| #!/usr/bin/env python3 |
| # Copyright 2014 The Chromium Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| """Run a pinned gsutil.""" |
| |
| import argparse |
| import base64 |
| import contextlib |
| import hashlib |
| import json |
| import os |
| import shutil |
| import subprocess |
| import sys |
| import tempfile |
| import time |
| import urllib.request |
| |
| import zipfile |
| |
| GSUTIL_URL = 'https://storage.googleapis.com/pub/' |
| API_URL = 'https://www.googleapis.com/storage/v1/b/pub/o/' |
| |
| THIS_DIR = os.path.dirname(os.path.abspath(__file__)) |
| DEFAULT_BIN_DIR = os.path.join(THIS_DIR, 'external_bin', 'gsutil') |
| |
| IS_WINDOWS = os.name == 'nt' |
| |
| VERSION = '4.68' |
| |
| # Google OAuth Context required by gsutil. |
| LUCI_AUTH_SCOPES = [ |
| 'https://www.googleapis.com/auth/devstorage.full_control', |
| 'https://www.googleapis.com/auth/userinfo.email', |
| ] |
| |
| |
| # Platforms unsupported by luci-auth. |
| LUCI_AUTH_UNSUPPORTED_PLATFORMS = ['aix', 'zos'] |
| |
| |
| class InvalidGsutilError(Exception): |
| pass |
| |
| |
| def download_gsutil(version, target_dir): |
| """Downloads gsutil into the target_dir.""" |
| filename = 'gsutil_%s.zip' % version |
| target_filename = os.path.join(target_dir, filename) |
| |
| # Check if the target exists already. |
| if os.path.exists(target_filename): |
| md5_calc = hashlib.md5() |
| with open(target_filename, 'rb') as f: |
| while True: |
| buf = f.read(4096) |
| if not buf: |
| break |
| md5_calc.update(buf) |
| local_md5 = md5_calc.hexdigest() |
| |
| metadata_url = '%s%s' % (API_URL, filename) |
| metadata = json.load(urllib.request.urlopen(metadata_url)) |
| remote_md5 = base64.b64decode(metadata['md5Hash']).decode('utf-8') |
| |
| if local_md5 == remote_md5: |
| return target_filename |
| os.remove(target_filename) |
| |
| # Do the download. |
| url = '%s%s' % (GSUTIL_URL, filename) |
| u = urllib.request.urlopen(url) |
| with open(target_filename, 'wb') as f: |
| while True: |
| buf = u.read(4096) |
| if not buf: |
| break |
| f.write(buf) |
| return target_filename |
| |
| |
| @contextlib.contextmanager |
| def temporary_directory(base): |
| tmpdir = tempfile.mkdtemp(prefix='t', dir=base) |
| try: |
| yield tmpdir |
| finally: |
| if os.path.isdir(tmpdir): |
| shutil.rmtree(tmpdir) |
| |
| |
| def ensure_gsutil(version, target, clean): |
| bin_dir = os.path.join(target, 'gsutil_%s' % version) |
| gsutil_bin = os.path.join(bin_dir, 'gsutil', 'gsutil') |
| gsutil_flag = os.path.join(bin_dir, 'gsutil', 'install.flag') |
| # We assume that if gsutil_flag exists, then we have a good version |
| # of the gsutil package. |
| if not clean and os.path.isfile(gsutil_flag): |
| # Everything is awesome! we're all done here. |
| return gsutil_bin |
| |
| if not os.path.exists(target): |
| try: |
| os.makedirs(target) |
| except FileExistsError: |
| # Another process is prepping workspace, so let's check if |
| # gsutil_bin is present. If after several checks it's still not, |
| # continue with downloading gsutil. |
| delay = 2 # base delay, in seconds |
| for _ in range(3): # make N attempts |
| # sleep first as it's not expected to have file ready just yet. |
| time.sleep(delay) |
| delay *= 1.5 # next delay increased by that factor |
| if os.path.isfile(gsutil_bin): |
| return gsutil_bin |
| |
| with temporary_directory(target) as instance_dir: |
| # Clean up if we're redownloading a corrupted gsutil. |
| cleanup_path = os.path.join(instance_dir, 'clean') |
| try: |
| os.rename(bin_dir, cleanup_path) |
| except (OSError, IOError): |
| cleanup_path = None |
| if cleanup_path: |
| shutil.rmtree(cleanup_path) |
| |
| download_dir = os.path.join(instance_dir, 'd') |
| target_zip_filename = download_gsutil(version, instance_dir) |
| with zipfile.ZipFile(target_zip_filename, 'r') as target_zip: |
| target_zip.extractall(download_dir) |
| |
| shutil.move(download_dir, bin_dir) |
| # Final check that the gsutil bin exists. This should never fail. |
| if not os.path.isfile(gsutil_bin): |
| raise InvalidGsutilError() |
| # Drop a flag file. |
| with open(gsutil_flag, 'w') as f: |
| f.write('This flag file is dropped by gsutil.py') |
| |
| return gsutil_bin |
| |
| |
| def _is_luci_context(): |
| """Returns True if the script is run within luci-context""" |
| if os.getenv('SWARMING_HEADLESS') == '1': |
| return True |
| |
| luci_context_env = os.getenv('LUCI_CONTEXT') |
| if not luci_context_env: |
| return False |
| |
| try: |
| with open(luci_context_env) as f: |
| luci_context_json = json.load(f) |
| return 'local_auth' in luci_context_json |
| except (ValueError, FileNotFoundError): |
| return False |
| |
| |
| def _is_luci_auth_supported_platform(): |
| """Returns True if luci-auth is supported in the current platform.""" |
| return not any(map(sys.platform.startswith, |
| LUCI_AUTH_UNSUPPORTED_PLATFORMS)) |
| |
| |
| def luci_context(cmd): |
| """Helper to call`luci-auth context`.""" |
| p = _luci_auth_cmd('context', wrapped_cmds=cmd) |
| |
| # If luci-auth is not logged in, fallback to normal execution. |
| if b'Not logged in.' in p.stderr: |
| return _run_subprocess(cmd, interactive=True) |
| |
| _print_subprocess_result(p) |
| return p |
| |
| |
| def luci_login(): |
| """Helper to run `luci-auth login`.""" |
| # luci-auth requires interactive shell. |
| return _luci_auth_cmd('login', interactive=True) |
| |
| |
| def _luci_auth_cmd(luci_cmd, wrapped_cmds=None, interactive=False): |
| """Helper to call luci-auth command.""" |
| cmd = ['luci-auth', luci_cmd, '-scopes', ' '.join(LUCI_AUTH_SCOPES)] |
| if wrapped_cmds: |
| cmd += ['--'] + wrapped_cmds |
| |
| return _run_subprocess(cmd, interactive) |
| |
| |
| def _run_subprocess(cmd, interactive=False, env=None): |
| """Wrapper to run the given command within a subprocess.""" |
| kwargs = {'shell': IS_WINDOWS} |
| |
| if env: |
| kwargs['env'] = dict(os.environ, **env) |
| |
| if not interactive: |
| kwargs['stdout'] = subprocess.PIPE |
| kwargs['stderr'] = subprocess.PIPE |
| |
| return subprocess.run(cmd, **kwargs) |
| |
| |
| def _print_subprocess_result(p): |
| """Prints the subprocess result to stdout & stderr.""" |
| if p.stdout: |
| sys.stdout.buffer.write(p.stdout) |
| |
| if p.stderr: |
| sys.stderr.buffer.write(p.stderr) |
| |
| |
| def is_boto_present(): |
| """Returns true if the .boto file is present in the default path.""" |
| return os.getenv('BOTO_CONFIG') or os.getenv( |
| 'AWS_CREDENTIAL_FILE') or os.path.isfile( |
| os.path.join(os.path.expanduser('~'), '.boto')) |
| |
| |
| def run_gsutil(target, args, clean=False): |
| # Redirect gsutil config calls to luci-auth. |
| if 'config' in args: |
| return luci_login().returncode |
| |
| gsutil_bin = ensure_gsutil(VERSION, target, clean) |
| args_opt = ['-o', 'GSUtil:software_update_check_period=0'] |
| |
| if sys.platform == 'darwin': |
| # We are experiencing problems with multiprocessing on MacOS where |
| # gsutil.py may hang. This behavior is documented in gsutil codebase, |
| # and recommendation is to set GSUtil:parallel_process_count=1. |
| # https://github.com/GoogleCloudPlatform/gsutil/blob/06efc9dc23719fab4fd5fadb506d252bbd3fe0dd/gslib/command.py#L1331 |
| # https://github.com/GoogleCloudPlatform/gsutil/issues/1100 |
| args_opt.extend(['-o', 'GSUtil:parallel_process_count=1']) |
| if sys.platform == 'cygwin': |
| # This script requires Windows Python, so invoke with depot_tools' |
| # Python. |
| def winpath(path): |
| stdout = subprocess.check_output(['cygpath', '-w', path]) |
| return stdout.strip().decode('utf-8', 'replace') |
| |
| cmd = ['python.bat', winpath(__file__)] |
| cmd.extend(args) |
| sys.exit(subprocess.call(cmd)) |
| assert sys.platform != 'cygwin' |
| |
| cmd = [ |
| 'vpython3', '-vpython-spec', |
| os.path.join(THIS_DIR, 'gsutil.vpython3'), '--', gsutil_bin |
| ] + args_opt + args |
| |
| # When .boto is present, try without additional wrappers and handle specific |
| # errors. |
| if is_boto_present(): |
| p = _run_subprocess(cmd) |
| |
| # Notify user that their .boto file might be outdated. |
| if b'Your credentials are invalid.' in p.stderr: |
| # Make sure this error message is visible when invoked by gclient |
| # runhooks |
| separator = '*' * 80 |
| print( |
| '\n' + separator + '\n' + |
| 'Warning: You might have an outdated .boto file. If this issue ' |
| 'persists after running `gsutil.py config`, try removing your ' |
| '.boto, usually located in your home directory.\n' + separator + |
| '\n', |
| file=sys.stderr) |
| |
| _print_subprocess_result(p) |
| return p.returncode |
| |
| # Skip wrapping commands if luci-auth is already being used or if the |
| # platform is unsupported by luci-auth. |
| if _is_luci_context() or not _is_luci_auth_supported_platform(): |
| return _run_subprocess(cmd, interactive=True).returncode |
| |
| # Wrap gsutil with luci-auth context. |
| return luci_context(cmd).returncode |
| |
| |
| def parse_args(): |
| bin_dir = os.environ.get('DEPOT_TOOLS_GSUTIL_BIN_DIR', DEFAULT_BIN_DIR) |
| |
| # Help is disabled as it conflicts with gsutil -h, which controls headers. |
| parser = argparse.ArgumentParser(add_help=False) |
| |
| parser.add_argument( |
| '--clean', |
| action='store_true', |
| help='Clear any existing gsutil package, forcing a new download.') |
| parser.add_argument( |
| '--target', |
| default=bin_dir, |
| help='The target directory to download/store a gsutil version in. ' |
| '(default is %(default)s).') |
| |
| # These two args exist for backwards-compatibility but are no-ops. |
| parser.add_argument('--force-version', |
| default=VERSION, |
| help='(deprecated, this flag has no effect)') |
| parser.add_argument('--fallback', |
| help='(deprecated, this flag has no effect)') |
| |
| parser.add_argument('args', nargs=argparse.REMAINDER) |
| |
| args, extras = parser.parse_known_args() |
| if args.args and args.args[0] == '--': |
| args.args.pop(0) |
| if extras: |
| args.args = extras + args.args |
| return args |
| |
| |
| def main(): |
| args = parse_args() |
| return run_gsutil(args.target, args.args, clean=args.clean) |
| |
| |
| if __name__ == '__main__': |
| sys.exit(main()) |
