[tor-commits] [bridgedb/develop] Fix Travis-CI build issue with group-writable PYTHON_EGG_CACHE dir.

Wed Feb 11 01:10:46 UTC 2015

commit cbc3e2d0e110107b5c064cfd8b54ecbfafc80265
Author: Isis Lovecruft <isis at torproject.org>
Date:   Tue Feb 10 22:14:02 2015 +0000

    Fix Travis-CI build issue with group-writable PYTHON_EGG_CACHE dir.
    
    Travis-CI issue #1748 [0] was causing non-deterministic CI test
    failures, particularly in the lib/bridgedb/test/test_https.py
    integration tests which use the Python mechanize module to test the
    HTTPS server. [0]
    
    This is a known Python security issue, particularly for WSGI server
    setup. [2] [3] The fix is quite simple, just set the PYTHON_EGG_CACHE
    environment variable to something unique to each CI build and ensure
    that the PYTHON_EGG_CACHE directory exists.
    
     * FIXES issues with non-deterministic Travis-CI test failures due to a
       known security hole in shared Python .egg cache directories.
    
    [0]: https://github.com/travis-ci/travis-ci/issues/1748
    [1]: https://travis-ci.org/isislovecruft/bridgedb/jobs/50169439#L1763
    [2]: https://stackoverflow.com/questions/2192323/what-is-the-python-egg-cache-python-egg-cache
    [3]: https://github.com/pypa/virtualenv/issues/459
---
 .travis.yml |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 412622b..7e4f6f2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -26,6 +26,15 @@ addons:
     - bridges.torproject.org
 
 env:
+  global:
+    # Fixes Travis-CI issue #1748, which was causing non-deterministic CI test failures,
+    # particularly in the lib/bridgedb/test/test_https.py integration tests which use
+    # the Python mechanize module to test the HTTPS server.
+    # See https://github.com/travis-ci/travis-ci/issues/1748
+    #     https://travis-ci.org/isislovecruft/bridgedb/jobs/50169439#L1763
+    #     https://stackoverflow.com/questions/2192323/what-is-the-python-egg-cache-python-egg-cache
+    #     https://github.com/pypa/virtualenv/issues/459
+    - PYTHON_EGG_CACHE="${HOME}/.python-eggs-$(echo $RANDOM$PPID$RANDOM | sha256sum | cut -d ' ' -f 1)"
   matrix:
     - TWISTED_VERSION=13.2.0 PYOPENSSL_VERSION=0.13.1
 
@@ -39,6 +48,7 @@ matrix:
 
 before_install:
   - sudo apt-get update
+  - mkdir $PYTHON_EGG_CACHE
 
 install:
   - sudo apt-get install -qq --no-install-suggests --no-install-recommends build-essential openssl sqlite3 libgpgme11 libgpgme11-dev python-dev python-setuptools



