Merge "Add a broad warning about missing LOAS creds"
diff --git a/cmd/soong_ui/main.go b/cmd/soong_ui/main.go
index a03a86a..16f994d 100644
--- a/cmd/soong_ui/main.go
+++ b/cmd/soong_ui/main.go
@@ -221,6 +221,7 @@
}
defer build.UploadMetrics(buildCtx, config, c.simpleOutput, buildStarted, files...)
defer met.Dump(soongMetricsFile)
+ defer build.CheckProdCreds(buildCtx, config)
}
// Read the time at the starting point.
diff --git a/ui/build/config.go b/ui/build/config.go
index 59b01b3..8874209 100644
--- a/ui/build/config.go
+++ b/ui/build/config.go
@@ -1242,10 +1242,40 @@
return "", fmt.Errorf("cannot generate a proxy socket address shorter than the limit of %v", maxNameLen)
}
+// IsGooglerEnvironment returns true if the current build is running
+// on a Google developer machine and false otherwise.
+func (c *configImpl) IsGooglerEnvironment() bool {
+ cf := "ANDROID_BUILD_ENVIRONMENT_CONFIG"
+ if v, ok := c.environ.Get(cf); ok {
+ return v == "googler"
+ }
+ return false
+}
+
+// GoogleProdCredsExist determine whether credentials exist on the
+// Googler machine to use remote execution.
+func (c *configImpl) GoogleProdCredsExist() bool {
+ if _, err := exec.Command("/usr/bin/prodcertstatus", "--simple_output", "--nocheck_loas").Output(); err != nil {
+ return false
+ }
+ return true
+}
+
+// UseRemoteBuild indicates whether to use a remote build acceleration system
+// to speed up the build.
func (c *configImpl) UseRemoteBuild() bool {
return c.UseGoma() || c.UseRBE()
}
+// StubbyExists checks whether the stubby binary exists on the machine running
+// the build.
+func (c *configImpl) StubbyExists() bool {
+ if _, err := exec.LookPath("stubby"); err != nil {
+ return false
+ }
+ return true
+}
+
// RemoteParallel controls how many remote jobs (i.e., commands which contain
// gomacc) are run in parallel. Note the parallelism of all other jobs is
// still limited by Parallel()
diff --git a/ui/build/rbe.go b/ui/build/rbe.go
index 3e558f7..82fc15f 100644
--- a/ui/build/rbe.go
+++ b/ui/build/rbe.go
@@ -19,6 +19,7 @@
"os"
"path/filepath"
"runtime"
+ "strings"
"android/soong/ui/metrics"
)
@@ -126,6 +127,34 @@
}
}
+func prodCredsAuthType(config Config) bool {
+ authVar, val := config.rbeAuth()
+ if strings.Contains(authVar, "use_google_prod_creds") && val != "" && val != "false" {
+ return true
+ }
+ return false
+}
+
+// Check whether proper auth exists for RBE builds run within a
+// Google dev environment.
+func CheckProdCreds(ctx Context, config Config) {
+ if !config.IsGooglerEnvironment() {
+ return
+ }
+ if !config.StubbyExists() && prodCredsAuthType(config) {
+ fmt.Fprintln(ctx.Writer, "")
+ fmt.Fprintln(ctx.Writer, fmt.Sprintf("\033[33mWARNING: %q binary not found in $PATH, follow go/build-fast#opting-out-of-loas-credentials instead for authenticating with RBE.\033[0m", "stubby"))
+ fmt.Fprintln(ctx.Writer, "")
+ return
+ }
+ if config.GoogleProdCredsExist() {
+ return
+ }
+ fmt.Fprintln(ctx.Writer, "")
+ fmt.Fprintln(ctx.Writer, "\033[33mWARNING: Missing LOAS credentials, please run `gcert`. This will result in failing builds in the future, see go/rbe-android-default-announcement.\033[0m")
+ fmt.Fprintln(ctx.Writer, "")
+}
+
// DumpRBEMetrics creates a metrics protobuf file containing RBE related metrics.
// The protobuf file is created if RBE is enabled and the proxy service has
// started. The proxy service is shutdown in order to dump the RBE metrics to the