When the hg repo is already cached these tasks seem to run in under 10
minutes, but sometimes they need to clone from hg.mozilla.org, and run
over the 15 minutes timeout.
Differential Revision: https://phabricator.services.mozilla.com/D140809
Updates all build-related jobs (`artifact-build`, `build` and
`instrumented-build`) tasks to explicitly set
`MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system`. This allows them
to consume `psutil` (if installed on the system) without needing
to hit PyPI.org.
Modifies `build-l10n.sh` and `build-linux.sh` to no longer
explicitly fetch `psutil` from PyPI
(`./mach python --virtualenv psutil`), since that is replaced
by Mach's "native package source" behaviour.
Differential Revision: https://phabricator.services.mozilla.com/D140257
The llvm-symbolizer tasks currently extract a llvm-symbolizer from clang
tasks. Changes in clang 14 make the hack that we have in place to keep
llvm-symbolizer statically linked to libllvm while clang uses a dynamic
libllvm not work anymore, so it's time to bite the bullet and build
llvm-symbolizer separately.
We share most of the build setup with the compiler-rt build.
Differential Revision: https://phabricator.services.mozilla.com/D140711
The toolchain file is a helper for cross-compilation that even deals
with case-sensivity in MSVC, which simplifies our setup.
Differential Revision: https://phabricator.services.mozilla.com/D140710
This replaces 'get_artifact_prefix' and 'get_artifact_path'. These functions
previously couldn't be replaced because they contained an 'isinstance(Task)'
call in them. But now that the 'Task' class is fully merged, they can be
replaced.
Depends on D140735
Differential Revision: https://phabricator.services.mozilla.com/D140736
In order to help ensure that searchfox runs for mozilla-central will
always have code coverage information available, run the searchfox jobs
on-push instead of on a cron schedule. This avoids searchfox jobs
being scheduled against DONTBUILD pushes which will lack the coverage
jobs which are normally scheduled on-push.
A better/more thorough thing to do would be to express soft
dependencies "soft-dependencies" as documented at
https://taskcluster-taskgraph.readthedocs.io/en/latest/concepts/task-graphs.html#soft-dependencies
on these coverage tasks. However, for now, we just hope really hard
that the coverage tasks get scheduled (as they should? :).
Differential Revision: https://phabricator.services.mozilla.com/D140675
Inconsistency confuses some of our tools. As part of this, I:
* Updated some docs to point to rust-minidump
* Added a fallback to mozcrash.py to try both versions
* Make mozcrash.py use --brief output when the local mdsw is used
* Remove the renaming hack from build-minidump-stackwalk.sh
This isn't as simple as a sed because we still have breakpad in tree
for minidump-analyzer. I did my best to replace the right strings.
Differential Revision: https://phabricator.services.mozilla.com/D138971
The 'release_artifacts' attribute of the Task object doesn't exist in upstream
taskgraph. This attribute is only needed by certain kinds and likely doesn't
belong on the general purpose Task container. Move it to an attribute instead.
This was tested via `taskgraph --diff` on all release tasks. While there is a
diff in that 'release_artifacts' moves from the top-level to under an
attribute, there is no change to the payload of any tasks. So this shouldn't
affect any release graphs.
Depends on D140081
Differential Revision: https://phabricator.services.mozilla.com/D140082
The standalone taskgraph does not have this property. Rather than upstream it,
I prefer to move it to a utility file. This is because it's not clear what
"name" means, or why the label minus the kind equals a "name", or why if a task
doesn't have the kind in its label it raises an Exception.
Plus this property was only used in two places, and both were Gecko specific.
Differential Revision: https://phabricator.services.mozilla.com/D140081
MozillaBuild 3.4's kernel name was `MINGW32_NT-6.2`, but the new
MozillaBuild's kernel name looks like `MSYS_NT-10.0-19044`.
Update existing first-party detection code to properly handle the modern
MSYS "kernel name" format.
Differential Revision: https://phabricator.services.mozilla.com/D140096
Background: The X11 protocol has a very permissive security model;
clients have essentially full access to the windows of other clients,
and to global resources like input devices. Previously, our sandbox
policy for content processes needed to allow access to the X server;
this limited its effectiveness against a dedicated attacker.
This patch turns on the `security.sandbox.content.headless` pref added
in bug 1640345, which removes the sandbox policy rules that allowed
making new X11 connections, as well as opening the Xauthority file,
reading hardware info needed by Mesa, etc. It also runs content
processes in headless mode (whence the name) so they won't connect to a
display server at startup.
This also removes access to the Wayland compositor: the sandbox policy
never allowed that (as of when socket connections became default-deny),
but now content processes won't connect to it at startup. Wayland is
more capability-oriented so this is less significant for security, but at
a minimum it removes unnecessary attack surface.
Note that if the `webgl.out-of-process` pref is turned off, WebGL
will break unless `security.sandbox.content.headless` is also turned
off. (Similarly, `widget.non-native-theme.enabled` is needed to render
scrollbars and form controls in content.) As a result, this patch
adjusts the job definitions used by CI to test in-process WebGL so that
that they will continue to work.
Differential Revision: https://phabricator.services.mozilla.com/D138613
This replaces all of the functions in gecko_taskgraph/util/taskcluster.py with
the ones from the vendored taskgraph if they are identical.
Differential Revision: https://phabricator.services.mozilla.com/D138458
Without this, the desktop nightly graph does not include upload-symbols
tasks for mac, because these tasks don't have the macosx64-shippable
build_platform due to the split x64 / aarch64 build.
Differential Revision: https://phabricator.services.mozilla.com/D139149
In bug 1436263, I added a cpp-virtual-final.yml linter to warn about virtual function declarations that included more than one virtual function specifier `virtual`, `final`, or `override`.
I think we should remove this linter now because:
* It's just a style check and doesn't diagnose a real bug. Including more than one virtual function specifier (`virtual`, `final`, or `override`) is harmless and unambiguous, just unnecessary extra code.
* It has caused some engineer frustration because this style check caused their changeset to be backed out of autoland. Backing out and fixing these style issues are not a good use of sheriffs' or engineers' time.
* It doesn't catch all virtual/final/override style issues because:
* It can't analyze virtual function definitions that span multiple lines.
* It doesn't check for `virtual void Foo() override` because there are over 6000 cases already, so our code will never follow this style check consistently.
Differential Revision: https://phabricator.services.mozilla.com/D139454
Before bug 1755415 build-clang.py was handling the integration of the
wasi compiler-rt, but that's not the case anymore. Now use the same
mechanism as for clang-13, with an additional repack.
While we're here, move the clang trunk task definition so that it
doesn't sit between two clang 13 tasks.
Differential Revision: https://phabricator.services.mozilla.com/D139326
This replaces all of the functions in gecko_taskgraph/util/taskcluster.py with
the ones from the vendored taskgraph if they are identical.
Differential Revision: https://phabricator.services.mozilla.com/D138458