Bug 1534506 - download chain-of-trust.json instead of chainOfTrust.json.asc r=tomprince
authorAki Sasaki <asasaki@mozilla.com>
Tue, 12 Mar 2019 04:53:57 +0000
changeset 521611 4768e2c08459914011ab3614a8f11629ffb25f14
parent 521610 79dd6b92c913d33ee1ac7b41d49f3459e6decfa1
child 521612 7f47a4e7c43fcbe886d181df931d082b10f9a36f
push id10867
push userdvarga@mozilla.com
push dateThu, 14 Mar 2019 15:20:45 +0000
treeherdermozilla-beta@abad13547875 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstomprince
bugs1534506
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1534506 - download chain-of-trust.json instead of chainOfTrust.json.asc r=tomprince Differential Revision: https://phabricator.services.mozilla.com/D23081
python/mozbuild/mozbuild/mach_commands.py
--- a/python/mozbuild/mozbuild/mach_commands.py
+++ b/python/mozbuild/mozbuild/mach_commands.py
@@ -1384,41 +1384,26 @@ class PackageFrontend(MachCommandBase):
                 if self.size is None and self.digest is None:
                     return True
                 return super(DownloadRecord, self).validate()
 
         class ArtifactRecord(DownloadRecord):
             def __init__(self, task_id, artifact_name):
                 for _ in redo.retrier(attempts=retry+1, sleeptime=60):
                     cot = cache._download_manager.session.get(
-                        get_artifact_url(task_id, 'public/chainOfTrust.json.asc'))
+                        get_artifact_url(task_id, 'public/chain-of-trust.json'))
                     if cot.status_code >= 500:
                         continue
                     cot.raise_for_status()
                     break
                 else:
                     cot.raise_for_status()
 
                 digest = algorithm = None
-                data = {}
-                # The file is GPG-signed, but we don't care about validating that.
-                # The data looks like:
-                #     -----BEGIN PGP SIGNED MESSAGE-----
-                #     Hash: SHA256
-                #
-                #     {
-                #       ...
-                #     }
-                #     -----BEGIN PGP SIGNATURE-----
-                #     <signature data>
-                #     -----END PGP SIGNATURE-----
-                # The following code extracts the json from there.
-                data = json.loads(
-                    cot.content.partition("-----BEGIN PGP SIGNATURE-----")[0]
-                               .partition("Hash: SHA256")[2])
+                data = json.loads(cot.content)
                 for algorithm, digest in (data.get('artifacts', {})
                                               .get(artifact_name, {}).items()):
                     pass
 
                 name = os.path.basename(artifact_name)
                 artifact_url = get_artifact_url(task_id, artifact_name,
                     use_proxy=not artifact_name.startswith('public/'))
                 super(ArtifactRecord, self).__init__(