eb832b2a32
Currently mirrors are stored in the rust-lang-ci2 S3 bucket along with CI toolchains. This is problematic for multiple reasons: - CI IAM credentials are allowed to both edit and delete those files. A malicious user gaining access to those credentials would be able to change our mirrored dependencies, possibly backdooring the compiler. - Contents of the rust-lang-ci2 bucket are disposable except for the mirrors' content. When we implement backups for S3 buckets we'd have to replicate just that part of the bucket, complicating the backup logic and increasing the chance of mistakes. A standalone bucket will be way easier to backup. This commit switches our CI to use the new rust-lang-ci-mirrors bucket.
35 lines
1.1 KiB
Bash
Executable file
35 lines
1.1 KiB
Bash
Executable file
#!/bin/bash
|
|
# This script downloads and installs awscli from the packages mirrored in our
|
|
# own S3 bucket. This follows the recommendations at:
|
|
#
|
|
# https://packaging.python.org/guides/index-mirrors-and-caches/#caching-with-pip
|
|
#
|
|
# To create a new mirrored copy you can run the command:
|
|
#
|
|
# pip wheel awscli
|
|
#
|
|
# Before compressing please make sure all the wheels end with `-none-any.whl`.
|
|
# If that's not the case you'll need to remove the non-cross-platform ones and
|
|
# replace them with the .tar.gz downloaded from https://pypi.org. Also make
|
|
# sure it's possible to call this script with both Python 2 and Python 3.
|
|
|
|
set -euo pipefail
|
|
IFS=$'\n\t'
|
|
|
|
MIRROR="https://rust-lang-ci-mirrors.s3-us-west-1.amazonaws.com/rustc/2019-07-27-awscli.tar"
|
|
DEPS_DIR="/tmp/awscli-deps"
|
|
|
|
pip="pip"
|
|
pipflags=""
|
|
if [[ "${AGENT_OS}" == "Linux" ]]; then
|
|
pip="pip3"
|
|
pipflags="--user"
|
|
|
|
sudo apt-get install -y python3-setuptools
|
|
echo "##vso[task.prependpath]$HOME/.local/bin"
|
|
fi
|
|
|
|
mkdir -p "${DEPS_DIR}"
|
|
curl "${MIRROR}" | tar xf - -C "${DEPS_DIR}"
|
|
"${pip}" install ${pipflags} --no-index "--find-links=${DEPS_DIR}" awscli
|
|
rm -rf "${DEPS_DIR}"
|