Bug 1286799 - mozboot: Use requests to download rustup manifest. r?gps
Python urllib2 doesn't validate https origins in all versions.
During actual bootstrap the static hash values act as an out-of-bound
validatation channel.
However, that doesn't help when doing the initial download and hash
generation when invoked as `python rust.py [--update]`. Fortunately
we don't expect to be called this way in standalone mode, so we can
use the in-tree requests module to fetch things properly.
MozReview-Commit-ID: KZTtIXDfWTB
--- a/python/mozboot/mozboot/rust.py
+++ b/python/mozboot/mozboot/rust.py
@@ -102,25 +102,21 @@ def rustup_latest_version():
print('ERROR: Unknown manifest schema %s' % value)
sys.exit(1)
elif key == 'version':
return unquote(value)
return None
def http_download_and_hash(url):
import hashlib
- import urllib2
- f = urllib2.urlopen(url)
+ import requests
h = hashlib.sha256()
- while True:
- data = f.read(4096)
- if data:
- h.update(data)
- else:
- break
+ r = requests.get(url, stream=True)
+ for data in r.iter_content(4096):
+ h.update(data)
return h.hexdigest()
def make_checksums(version, validate=False):
hashes = []
for platform in RUSTUP_HASHES.keys():
if validate:
print('Checking %s... ' % platform, end='')
else:
@@ -136,16 +132,24 @@ def make_checksums(version, validate=Fal
if __name__ == '__main__':
'''Allow invoking the module as a utility to update checksums.'''
# Unbuffer stdout so our two-part 'Checking...' messages print correctly
# even if there's network delay.
sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0)
+ # Hook the requests module from the greater source tree. We can't import
+ # this at the module level since we might be imported into the bootstrap
+ # script in standalone mode.
+ #
+ # This module is necessary for correct https certificate verification.
+ mod_path = os.path.dirname(__file__)
+ sys.path.insert(0, os.path.join(mod_path, '..', '..', 'requests'))
+
update = False
if len(sys.argv) > 1:
if sys.argv[1] == '--update':
update = True
else:
print(USAGE)
sys.exit(1)
