MozillaSecurity · jschwartzentruber · Dec 11, 2023 · Dec 11, 2023
@@ -1,18 +1,16 @@
-#!/bin/sh
-set -e -x
+#!/usr/bin/env bash
+set -e -x -o pipefail
 PATH="$PWD/msys64/opt/node:$PATH"
 
 retry () {
   i=0
-  while [ "$i" -lt 9 ]
-  do
+  while [[ "$i" -lt 9 ]]; do
     "$@" && return
     sleep 30
     i="$((i+1))"
   done
   "$@"
 }
-retry_curl () { curl -sSL --connect-timeout 25 --fail --retry 5 -w "%{stderr}[downloaded %{url_effective}]\n" "$@"; }
 
 powershell -ExecutionPolicy Bypass -NoProfile -Command "Set-MpPreference -DisableScriptScanning \$true" || true
 powershell -ExecutionPolicy Bypass -NoProfile -Command "Set-MpPreference -DisableRealtimeMonitoring \$true" || true
@@ -32,11 +30,11 @@ ARTIFACT_DEST="$PWD/bugmon-artifacts"
 TC_ARTIFACT_ROOT="project/fuzzing/bugmon"
 
 CONFIRM_ARGS=""
-if [ -n "$FORCE_CONFIRM" ]; then
+if [[ -n "$FORCE_CONFIRM" ]]; then
   CONFIRM_ARGS="--force-confirm"
 fi
 
 bugmon-process \
   "$TC_ARTIFACT_ROOT/$MONITOR_ARTIFACT" \
   "$ARTIFACT_DEST/$PROCESSOR_ARTIFACT" \
-  $CONFIRM_ARGS >"$ARTIFACT_DEST/live.log" 2>&1
+  $CONFIRM_ARGS >"$ARTIFACT_DEST/live.log" 2>&1
@@ -11,7 +11,7 @@ COPY base/linux/etc/pip.conf /etc/pip.conf
 WORKDIR /root
 
 RUN retry () { i=0; while [ $i -lt 9 ]; do if "$@"; then return; else sleep 30; fi; i="$((i+1))"; done; "$@"; } \
-    && retry apk add --no-cache curl \
+    && retry apk add --no-cache bash curl \
     && retry pip install --disable-pip-version-check --no-cache-dir --progress-bar off fuzzfetch
 
 COPY services/coverage-revision/launch.sh /root/launch.sh

@@ -1,18 +1,15 @@
-#!/bin/sh
-set -e -x
-# store and kill self in pipeline
-# this emulates bash -o pipefail
-self=$$
+#!/usr/bin/env bash
+set -e -x -o pipefail
 
 DST="${DST-/coverage-revision.txt}"
 
-{ fuzzfetch --coverage --fuzzing -a --dry-run 2>&1 || kill $self; } | { tee /dev/stderr || kill $self; } | sed -n 's/.*> Changeset: \(.*\)/\1/p' > "$DST"
+fuzzfetch --coverage --fuzzing -a --dry-run 2>&1 | tee /dev/stderr | sed -n 's/.*> Changeset: \(.*\)/\1/p' > "$DST"
 
 # Validate that we got a proper revision
 
 ## Check that file isn't empty
-[ -s "$DST" ]
+[[ -s "$DST" ]]
 
 ## Download revision source so coverage tasks can fetch from here
-retry_curl () { curl -sSL --connect-timeout 25 --fail --retry 12 -w "%{stderr}[downloaded %{url_effective}]\n" "$@"; }
-retry_curl "https://hg.mozilla.org/mozilla-central/archive/$(cat "$DST").zip" -o /source.zip
+retry-curl () { curl -sSL --connect-timeout 25 --fail --retry 12 -w "%{stderr}[downloaded %{url_effective}]\n" "$@"; }
+retry-curl "https://hg.mozilla.org/mozilla-central/archive/$(cat "$DST").zip" -o /source.zip
@@ -1,22 +1,20 @@
-#!/bin/sh
-set -e -x
+#!/usr/bin/env bash
+set -e -x -o pipefail
 PATH="$PWD/msys64/opt/node:$PATH"
 
 retry () {
   i=0
-  while [ "$i" -lt 9 ]
-  do
+  while [[ "$i" -lt 9 ]]; do
     "$@" && return
     sleep 30
     i="$((i+1))"
   done
   "$@"
 }
-retry_curl () { curl -sSL --connect-timeout 25 --fail --retry 5 -w "%{stderr}[downloaded %{url_effective}]\n" "$@"; }
+retry-curl () { curl -sSL --connect-timeout 25 --fail --retry 5 -w "%{stderr}[downloaded %{url_effective}]\n" "$@"; }
 
 status () {
-  if [ -n "$TASKCLUSTER_FUZZING_POOL" ]
-  then
+  if [[ -n "$TASKCLUSTER_FUZZING_POOL" ]]; then
     python -m TaskStatusReporter --report "$@" || true
   fi
 }
@@ -25,7 +23,7 @@ powershell -ExecutionPolicy Bypass -NoProfile -Command "Set-MpPreference -Disabl
 powershell -ExecutionPolicy Bypass -NoProfile -Command "Set-MpPreference -DisableRealtimeMonitoring \$true" || true
 
 set +x
-retry_curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/google-logging-creds" | python -c "import json,sys;json.dump(json.load(sys.stdin)['secret']['key'],open('google_logging_creds.json','w'))"
+retry-curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/google-logging-creds" | python -c "import json,sys;json.dump(json.load(sys.stdin)['secret']['key'],open('google_logging_creds.json','w'))"
 set -x
 cat > td-agent-bit.conf << EOF
 [SERVICE]
@@ -80,7 +78,7 @@ retry pip install git+https://github.com/MozillaSecurity/FuzzManager
 
 # Get fuzzmanager configuration from TC
 set +x
-retry_curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/fuzzmanagerconf" | python -c "import json,sys;open('.fuzzmanagerconf','w').write(json.load(sys.stdin)['secret']['key'])"
+retry-curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/fuzzmanagerconf" | python -c "import json,sys;open('.fuzzmanagerconf','w').write(json.load(sys.stdin)['secret']['key'])"
 set -x
 
 # Update fuzzmanager config for this instance
@@ -101,7 +99,7 @@ status "Setup: cloning bearspray"
 # Get deployment key from TC
 mkdir -p .ssh
 set +x
-retry_curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/deploy-bearspray" | python -c "import json,sys;open('.ssh/id_ecdsa.bearspray','w',newline='\\n').write(json.load(sys.stdin)['secret']['key'])"
+retry-curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/deploy-bearspray" | python -c "import json,sys;open('.ssh/id_ecdsa.bearspray','w',newline='\\n').write(json.load(sys.stdin)['secret']['key'])"
 set -x
 
 cat << EOF >> .ssh/config
@@ -112,16 +110,15 @@ IdentitiesOnly yes
 IdentityFile $USERPROFILE\\.ssh\\id_ecdsa.bearspray
 EOF
 
-if [ "$ADAPTER" = "reducer" ]
-then
+if [[ "$ADAPTER" = "reducer" ]]; then
   ssh-keyscan github.com >> .ssh/known_hosts
 fi
 
 # Set up Google Cloud Logging creds
-if [ "$ADAPTER" != "reducer" ]; then
+if [[ "$ADAPTER" != "reducer" ]]; then
   mkdir -p "$APPDATA/gcloud"
   set +x
-  retry_curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/google-cloud-storage-creds" | python -c "import json,sys;json.dump(json.load(sys.stdin)['secret']['key'],open(r'$APPDATA/gcloud/application_default_credentials.json','w'))"
+  retry-curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/google-cloud-storage-creds" | python -c "import json,sys;json.dump(json.load(sys.stdin)['secret']['key'],open(r'$APPDATA/gcloud/application_default_credentials.json','w'))"
   set -x
 fi
 

@@ -1,27 +1,25 @@
-#!/bin/sh
-set -e -x
+#!/usr/bin/env bash
+set -e -x -o pipefail
 
 retry () {
   i=0
-  while [ "$i" -lt 9 ]
-  do
+  while [[ "$i" -lt 9 ]]; do
     "$@" && return
     sleep 30
     i="$((i+1))"
   done
   "$@"
 }
-retry_curl () { curl -sSL --connect-timeout 25 --fail --retry 5 -w "%{stderr}[downloaded %{url_effective}]\n" "$@"; }
+retry-curl () { curl -sSL --connect-timeout 25 --fail --retry 5 -w "%{stderr}[downloaded %{url_effective}]\n" "$@"; }
 
 status () {
-  if [ -n "$TASKCLUSTER_FUZZING_POOL" ]
-  then
+  if [[ -n "$TASKCLUSTER_FUZZING_POOL" ]]; then
     python -m TaskStatusReporter --report "$@" || true
   fi
 }
 
 set +x
-retry_curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/google-logging-creds" | python -c "import json,sys;json.dump(json.load(sys.stdin)['secret']['key'],open('google_logging_creds.json','w'))"
+retry-curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/google-logging-creds" | python -c "import json,sys;json.dump(json.load(sys.stdin)['secret']['key'],open('google_logging_creds.json','w'))"
 set -x
 cat > td-agent-bit.conf << EOF
 [SERVICE]
@@ -68,7 +66,7 @@ retry pip install git+https://github.com/MozillaSecurity/FuzzManager
 
 # Get fuzzmanager configuration from TC
 set +x
-retry_curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/fuzzmanagerconf-site-scout" | python -c "import json,sys;open('.fuzzmanagerconf','w').write(json.load(sys.stdin)['secret']['key'])"
+retry-curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/fuzzmanagerconf-site-scout" | python -c "import json,sys;open('.fuzzmanagerconf','w').write(json.load(sys.stdin)['secret']['key'])"
 set -x
 
 # Update fuzzmanager config for this instance
@@ -93,7 +91,7 @@ status "Setup: cloning site-scout-private"
 
 # Get deployment key from TC
 set +x
-retry_curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/deploy-site-scout-private" | python -c "import json,sys;open('.ssh/id_ecdsa.site-scout-private','w',newline='\\n').write(json.load(sys.stdin)['secret']['key'])"
+retry-curl "$TASKCLUSTER_PROXY_URL/secrets/v1/secret/project/fuzzing/deploy-site-scout-private" | python -c "import json,sys;open('.ssh/id_ecdsa.site-scout-private','w',newline='\\n').write(json.load(sys.stdin)['secret']['key'])"
 set -x
 cat << EOF >> .ssh/config