perforce || { + echo Installing perforce failed, assuming and working around SHA256 mismatch >&2 && + + path=$(brew edit --print-path perforce) && + sed 's/\(sha256.\).*/\1:no_check/' <"$path" >"$path".tmp && + mv "$path".tmp "$path" && + brew install perforce + } if test -n "$CC_PACKAGE" then