[tor-commits] [tor-browser-bundle/maint-4.0] Bug #14420: Remove old auth cruft from fetch-inputs.sh
gk at torproject.org
gk at torproject.org
Wed Jan 28 08:23:19 UTC 2015
commit d4cfa02d22cefb43a5b66e6f0d10a876a78a3b33
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Tue Jan 27 08:03:44 2015 -0800
Bug #14420: Remove old auth cruft from fetch-inputs.sh
---
gitian/fetch-inputs.sh | 44 ++------------------------------------------
1 file changed, 2 insertions(+), 42 deletions(-)
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index ef4dbf7..d4eee57 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -111,30 +111,13 @@ update_git() {
}
##############################################################################
-# Get package files from mirror
-
# Get+verify sigs that exist
-for i in OPENSSL # OBFSPROXY
-do
- PACKAGE="${i}_PACKAGE"
- URL="${MIRROR_URL}${!PACKAGE}"
- SUFFIX="asc"
- get "${!PACKAGE}" "$URL"
- get "${!PACKAGE}.$SUFFIX" "$URL.$SUFFIX"
-
- if ! verify "${!PACKAGE}" "$WRAPPER_DIR/gpg/$i.gpg" $SUFFIX; then
- echo "$i: GPG signature is broken for ${URL}"
- mv "${!PACKAGE}" "${!PACKAGE}.badgpg"
- exit 1
- fi
-done
-
-for i in BINUTILS GCC PYTHON PYCRYPTO M2CRYPTO PYTHON_MSI GMP LXML
+for i in OPENSSL BINUTILS GCC PYTHON PYCRYPTO M2CRYPTO PYTHON_MSI GMP LXML
do
PACKAGE="${i}_PACKAGE"
URL="${i}_URL"
if [ "${i}" == "PYTHON" -o "${i}" == "PYCRYPTO" -o "${i}" == "M2CRYPTO" -o \
- "${i}" == "PYTHON_MSI" -o "${i}" == "LXML" ]; then
+ "${i}" == "PYTHON_MSI" -o "${i}" == "LXML" -o "${i}" == "OPENSSL" ]; then
SUFFIX="asc"
else
SUFFIX="sig"
@@ -179,29 +162,6 @@ do
get "${!PACKAGE}" "${!URL}"
done
-# Verify packages with weak or no signatures via multipath downloads
-# (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-# XXX: Google won't allow wget -N.. We need to re-download the whole
-# TOOLCHAIN4 each time. Rely only on SHA256 for now..
-mkdir -p verify
-cd verify
-for i in OPENSSL OSXSDK
-do
- URL="${i}_URL"
- PACKAGE="${i}_PACKAGE"
- if ! wget -U "" -N --no-remove-listing "${!URL}"; then
- echo "$i url ${!URL} is broken!"
- mv "${!PACKAGE}" "${!PACKAGE}.removed"
- exit 1
- fi
- if ! diff "${!PACKAGE}" "../${!PACKAGE}"; then
- echo "Package ${!PACKAGE} differs from our mirror's version!"
- exit 1
- fi
-done
-
-cd ..
-
# NoScript and HTTPS-Everywhere are magikal and special:
wget -U "" -N ${NOSCRIPT_URL}
wget -U "" -N ${HTTPSE_URL}
More information about the tor-commits
mailing list