diff --git a/cmd/soong_ui/main.go b/cmd/soong_ui/main.go index a03a86a49..16f994d55 100644 --- a/cmd/soong_ui/main.go +++ b/cmd/soong_ui/main.go @@ -221,6 +221,7 @@ func main() { } defer build.UploadMetrics(buildCtx, config, c.simpleOutput, buildStarted, files...) defer met.Dump(soongMetricsFile) + defer build.CheckProdCreds(buildCtx, config) } // Read the time at the starting point. diff --git a/ui/build/config.go b/ui/build/config.go index 59b01b30e..887420904 100644 --- a/ui/build/config.go +++ b/ui/build/config.go @@ -1242,10 +1242,40 @@ func (c *configImpl) rbeSockAddr(dir string) (string, error) { return "", fmt.Errorf("cannot generate a proxy socket address shorter than the limit of %v", maxNameLen) } +// IsGooglerEnvironment returns true if the current build is running +// on a Google developer machine and false otherwise. +func (c *configImpl) IsGooglerEnvironment() bool { + cf := "ANDROID_BUILD_ENVIRONMENT_CONFIG" + if v, ok := c.environ.Get(cf); ok { + return v == "googler" + } + return false +} + +// GoogleProdCredsExist determine whether credentials exist on the +// Googler machine to use remote execution. +func (c *configImpl) GoogleProdCredsExist() bool { + if _, err := exec.Command("/usr/bin/prodcertstatus", "--simple_output", "--nocheck_loas").Output(); err != nil { + return false + } + return true +} + +// UseRemoteBuild indicates whether to use a remote build acceleration system +// to speed up the build. func (c *configImpl) UseRemoteBuild() bool { return c.UseGoma() || c.UseRBE() } +// StubbyExists checks whether the stubby binary exists on the machine running +// the build. +func (c *configImpl) StubbyExists() bool { + if _, err := exec.LookPath("stubby"); err != nil { + return false + } + return true +} + // RemoteParallel controls how many remote jobs (i.e., commands which contain // gomacc) are run in parallel. Note the parallelism of all other jobs is // still limited by Parallel() diff --git a/ui/build/rbe.go b/ui/build/rbe.go index 3e558f738..82fc15f91 100644 --- a/ui/build/rbe.go +++ b/ui/build/rbe.go @@ -19,6 +19,7 @@ import ( "os" "path/filepath" "runtime" + "strings" "android/soong/ui/metrics" ) @@ -126,6 +127,34 @@ func stopRBE(ctx Context, config Config) { } } +func prodCredsAuthType(config Config) bool { + authVar, val := config.rbeAuth() + if strings.Contains(authVar, "use_google_prod_creds") && val != "" && val != "false" { + return true + } + return false +} + +// Check whether proper auth exists for RBE builds run within a +// Google dev environment. +func CheckProdCreds(ctx Context, config Config) { + if !config.IsGooglerEnvironment() { + return + } + if !config.StubbyExists() && prodCredsAuthType(config) { + fmt.Fprintln(ctx.Writer, "") + fmt.Fprintln(ctx.Writer, fmt.Sprintf("\033[33mWARNING: %q binary not found in $PATH, follow go/build-fast#opting-out-of-loas-credentials instead for authenticating with RBE.\033[0m", "stubby")) + fmt.Fprintln(ctx.Writer, "") + return + } + if config.GoogleProdCredsExist() { + return + } + fmt.Fprintln(ctx.Writer, "") + fmt.Fprintln(ctx.Writer, "\033[33mWARNING: Missing LOAS credentials, please run `gcert`. This will result in failing builds in the future, see go/rbe-android-default-announcement.\033[0m") + fmt.Fprintln(ctx.Writer, "") +} + // DumpRBEMetrics creates a metrics protobuf file containing RBE related metrics. // The protobuf file is created if RBE is enabled and the proxy service has // started. The proxy service is shutdown in order to dump the RBE metrics to the