This reverts commit 6da6aecbb4.
Reason for revert: Breaks official chrome release.
Original change's description:
> git-cl: make SetReview ReAuth capable
>
> This CL changes SetReview to be ReAuth capable.
>
> This is a potential breaking change if an downstream script relies on
> gerrit_util.SetReview but hasn't implemented ReAuth.
>
> If this caused breakage, please refer to https://chromium.googlesource.com/chromium/src.git/+/HEAD/docs/gerrit_reauth.md#Troubleshooting for troubleshooting instructions.
>
> If the above doesn't work, please report a bug, then add `LUCI_BYPASS_REAUTH=1` to the environment to disable ReAuth for now.
>
> Bug: 442666611
> Change-Id: I7724f15f166f9975fc88be5d8e1c93be4e1ec302
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6939308
> Reviewed-by: Allen Li <ayatane@chromium.org>
> Reviewed-by: Scott Lee <ddoman@chromium.org>
> Commit-Queue: Jiewei Qian <qjw@chromium.org>
Bug: 442666611
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I7b7e769b5a8011d45e976e471d0f2e43f186e0c6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6955930
Commit-Queue: Alex Kravchuk <alexanderkr@google.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Ben Mason <benmason@chromium.org>
This CL changes SetReview to be ReAuth capable.
This is a potential breaking change if an downstream script relies on
gerrit_util.SetReview but hasn't implemented ReAuth.
If this caused breakage, please refer to https://chromium.googlesource.com/chromium/src.git/+/HEAD/docs/gerrit_reauth.md#Troubleshooting for troubleshooting instructions.
If the above doesn't work, please report a bug, then add `LUCI_BYPASS_REAUTH=1` to the environment to disable ReAuth for now.
Bug: 442666611
Change-Id: I7724f15f166f9975fc88be5d8e1c93be4e1ec302
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6939308
Reviewed-by: Allen Li <ayatane@chromium.org>
Reviewed-by: Scott Lee <ddoman@chromium.org>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
git cl format uses `git diff -U0` when it has to find the files
and ranges to format. Similarly, CiderG generates diffs with
-U0 and run presubmits for the checks.
However, the scm.py:GenerateDiff(), which CheckPatchFormatted() uses,
doesn't specify -U and it defaults to -U3.
This CL updates CheckPatchFormatted() to pass -U0 to
scm.py:GenerateDiff() so that Presubmit and git cl format are
always given diffs generated with -U0.
Bug: 386840832
Change-Id: I19479ab139b7dba8ba4e5e5fed89eca4d2e66412
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6952890
Auto-Submit: Scott Lee <ddoman@chromium.org>
Commit-Queue: Brian Ryner <bryner@google.com>
Commit-Queue: Scott Lee <ddoman@chromium.org>
Reviewed-by: Brian Ryner <bryner@google.com>
This CL makes it possible to create HttpConn RPC calls with ReAuth
credential.
Callers can specify whether they want to fail when ReAuth token isn't
available, or fallback to access token.
Bug: 442666611
Change-Id: I748a01634eea8ebe321779c8ae4f52d7beed3407
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6938952
Commit-Queue: Jiewei Qian <qjw@chromium.org>
Reviewed-by: Scott Lee <ddoman@chromium.org>
Reviewed-by: Allen Li <ayatane@chromium.org>
This CL adds ReAuth support to GerritAuthenticator. ReAuth token can be
obtained with a new get_authorization_header() call.
The task of obtaining such a token is delegated to different
authenticators to check if ReAuth is necessary, and if the existing
authentication token already satisfies ReAuth requirements.
Bug: 442666611
Change-Id: Ic661b868f1c61c653de0da43eb784ad5938342f2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6914237
Reviewed-by: Scott Lee <ddoman@chromium.org>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
Reviewed-by: Allen Li <ayatane@chromium.org>
Historically, git_cl.py and presubmit_support.py generated diffs
inconsistently.
==== git_cl.py ====
1) git_cl.py:_RunClangFormatDiff() assumed the input diff was
generated with --no-prefix. Therefore, it hard-coded -p0 as a param
for clang_format_diff.py. If the diff was generated without --no-prefix,
it would have to pass -p1 instead.
2) git_cl.py _RunYapf() and _RunGoogleJavaFormat assumed that
the input diff was generated with prefixes. Therefore,
it parsed the diffs, assuming that the diff was generated with
a/ and b/ prefixes.
This discrepancy wasn't an issue because each of the Run functions
generated and consumed the diffs within themselves. It became an issue
when https://crrev.com/c/6931775 was developed. The CL consolidated
the diff generation into a common function, so that all _Run functions
need to agree with the presence of the prefixes.
The CL changed _RunClangFormatDiff() to use -p1 instead of -p0,
mainly because
- it's the p level for the default git-diff option
- it's the p level for the unix diff util
- CiderG Chromium also generates the diff with the prefixes to
emulate the default diff output.
- I highly believe that --no-prefix was chosen for no reasons.
It seems to be a random choice to work with -p0.
- Either Java/Python or Clang wrapper should be changed.
==== presubmit_support.py ====
presubmit_support.py can be given a diff_file via --diff_file.
Otherwise, it generates the diff based on --upstream_commit.
a) it doesn't enforce the presence of the prefixes in the input
diff_file. As stated above, the Chromium extension generates
a diff with prefixes.
b) in contrast, when it is not given --diff_file, it generates
the diff with --no-prefix, and I don't find any reasons for it.
I believe that it's from a copy-pasted random choice.
==== the problem ====
This discarepancy became a problem, when crrev.com/c/6937365
was landed. It enforces git_cl.py and presubmit_support.py to agree
for the format of the input diff. That is, the presence of
the prefixes must be agreed by all the following.
- presubmit_support.py with --diff_file /tmp/abc
- presubmit_suppory.py without --diff_file /tmp/abc
- git cl format
- git cl format --input_diff_file /tmp/abc
==== possible solutions ====
Obviously, there are 3 choices.
1) update the regex and parsers of git_cl.py to auto detect the best
-p{num}.
This was the least preferred option, as it can be fragile.
2) update Chromium extension and git_cl.py to use --no-prefix.
i.e.,
- update the Chromium CiderG to generate diffs without the prefix.
- update the regex used in _ComputeFormatDiffLineRanges() to assume
that the input is generated with --no-prefix.
- change _RunClangFormatDiff() to pass -p0 instead of -p1.
3) update presubmit_support.py to generate diff without --no-prefix.
==== What this CL does ====
It implements (3).
- That is the default option for git-diff.
- I don't find obvious reasons to use --no-prefix.
- CiderG has been generating diffs with prefixes for weeks.
- It implies that presubmit_support.py works fine with a prefixed diff.
Bug: 386840832
Change-Id: Iac8a4fc30f101e70e3ccc56f9f8ee48198dfa833
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6939737
Commit-Queue: Scott Lee <ddoman@chromium.org>
Reviewed-by: Gavin Mak <gavinmak@google.com>
This reverts commit 4689d66abf.
Reason for revert: causing issues in b/386840832
Original change's description:
> presubmit: update CheckPatchFormatted to pass --input_diff_file
>
> Once devs update depot_tools, this will take effect in both
> terminal and CiderG
>
> TESTED: http://go/scrcast/NjM1MzE5NDc4NjQ4ODMyMHxmMzc3NGVlZi03Yg
> Bug: 386840832
> Change-Id: Ibb8f74bffd662eb330f61b9e82bcd75c09bbc232
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6937365
> Commit-Queue: Scott Lee <ddoman@chromium.org>
> Reviewed-by: Gavin Mak <gavinmak@google.com>
Bug: 386840832
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I0bb79952aab4e0fa29607c79ea14f13f2a2a7bb3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6939736
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Scott Lee <ddoman@chromium.org>
This makes the formatter runners to be git-free if --input_diff_file
is given. They still run `git diff`, if --diff is given. However,
for the purpose of making the presubmit check for format verification
git-free, it's ok as --diff is not used by the presubmit check.
Bug: 386840832
Change-Id: If5ab68fa4e2fec1aafa22e15ddeabb744993342b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6931775
Commit-Queue: Scott Lee <ddoman@chromium.org>
Reviewed-by: Gavin Mak <gavinmak@google.com>
If the option is given, git cl format uses the input diff file to
determine the files and sections to format instead of git-diff.
The intended use case is to remove git dependencies in case
presubmit_support.py is executed with a diff file and it calls
presubmit_canned_checks.CheckPatchFormatted().
Bug: 386840832
Change-Id: Ia1eacd1bdb81731e07753df19ebf1d2470c9f1aa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6912693
Reviewed-by: Gavin Mak <gavinmak@google.com>
Commit-Queue: Scott Lee <ddoman@chromium.org>
Disable interactive authentication so that git won't prompt for username
/ password when the LUCI access token or ReAuth token expired.
Bug: 443632112
Change-Id: Ie347042178facd113df0d96b1909097cebdbb400
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6918922
Reviewed-by: Allen Li <ayatane@chromium.org>
Reviewed-by: Scott Lee <ddoman@chromium.org>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
The warning message for missing autoroll exception link was not
correctly interpolating `self._name` because it was missing the `f`
prefix.
Bug:b/442963176
Change-Id: I0dfaf8aa3d1238ebbbd9bb097be53e18daa1916c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6915079
Auto-Submit: Jordan Brown <rop@google.com>
Reviewed-by: Andrew Mitchell <mitchella@google.com>
Commit-Queue: Andrew Mitchell <mitchella@google.com>
This improves our alignment of vuln scan sufficiency with the scanners
we are using, based on the data extracted from README.chromium files.
Other package managers are being covered based on their manifest files.
This change splits "sufficient:URL and Version" into:
* "sufficient:Git URL and Version"; and
* "sufficient:Package Manager URL and Version"
Bug: 438384047
Change-Id: Ia3262b93092cad40e60243158e437f65a04e1916
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6905113
Reviewed-by: Anne Redulla <aredulla@google.com>
Commit-Queue: Jordan Brown <rop@google.com>
if build/config/siso/.sisorc exists, it will add global flags
or subcmd flags.
global flags is line starting with "-"
e.g.
--credential_helper=gcloud
subcmd flags are line starting with subcmd name.
e.g.
ninja --verbose_failures=false -k=0
Bug: b/269554009
Change-Id: I4691b9e17571721dd5b70f6ffb063e2d2f0ac4e3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6910278
Reviewed-by: Scott Lee <ddoman@chromium.org>
Reviewed-by: Philipp Wollermann <philwo@google.com>
Commit-Queue: Fumitoshi Ukai <ukai@google.com>
Reviewed-by: Takuto Ikuta <tikuta@chromium.org>
This moves the handling to the same level as
`raise GitLoginRequiredError()` so we can check for other exit codes
and raise other errors.
Bug: 442666611
Change-Id: Idbb34d6549b47b715bf59d6720362293d5c28039
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6912689
Commit-Queue: Allen Li <ayatane@chromium.org>
Reviewed-by: Gavin Mak <gavinmak@google.com>
depot_tools doesn't know how to use git-credential-luci properly for
ReAuth. For now, explicitly disable it so it doesn't break. Future
changes will modify depot_tools so it can use ReAuth properly for the
Gerrit RPCs that need it.
Bug: 442666611
Change-Id: I77847527d1bb42a2bab8d287bc853a7a5be0b867
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6908321
Commit-Queue: Allen Li <ayatane@chromium.org>
Reviewed-by: Gavin Mak <gavinmak@google.com>
Reviewed-by: Jiewei Qian <qjw@chromium.org>
gclient_paths.GetPrimarySolutionPath() finds primary
solution path from current directory, so it would fail
if it is invoked from outside of workspace.
Pass directory to gclient_paths.GetPrimarySolutionPath
so it could find workspace correctly if it is invoked
ninja outside of workspace.
Bug: 441240584
Change-Id: I873f7883873e143ec8a64ee0e636042ac2336a2a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6898614
Auto-Submit: Fumitoshi Ukai <ukai@google.com>
Reviewed-by: Scott Lee <ddoman@chromium.org>
Commit-Queue: Scott Lee <ddoman@chromium.org>
Reviewed-by: Takuto Ikuta <tikuta@chromium.org>
* Centralised CPE/Version checking to reuse logic.
* Basic check that a url contains git, googlesource, or 'bitbucket etc to indicate it's a clonable url which is required to count as sufficient.
This brings the category closely in alignment with AutoVM, removing 100
dependencies, all of which did not have vulnerability cover.
Bug:b/438384047
Change-Id: I7483f20a177670ad1d6571ffcc2545c0faddd892
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6904943
Commit-Queue: Jordan Brown <rop@google.com>
Auto-Submit: Jordan Brown <rop@google.com>
Reviewed-by: Anne Redulla <aredulla@google.com>
This change introduces a new validation rule: if a `CPEPrefix` is
provided but does not contain a version component, the `Version` field
must be present in the metadata. A helper function
`has_version_component` is added to `cpe_prefix.py` to check for a
version within a CPE string. Tests are added to cover the new validation
logic and the `has_version_component` function.
Bug: 438383649
Change-Id: I69938959316051d31f7fec32c5293d2c4c1a8e2a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6898421
Reviewed-by: Jiewei Qian <qjw@chromium.org>
Commit-Queue: Jordan Brown <rop@google.com>
This CL rolls git-credential-luci (GCL) to default enable ReAuth after
addressing a few CLI UX issues.
Warnings and errors now include troubleshoot instructions, and a "I want
to unblock myself" escape hatch.
If things break and can't be bypassed by setting `LUCI_BYPASS_REAUTH`
environment var, please revert this CL.
Bug: 438584121
Change-Id: I3731cecb3b09cc0392b2890a764e351a41cabdc7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6896061
Reviewed-by: Chenlin Fan <fancl@chromium.org>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
This check is making any script which runs `git cl presubmit` locally fail.
In particular, `jj upload` runs `git cl presubmit`, and then uploads
only if it succeeds (we cannot run `git cl upload`, because that can
specifically only upload the currently checked out commit).
According to the bug I linked, "I think that historically it was possible
for developers to try to commit directly from their Chromium repo,
without uploading, and this aims to stop that. It also warns users that
their change has not been uploaded. Whether it still needs to be an
error is not clear, but I'm not sure it's causing any problems so I'm
inclined to leave it."
To sum things up:
* Since presubmits can be bypassed, this is not a security measure
* These days I don't believe you can commit directly from your chromium
repo
* It's now starting to cause problems.
Bug: 40253731
Change-Id: I0d83fa68d0e65dcdd8932c7d3053750dcc16d3fb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6875404
Reviewed-by: Scott Lee <ddoman@chromium.org>
Commit-Queue: Matt Stark <msta@google.com>
This fixes the copy-paste error with the _from_id and _from_build_number
versions of get_build. It also adds support for getting try results
from a URL, not just the current checked out version.
Bug: None
Change-Id: I1e076c5c461c346f5864eda068a6552237f5691f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6890424
Reviewed-by: Brian Sheedy <bsheedy@chromium.org>
Commit-Queue: Struan Shrimpton <sshrimp@google.com>
Auto-Submit: Struan Shrimpton <sshrimp@google.com>
Jacek Dobrowolski
Jiewei Qian
Scott Lee
recipe-roller
Ergun Erdogmus
Benedikt Meurer
Gregg Tavares
Allen Li
Jordan Brown
Fumitoshi Ukai
Matt Stark
Struan Shrimpton