[bridgedb/develop] Fix Travis-CI build issue with group-writable PYTHON_EGG_CACHE dir. - tor-commits

11 Feb 2015

commit cbc3e2d0e110107b5c064cfd8b54ecbfafc80265
Author: Isis Lovecruft isis@torproject.org
Date:   Tue Feb 10 22:14:02 2015 +0000
Fix Travis-CI build issue with group-writable PYTHON_EGG_CACHE dir.
Travis-CI issue #1748 [0] was causing non-deterministic CI test
    failures, particularly in the lib/bridgedb/test/test_https.py
    integration tests which use the Python mechanize module to test the
    HTTPS server. [0]
This is a known Python security issue, particularly for WSGI server
    setup. [2] [3] The fix is quite simple, just set the PYTHON_EGG_CACHE
    environment variable to something unique to each CI build and ensure
    that the PYTHON_EGG_CACHE directory exists.
* FIXES issues with non-deterministic Travis-CI test failures due to a
       known security hole in shared Python .egg cache directories.
[0]: https://github.com/travis-ci/travis-ci/issues/1748
    [1]: https://travis-ci.org/isislovecruft/bridgedb/jobs/50169439#L1763
    [2]: https://stackoverflow.com/questions/2192323/what-is-the-python-egg-cache-pyt...
    [3]: https://github.com/pypa/virtualenv/issues/459
---
 .travis.yml |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 412622b..7e4f6f2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -26,6 +26,15 @@ addons:
     - bridges.torproject.org
env:
+  global:
+    # Fixes Travis-CI issue #1748, which was causing non-deterministic CI test failures,
+    # particularly in the lib/bridgedb/test/test_https.py integration tests which use
+    # the Python mechanize module to test the HTTPS server.
+    # See https://github.com/travis-ci/travis-ci/issues/1748
+    #     https://travis-ci.org/isislovecruft/bridgedb/jobs/50169439#L1763
+    #     https://stackoverflow.com/questions/2192323/what-is-the-python-egg-cache-pyt...
+    #     https://github.com/pypa/virtualenv/issues/459
+    - PYTHON_EGG_CACHE="${HOME}/.python-eggs-$(echo $RANDOM$PPID$RANDOM | sha256sum | cut -d ' ' -f 1)"
   matrix:
     - TWISTED_VERSION=13.2.0 PYOPENSSL_VERSION=0.13.1
@@ -39,6 +48,7 @@ matrix:
before_install:
   - sudo apt-get update
+  - mkdir $PYTHON_EGG_CACHE
install:
   - sudo apt-get install -qq --no-install-suggests --no-install-recommends build-essential openssl sqlite3 libgpgme11 libgpgme11-dev python-dev python-setuptools

    