Update 17.2 from 17.0 #8087

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

rokonec merged 4 commits into dotnet:vs17.2 from Forgind:update-17.2-from-17.0

Nov 5, 2022

Contributor

Forgind commented Oct 24, 2022

Brings changes to the 17.0 branch into 17.2.

Nathan Mytelka and others added 4 commits

September 12, 2022 17:31


          Merged PR 422862: Make 17.0 official build pass

717116a


          Merged PR 413702: 17.0 prep work for finding user-specific temp path

b177f8f

On Linux, the default /tmp folder is shared across all users and accessible by them. There are some cases in which we put sensitive information in temp and assume it's fine because on Windows, it is. This doesn't actually fix that assumption, since we're currently waiting for a new API that will be introduced in .NET 7 that will make a folder with appropriate permissions. However, this PR changes all the issues Eric Erhardt identified such that they go through a single code path, so to fix the security issue afterwards just requires changing the one place in our code.

It did occur to me that we may not be able to use that API, in which case I can just write something to make a folder with a random name under temp then tweak its permissions.


          Merge branch 'vs17.0' of https://github.com/dotnet/msbuild into updat…

f1c3145

…e-17.2-from-17.0


          Fix yml file

f06bdda

rainersigwald approved these changes

View reviewed changes

Forgind added the merge-when-branch-open label

Contributor Author

Forgind commented Nov 2, 2022

Note: merge, not squash

Member

JaynieBai commented Nov 3, 2022

/azp run

azure-pipelines bot commented Nov 3, 2022

Azure Pipelines failed to run 1 pipeline(s).

Member

rokonec commented Nov 3, 2022

/azp run

azure-pipelines bot commented Nov 3, 2022

Azure Pipelines failed to run 1 pipeline(s).

Member

rokonec commented Nov 3, 2022

/azp run

1 similar comment

Member

rokonec commented Nov 3, 2022

/azp run

azure-pipelines bot commented Nov 3, 2022

Azure Pipelines failed to run 1 pipeline(s).

Member

rokonec commented Nov 3, 2022

/azp run

azure-pipelines bot commented Nov 3, 2022

Azure Pipelines failed to run 1 pipeline(s).

Member

rokonec commented Nov 3, 2022

/azp run

azure-pipelines bot commented Nov 3, 2022

Azure Pipelines failed to run 1 pipeline(s).

Member

rainersigwald commented Nov 3, 2022

@Forgind can you update the build definition away from NetCore1ESPool-Public to the new guidance? We might need an Arcade update in 17.2.

Contributor Author

Forgind commented Nov 3, 2022

The only reference to NetCore1ESPool-Public seems to be in source-build.yml; can you explain how that's connected to azp not running? I also see a lot of NetCore1ESPool-Internal, so do you just mean switching Public to Internal there?

Member

rainersigwald commented Nov 4, 2022

The only reference to NetCore1ESPool-Public seems to be in source-build.yml; can you explain how that's connected to azp not running?

Sure! One of the first things Azure DevOps does when trying to start a job is parse its definition, including expanding all of the "templates" that go into it. source-build.yml is referenced by our PR build definition here:

msbuild/.vsts-dotnet-ci.yml

Lines 231 to 235 in 038f9ba

    
           - template: /eng/common/templates/job/source-build.yml 
        
             parameters: 
        
               platform: 
        
                 name: 'Managed' 
        
                 container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-7-3e800f1-20190501005343'

So it gets pulled into that. The next thing AzDO does is try to find all the pools referenced by the different jobs, so it can start finding machines to execute on. That step fails, producing errors like the one here https://dev.azure.com/dnceng-public/public/_build/results?buildId=72153&view=results

The pipeline is not valid. Could not find a pool with name NetCore1ESPool-Public. The pool does not exist or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz.

That error can happen for two reasons, that it kinda hints at: either the pool really doesn't exist, or the pipeline doesn't have authorization to use it. In this case, it's the former, because the pool names changed because of some policy stuff that we were told about via email.

I also see a lot of NetCore1ESPool-Internal, so do you just mean switching Public to Internal there?

I do not! We should follow the migration guidance, but in this case the file is in eng/common/ and owned by Arcade, so as I mentioned I suspect taking an Arcade update in the vs17.2 branch is likely the best path.

Contributor Author

Forgind commented Nov 4, 2022

That was a great explanation, thanks! I'll probably refer back to this at some point.

And it looks like you were spot on with the arcade update. I triggered an arcade update (and set darc up to check for arcade updates for 17.2 on a regular basis), and it did indeed change the pool (among other changes) and not to NetCore1ESPool-Internal. I imagine we can merge the arcade update, then pull it into this PR, and we'll be good.

Member

rokonec commented Nov 5, 2022

/azp run

azure-pipelines bot commented Nov 5, 2022

Azure Pipelines successfully started running 1 pipeline(s).

rokonec merged commit 7e54ae0 into dotnet:vs17.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-when-branch-open