commit cbc3e2d0e110107b5c064cfd8b54ecbfafc80265 Author: Isis Lovecruft <isis@torproject.org> Date: Tue Feb 10 22:14:02 2015 +0000 Fix Travis-CI build issue with group-writable PYTHON_EGG_CACHE dir. Travis-CI issue #1748 [0] was causing non-deterministic CI test failures, particularly in the lib/bridgedb/test/test_https.py integration tests which use the Python mechanize module to test the HTTPS server. [0] This is a known Python security issue, particularly for WSGI server setup. [2] [3] The fix is quite simple, just set the PYTHON_EGG_CACHE environment variable to something unique to each CI build and ensure that the PYTHON_EGG_CACHE directory exists. * FIXES issues with non-deterministic Travis-CI test failures due to a known security hole in shared Python .egg cache directories. [0]: https://github.com/travis-ci/travis-ci/issues/1748 [1]: https://travis-ci.org/isislovecruft/bridgedb/jobs/50169439#L1763 [2]: https://stackoverflow.com/questions/2192323/what-is-the-python-egg-cache-pyt... [3]: https://github.com/pypa/virtualenv/issues/459 --- .travis.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.travis.yml b/.travis.yml index 412622b..7e4f6f2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -26,6 +26,15 @@ addons: - bridges.torproject.org env: + global: + # Fixes Travis-CI issue #1748, which was causing non-deterministic CI test failures, + # particularly in the lib/bridgedb/test/test_https.py integration tests which use + # the Python mechanize module to test the HTTPS server. + # See https://github.com/travis-ci/travis-ci/issues/1748 + # https://travis-ci.org/isislovecruft/bridgedb/jobs/50169439#L1763 + # https://stackoverflow.com/questions/2192323/what-is-the-python-egg-cache-pyt... + # https://github.com/pypa/virtualenv/issues/459 + - PYTHON_EGG_CACHE="${HOME}/.python-eggs-$(echo $RANDOM$PPID$RANDOM | sha256sum | cut -d ' ' -f 1)" matrix: - TWISTED_VERSION=13.2.0 PYOPENSSL_VERSION=0.13.1 @@ -39,6 +48,7 @@ matrix: before_install: - sudo apt-get update + - mkdir $PYTHON_EGG_CACHE install: - sudo apt-get install -qq --no-install-suggests --no-install-recommends build-essential openssl sqlite3 libgpgme11 libgpgme11-dev python-dev python-setuptools