Bug 1286799 - mozboot: Use requests to download rustup manifest. r?gps draft
authorRalph Giles <giles@mozilla.com>
Fri, 18 Nov 2016 13:02:25 -0800
changeset 442191 d03baa9c20d4049bcb9483d0f23dab8db800327f
parent 442190 3d58caa72b32cdeaf4c830c260b301ebb2b566de
child 442192 ed30cd49efb39e75c5091b32b280f115827b0c22
push id36622
push userbmo:giles@thaumas.net
push dateTue, 22 Nov 2016 01:00:21 +0000
reviewersgps
bugs1286799
milestone53.0a1
Bug 1286799 - mozboot: Use requests to download rustup manifest. r?gps Python urllib2 doesn't validate https origins in all versions. During actual bootstrap the static hash values act as an out-of-bound validatation channel. However, that doesn't help when doing the initial download and hash generation when invoked as `python rust.py [--update]`. Fortunately we don't expect to be called this way in standalone mode, so we can use the in-tree requests module to fetch things properly. MozReview-Commit-ID: KZTtIXDfWTB
python/mozboot/mozboot/rust.py
--- a/python/mozboot/mozboot/rust.py
+++ b/python/mozboot/mozboot/rust.py
@@ -102,25 +102,21 @@ def rustup_latest_version():
                 print('ERROR: Unknown manifest schema %s' % value)
                 sys.exit(1)
         elif key == 'version':
             return unquote(value)
     return None
 
 def http_download_and_hash(url):
     import hashlib
-    import urllib2
-    f = urllib2.urlopen(url)
+    import requests
     h = hashlib.sha256()
-    while True:
-        data = f.read(4096)
-        if data:
-            h.update(data)
-        else:
-            break
+    r = requests.get(url, stream=True)
+    for data in r.iter_content(4096):
+        h.update(data)
     return h.hexdigest()
 
 def make_checksums(version, validate=False):
     hashes = []
     for platform in RUSTUP_HASHES.keys():
         if validate:
             print('Checking %s... ' % platform, end='')
         else:
@@ -136,16 +132,24 @@ def make_checksums(version, validate=Fal
 
 if __name__ == '__main__':
     '''Allow invoking the module as a utility to update checksums.'''
 
     # Unbuffer stdout so our two-part 'Checking...' messages print correctly
     # even if there's network delay.
     sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0)
 
+    # Hook the requests module from the greater source tree. We can't import
+    # this at the module level since we might be imported into the bootstrap
+    # script in standalone mode.
+    #
+    # This module is necessary for correct https certificate verification.
+    mod_path = os.path.dirname(__file__)
+    sys.path.insert(0, os.path.join(mod_path, '..', '..', 'requests'))
+
     update = False
     if len(sys.argv) > 1:
         if sys.argv[1] == '--update':
             update = True
         else:
             print(USAGE)
             sys.exit(1)