Google Git
Sign in
cobalt / cobalt / c73ce7d5dfce7ae20bcc30efc5f220e0fbac12b1 / . / src / third_party / mozjs-45 / js / src / devtools / rootAnalysis / ra.away / tools / scripts / hsts / update_hsts_preload_list.sh
blob: 7373142b07307698f600ffbb9cde07f975a96840 [file] [log] [blame]
#!/bin/bash
USAGE()
{
cat <<EOF
DEPRECATED: use tools/scripts/periodic_file_updates/periodic_file_updates.sh instead.
usage: `basename $0` [-n] [-c] [-d] [-a]
[-p product]
[--hgtool hgtool_location]
[--mirror hg_mirror --bundle bundle_location]
[-u hg_ssh_user]
[-k hg_ssh_key]
[-r existing_repo_dir]
-b branch
EOF
}
DRY_RUN=false
PRODUCT="firefox"
BRANCH=""
LATEST_DIR=""
PLATFORM="linux-x86_64"
PLATFORM_EXT="tar.bz2"
UNPACK_CMD="tar jxf"
CLOSED_TREE=false
DONTBUILD=false
APPROVAL=false
HG_SSH_USER='ffxbld'
HG_SSH_KEY='~cltbld/.ssh/ffxbld_rsa'
REPODIR='hsts'
HGTOOL=''
MIRROR=''
BUNDLE=''
APP_DIR="browser"
LOCALHOST=`/bin/hostname -s`
HGHOST="hg.mozilla.org"
STAGEHOST="stage.mozilla.org"
HG=hg
WGET=wget
UNZIP="unzip -q"
DIFF="diff -up"
PRELOAD_SCRIPT="getHSTSPreloadList.js"
PRELOAD_ERRORS="nsSTSPreloadList.errors"
PRELOAD_INC="nsSTSPreloadList.inc"
BASEDIR=`pwd`
while [ $# -gt 0 ]; do
case "$1" in
-p) PRODUCT="$2"; shift;;
-b) BRANCH="$2"; shift;;
-n) DRY_RUN=true;;
-c) CLOSED_TREE=true;;
-d) DONTBUILD=true;;
-a) APPROVAL=true;;
-u) HG_SSH_USER="$2"; shift;;
-k) HG_SSH_KEY="$2"; shift;;
-r) REPODIR="$2"; shift;;
--hgtool) HGTOOL="$2"; shift;;
--mirror) MIRROR="$2"; shift;;
--bundle) BUNDLE="$2"; shift;;
-*) USAGE
exit 1;;
*) break;; # terminate while loop
esac
shift
done
if [ "$BRANCH" == "" ]; then
USAGE
exit 1
else
LATEST_DIR=latest-`basename ${BRANCH}`
fi
HGREPO="http://${HGHOST}/${BRANCH}"
HGPUSHREPO="ssh://${HGHOST}/${BRANCH}"
# Try to find hgtool if it hasn't been set.
if [ ! -f "${HGTOOL}" ]; then
HGTOOL=`which hgtool.py 2>/dev/null | head -n1`
fi
compare_preload_lists()
{
echo "INFO: Retrieving current version from hg..."
VERSION_URL_HG="${HGREPO}/raw-file/default/${APP_DIR}/config/version.txt"
rm -f version.txt
${WGET} --no-check-certificate -O version.txt ${VERSION_URL_HG}
WGET_STATUS=$?
if [ ${WGET_STATUS} != 0 ]; then
echo "ERROR: wget exited with a non-zero exit code: $WGET_STATUS"
exit ${WGET_STATUS}
fi
VERSION=`cat version.txt`
if [ "${VERSION}" == "" ]; then
echo "ERROR: Unable to parse version from version.txt"
exit 1
fi
BROWSER_ARCHIVE="${PRODUCT}-${VERSION}.en-US.${PLATFORM}.${PLATFORM_EXT}"
BROWSER_ARCHIVE_URL="http://${STAGEHOST}/pub/mozilla.org/${PRODUCT}/nightly/${LATEST_DIR}/${BROWSER_ARCHIVE}"
TESTS_ARCHIVE="${PRODUCT}-${VERSION}.en-US.${PLATFORM}.tests.zip"
TESTS_ARCHIVE_URL="http://${STAGEHOST}/pub/mozilla.org/${PRODUCT}/nightly/${LATEST_DIR}/${TESTS_ARCHIVE}"
PRELOAD_SCRIPT_HG="${HGREPO}/raw-file/default/security/manager/tools/${PRELOAD_SCRIPT}"
PRELOAD_ERRORS_HG="${HGREPO}/raw-file/default/security/manager/boot/src/${PRELOAD_ERRORS}"
PRELOAD_INC_HG="${HGREPO}/raw-file/default/security/manager/boot/src/${PRELOAD_INC}"
# Download everything we need: browser, tests, updater script, existing preload list and errors.
echo "INFO: Downloading all the necessary pieces..."
rm -rf ${PRODUCT} tests ${BROWSER_ARCHIVE} ${TESTS_ARCHIVE} ${PRELOAD_SCRIPT} ${PRELOAD_ERRORS} ${PRELOAD_INC}
for URL in ${BROWSER_ARCHIVE_URL} ${TESTS_ARCHIVE_URL} ${PRELOAD_SCRIPT_HG} ${PRELOAD_ERRORS_HG} ${PRELOAD_INC_HG}; do
${WGET} --no-check-certificate ${URL}
WGET_STATUS=$?
if [ ${WGET_STATUS} != 0 ]; then
echo "ERROR: wget exited with a non-zero exit code: ${WGET_STATUS}"
exit ${WGET_STATUS}
fi
done
for F in ${BROWSER_ARCHIVE} ${TESTS_ARCHIVE} ${PRELOAD_SCRIPT} ${PRELOAD_ERRORS} ${PRELOAD_INC}; do
if [ ! -f ${F} ]; then
echo "Downloaded file ${F} not found."
exit 1
fi
done
# Unpack the browser and move xpcshell in place for updating the preload list.
echo "INFO: Unpacking resources..."
${UNPACK_CMD} ${BROWSER_ARCHIVE}
mkdir tests && cd tests
${UNZIP} ../${TESTS_ARCHIVE}
cd ${BASEDIR}
cp tests/bin/xpcshell ${PRODUCT}
# Run the script to get an updated preload list.
echo "INFO: Generating new HSTS preload list..."
cd ${PRODUCT}
echo INFO: Running \"LD_LIBRARY_PATH=. ./xpcshell ${BASEDIR}/${PRELOAD_SCRIPT} ${BASEDIR}/${PRELOAD_INC}\"
LD_LIBRARY_PATH=. ./xpcshell ${BASEDIR}/${PRELOAD_SCRIPT} ${BASEDIR}/${PRELOAD_INC}
# The created files should be non-empty.
echo "INFO: Checking whether new HSTS preload list is valid..."
if [ ! -s "${PRELOAD_ERRORS}" ]; then
echo "New HSTS preload error list is empty. I guess that's good?"
fi
if [ ! -s "${PRELOAD_INC}" ]; then
echo "New HSTS preload list is empty. That's less good."
exit 1
fi
cd ${BASEDIR}
# Check for differences
echo "INFO: diffing old/new HSTS error lists..."
${DIFF} ${PRELOAD_ERRORS} ${PRODUCT}/${PRELOAD_ERRORS}
DIFF_STATUS=$?
case "${DIFF_STATUS}" in
0|1) ;;
*) echo "ERROR: diff exited with exit code: ${DIFF_STATUS}"
exit ${DIFF_STATUS}
esac
echo "INFO: diffing old/new HSTS preload lists..."
${DIFF} ${PRELOAD_INC} ${PRODUCT}/${PRELOAD_INC}
DIFF_STATUS=$?
case "${DIFF_STATUS}" in
0|1) ;;
*) echo "ERROR: diff exited with exit code: ${DIFF_STATUS}"
exit ${DIFF_STATUS}
esac
return ${DIFF_STATUS}
}
update_preload_list_in_hg()
{
if [ ! -d ${REPODIR} ]; then
CLONE_CMD=""
if [ -f "${HGTOOL}" ]; then
# Need to pass the default branch here to avoid pollution from buildprops.json
# when hgtool.py is run in production.
CLONE_CMD="${HGTOOL} --branch default"
if [ "${MIRROR}" != "" ]; then
CLONE_CMD="${CLONE_CMD} --mirror ${MIRROR}"
fi
if [ "${BUNDLE}" != "" ]; then
CLONE_CMD="${CLONE_CMD} --bundle ${BUNDLE}"
fi
else
# Fallback on vanilla hg
echo "hgtool.py not found. Falling back to vanilla hg."
CLONE_CMD="${HG} clone"
fi
CLONE_CMD="${CLONE_CMD} ${HGREPO} ${REPODIR}"
echo ${CLONE_CMD}
${CLONE_CMD}
CLONE_STATUS=$?
if [ ${CLONE_STATUS} != 0 ]; then
echo "ERROR: hg clone exited with a non-zero exit code: ${CLONE_STATUS}"
return ${CLONE_STATUS}
fi
fi
echo ${HG} -R ${REPODIR} pull
${HG} -R ${REPODIR} pull
PULL_STATUS=$?
if [ ${PULL_STATUS} != 0 ]; then
echo "ERROR: hg pull exited with a non-zero exit code: ${PULL_STATUS}"
return ${PULL_STATUS}
fi
echo ${HG} -R ${REPODIR} update -C default
${HG} -R ${REPODIR} update -C default
UPDATE_STATUS=$?
if [ ${UPDATE_STATUS} != 0 ]; then
echo "ERROR: hg update exited with a non-zero exit code: ${UPDATE_STATUS}"
return ${UPDATE_STATUS}
fi
cp -f ${PRODUCT}/${PRELOAD_ERRORS} ${REPODIR}/security/manager/boot/src/
cp -f ${PRODUCT}/${PRELOAD_INC} ${REPODIR}/security/manager/boot/src/
COMMIT_MESSAGE="No bug, Automated HSTS preload list update from host $LOCALHOST"
if [ ${DONTBUILD} == true ]; then
COMMIT_MESSAGE="${COMMIT_MESSAGE} - (DONTBUILD)"
fi
if [ ${CLOSED_TREE} == true ]; then
COMMIT_MESSAGE="${COMMIT_MESSAGE} - CLOSED TREE"
fi
if [ ${APPROVAL} == true ]; then
COMMIT_MESSAGE="${COMMIT_MESSAGE} - a=hsts-update"
fi
echo ${HG} -R ${REPODIR} commit -u \"${HG_SSH_USER}\" -m \"${COMMIT_MESSAGE}\"
${HG} -R ${REPODIR} commit -u "${HG_SSH_USER}" -m "${COMMIT_MESSAGE}"
echo ${HG} -R ${REPODIR} push -e \"ssh -l ${HG_SSH_USER} -i ${HG_SSH_KEY}\" ${HGPUSHREPO}
${HG} -R ${REPODIR} push -e "ssh -l ${HG_SSH_USER} -i ${HG_SSH_KEY}" ${HGPUSHREPO}
PUSH_STATUS=$?
if [ ${PUSH_STATUS} != 0 ]; then
echo "ERROR: hg push exited with exit code: ${PUSH_STATUS}, probably raced another changeset"
echo ${HG} -R ${REPODIR} rollback
${HG} -R ${REPODIR} rollback
ROLLBACK_STATUS=$?
if [ ${ROLLBACK_STATUS} != 0 ]; then
echo "ERROR: hg rollback failed with exit code: ${ROLLBACK_STATUS}"
echo "This is unrecoverable, removing the local clone to start fresh next time."
rm -rf ${REPODIR}
return ${ROLLBACK_STATUS}
fi
fi
return ${PUSH_STATUS}
}
compare_preload_lists
result=$?
if [ ${result} != 0 ]; then
if [ "${DRY_RUN}" == "true" ]; then
echo "INFO: HSTS preload lists differ, but not updating hg in dry-run mode."
else
echo "INFO: HSTS preload lists differ, updating hg."
update_preload_list_in_hg
result=$?
fi
else
echo "INFO: HSTS preload lists are identical. Nothing to update."
fi
exit ${result}