Set up a network service bootstrap.

tools/gs.py

Index: tools/gs.py
diff --git a/tools/gs.py b/tools/gs.py
new file mode 100755
index 0000000000000000000000000000000000000000..65e6e438cdbe5329f7202b378af8aec9567cc7cd
--- /dev/null
+++ b/tools/gs.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+# Copyright 2015 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import os
+import subprocess
+import find_depot_tools
+
+def download_from_public_bucket(gs_path, output_path):
+  depot_tools_path = find_depot_tools.add_depot_tools_to_path()
+  gsutil_exe = os.path.join(depot_tools_path, "third_party", "gsutil", "gsutil")
+
+  # We're downloading from a public bucket which does not need authentication,
+  # but the user might have busted credential files somewhere such as ~/.boto
+  # that the gsutil script will try (and fail) to use. Setting these
+  # environment variables convinces gsutil not to attempt to use these, but
+  # also generates a useless warning about failing to load the file. We want
+  # to discard this warning but still preserve all output in the case of an
+  # actual failure. So, we run the script and capture all output and then
+  # throw the output away if the script succeeds (return code 0).
+  env = os.environ.copy()
+  env["AWS_CREDENTIAL_FILE"] = ""
+  env["BOTO_CONFIG"] = ""
+  try:
+    subprocess.check_output(
+        [gsutil_exe,
+         "--bypass_prodaccess",
+         "cp",
+         gs_path,
+         output_path],
+        stderr=subprocess.STDOUT,
+        env=env)
+  except subprocess.CalledProcessError as e:
+    print e.output
+    sys.exit(1)