Update buildcache key index when we update the package index (#19117)

This changes makes sure that when we run the pipeline job that updates
the buildcache package index on the remote mirror, we also update the
key index.  The public keys corresponding to the signing keys used to
sign the package was pushed to the mirror as a part of creating the
buildcache index, so this is just ensuring those keys are reflected
in the key index.

Also, this change makes sure the "spack buildcache update-index"
job runs even when there may have been pipeline failures, since we
would like the index always to reflect the true state of the mirror.
This commit is contained in:
Scott Wittenburg 2020-10-02 11:00:42 -06:00 committed by GitHub
parent 0e8be35c25
commit a44135dccf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 59 additions and 3 deletions

View file

@ -400,6 +400,10 @@ def build_cache_relative_path():
return _build_cache_relative_path return _build_cache_relative_path
def build_cache_keys_relative_path():
return _build_cache_keys_relative_path
def build_cache_prefix(prefix): def build_cache_prefix(prefix):
return os.path.join(prefix, build_cache_relative_path()) return os.path.join(prefix, build_cache_relative_path())

View file

@ -806,9 +806,10 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file,
final_stage = 'stage-rebuild-index' final_stage = 'stage-rebuild-index'
final_job = { final_job = {
'stage': final_stage, 'stage': final_stage,
'script': 'spack buildcache update-index -d {0}'.format( 'script': 'spack buildcache update-index --keys -d {0}'.format(
mirror_urls[0]), mirror_urls[0]),
'tags': final_job_config['tags'] 'tags': final_job_config['tags'],
'when': 'always'
} }
if 'image' in final_job_config: if 'image' in final_job_config:
final_job['image'] = final_job_config['image'] final_job['image'] = final_job_config['image']

View file

@ -231,6 +231,9 @@ def setup_parser(subparser):
'update-index', help=buildcache_update_index.__doc__) 'update-index', help=buildcache_update_index.__doc__)
update_index.add_argument( update_index.add_argument(
'-d', '--mirror-url', default=None, help='Destination mirror url') '-d', '--mirror-url', default=None, help='Destination mirror url')
update_index.add_argument(
'-k', '--keys', default=False, action='store_true',
help='If provided, key index will be updated as well as package index')
update_index.set_defaults(func=buildcache_update_index) update_index.set_defaults(func=buildcache_update_index)
@ -777,6 +780,13 @@ def buildcache_update_index(args):
bindist.generate_package_index( bindist.generate_package_index(
url_util.join(outdir, bindist.build_cache_relative_path())) url_util.join(outdir, bindist.build_cache_relative_path()))
if args.keys:
keys_url = url_util.join(outdir,
bindist.build_cache_relative_path(),
bindist.build_cache_keys_relative_path())
bindist.generate_key_index(keys_url)
def buildcache(parser, args): def buildcache(parser, args):
if args.func: if args.func:

View file

@ -19,6 +19,9 @@
install = spack.main.SpackCommand('install') install = spack.main.SpackCommand('install')
env = spack.main.SpackCommand('env') env = spack.main.SpackCommand('env')
add = spack.main.SpackCommand('add') add = spack.main.SpackCommand('add')
gpg = spack.main.SpackCommand('gpg')
mirror = spack.main.SpackCommand('mirror')
uninstall = spack.main.SpackCommand('uninstall')
@pytest.fixture() @pytest.fixture()
@ -133,3 +136,41 @@ def test_buildcache_create_fail_on_perm_denied(
'--unsigned', 'trivial-install-test-package') '--unsigned', 'trivial-install-test-package')
assert error.value.errno == errno.EACCES assert error.value.errno == errno.EACCES
tmpdir.chmod(0o700) tmpdir.chmod(0o700)
@pytest.mark.skipif(not spack.util.gpg.has_gpg(),
reason='This test requires gpg')
def test_update_key_index(tmpdir, mutable_mock_env_path,
install_mockery, mock_packages, mock_fetch,
mock_stage, mock_gnupghome):
"""Test the update-index command with the --keys option"""
working_dir = tmpdir.join('working_dir')
mirror_dir = working_dir.join('mirror')
mirror_url = 'file://{0}'.format(mirror_dir.strpath)
mirror('add', 'test-mirror', mirror_url)
gpg('create', 'Test Signing Key', 'nobody@nowhere.com')
s = Spec('libdwarf').concretized()
# Install a package
install(s.name)
# Put installed package in the buildcache, which, because we're signing
# it, should result in the public key getting pushed to the buildcache
# as well.
buildcache('create', '-a', '-d', mirror_dir.strpath, s.name)
# Now make sure that when we pass the "--keys" argument to update-index
# it causes the index to get update.
buildcache('update-index', '--keys', '-d', mirror_dir.strpath)
key_dir_list = os.listdir(os.path.join(
mirror_dir.strpath, 'build_cache', '_pgp'))
uninstall('-y', s.name)
mirror('rm', 'test-mirror')
assert 'index.json' in key_dir_list

View file

@ -434,7 +434,7 @@ _spack_buildcache_copy() {
} }
_spack_buildcache_update_index() { _spack_buildcache_update_index() {
SPACK_COMPREPLY="-h --help -d --mirror-url" SPACK_COMPREPLY="-h --help -d --mirror-url -k --keys"
} }
_spack_cd() { _spack_cd() {