Bug 1534506 - download chain-of-trust.json instead of chainOfTrust.json.asc r=tomprince a=release
authorAki Sasaki <asasaki@mozilla.com>
Tue, 12 Mar 2019 04:53:57 +0000
changeset 516418 7174884ffa0f
parent 516417 8c05de33796c
child 516419 2e051d69d6e4
push id1996
push userasasaki@mozilla.com
push dateThu, 28 Mar 2019 19:11:52 +0000
treeherdermozilla-release@2e051d69d6e4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstomprince, release
bugs1534506
milestone66.0.3
Bug 1534506 - download chain-of-trust.json instead of chainOfTrust.json.asc r=tomprince a=release Differential Revision: https://phabricator.services.mozilla.com/D23081
python/mozbuild/mozbuild/mach_commands.py
--- a/python/mozbuild/mozbuild/mach_commands.py
+++ b/python/mozbuild/mozbuild/mach_commands.py
@@ -1368,41 +1368,26 @@ class PackageFrontend(MachCommandBase):
                 if self.size is None and self.digest is None:
                     return True
                 return super(DownloadRecord, self).validate()
 
         class ArtifactRecord(DownloadRecord):
             def __init__(self, task_id, artifact_name):
                 for _ in redo.retrier(attempts=retry+1, sleeptime=60):
                     cot = cache._download_manager.session.get(
-                        get_artifact_url(task_id, 'public/chainOfTrust.json.asc'))
+                        get_artifact_url(task_id, 'public/chain-of-trust.json'))
                     if cot.status_code >= 500:
                         continue
                     cot.raise_for_status()
                     break
                 else:
                     cot.raise_for_status()
 
                 digest = algorithm = None
-                data = {}
-                # The file is GPG-signed, but we don't care about validating that.
-                # The data looks like:
-                #     -----BEGIN PGP SIGNED MESSAGE-----
-                #     Hash: SHA256
-                #
-                #     {
-                #       ...
-                #     }
-                #     -----BEGIN PGP SIGNATURE-----
-                #     <signature data>
-                #     -----END PGP SIGNATURE-----
-                # The following code extracts the json from there.
-                data = json.loads(
-                    cot.content.partition("-----BEGIN PGP SIGNATURE-----")[0]
-                               .partition("Hash: SHA256")[2])
+                data = json.loads(cot.content)
                 for algorithm, digest in (data.get('artifacts', {})
                                               .get(artifact_name, {}).items()):
                     pass
 
                 name = os.path.basename(artifact_name)
                 artifact_url = get_artifact_url(task_id, artifact_name,
                     use_proxy=not artifact_name.startswith('public/'))
                 super(ArtifactRecord, self).__init__(