Closed
Bug 1085026
Opened 9 years ago
Closed 9 years ago
AUS manifest reporting wrong hash value for MAR files on Oak, Ash, and Maple
Categories
(Release Engineering :: General, defect)
Tracking
(firefox34 fixed, firefox35 fixed, firefox-esr31 fixed, b2g-v2.0 fixed)
People
(Reporter: bbondy, Assigned: mshal)
References
Details
Attachments
(1 file)
|
1.46 KB,
patch
|
glandium
:
review+
|
Details | Diff | Splinter Review |
On Oak, it turns out that the manifest gives the wrong SHA value for the advertised MAR file. The entry says: hashFunction="sha512" hashValue="4d4b1c293862ec10fc886c2dd548bd125efe89a8" (full manifest below) But the real SHA512 hash for the mar file mentioned is: adbbfb44cccb060ed3e71623a0e3ef5fcc87ee3d24b4cc728e77a3b5e63ff3161552b253a6115d37c4dda62a8d4267d5e33d5d3d18c2e280b87819709db5ce24 After trying out a bunch of different things, I found out that the hash value it gives is the SHA1 hash, and not the SHA512 hash. At the time of my testing, the manifest URL is located at: https://aus4.mozilla.org/update/3/Firefox/36.0a1/20141017040201/WINNT_x86-msvc/en-US/nightly-oak/Windows_NT%206.3.0.0%20%28x64%29/default/default/update.xml?force=1 Which produced this manifest: <updates> <update type="minor" displayVersion="36.0a1" appVersion="36.0a1" platformVersion="36.0a1" buildID="20141018040203"> <patch type="complete" URL="http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2014/10/2014-10-16-13-55-55-oak/firefox-36.0a1.en-US.win32.complete.mar" hashFunction="sha512" hashValue="4d4b1c293862ec10fc886c2dd548bd125efe89a8" size="47787586"/> </update> </updates>
|
Reporter | |
Updated•9 years ago
|
Blocks: CVE-2015-0833
|
|
Reporter | |
Comment 1•9 years ago
|
||
More on this: x64 builds correctly give and advertise SHA512, but x86 builds continue to say SHA512, but really contain SHA1s.
|
|
Reporter | |
Comment 2•9 years ago
|
||
Adding needinfo just to make sure you see this, especially in case it affects something more than just oak.
Flags: needinfo?(bhearsum)
|
||
Comment 3•9 years ago
|
||
Might be fallout from mach mozharness.
|
||
Comment 4•9 years ago
|
||
Based on this I suspect that Nick is right. Note that the complete looks like a sha1, and the partial looks like a sha512:
05:13:20 INFO - Dumping config to /builds/slave/oak-lx-ntly-000000000000000000/balrog_props.json.
05:13:20 INFO - {'properties': {'appName': 'Firefox',
05:13:20 INFO - 'appVersion': '36.0a1',
05:13:20 INFO - u'basedir': u'/builds/slave/oak-lx-ntly-000000000000000000',
05:13:20 INFO - u'branch': u'oak',
05:13:20 INFO - u'buildername': u'Linux oak nightly',
05:13:20 INFO - u'buildid': u'20141021040207',
05:13:20 INFO - u'buildnumber': 5,
05:13:20 INFO - u'builduid': u'53022887de78458893362f59a0d45e36',
05:13:20 INFO - u'completeMarFilename': u'firefox-36.0a1.en-US.linux-i686.complete.mar',
05:13:20 INFO - u'completeMarHash': u'225d0e1932917ecb3b4b7c71a8d9ac06610efb94',
05:13:20 INFO - u'completeMarSize': 52378590,
05:13:20 INFO - u'completeMarUrl': u'http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2014/10/2014-10-21-04-02-07-oak/firefox-36.0a1.en-US.linux-i686.complete.mar',
05:13:20 INFO - 'got_revision': u'02550df60211',
05:13:20 INFO - 'hashType': 'sha512',
05:13:20 INFO - u'jsshellUrl': u'http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/oak-linux/1413889327/jsshell-linux-i686.zip',
05:13:20 INFO - u'master': u'http://buildbot-master94.srv.releng.use1.mozilla.com:8001/',
05:13:20 INFO - 'num_ctors': 71,
05:13:20 INFO - u'packageUrl': u'http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/oak-linux/1413889327/firefox-36.0a1.en-US.linux-i686.tar.bz2',
05:13:20 INFO - 'partialMarFilename': 'firefox-36.0a1.en-US.linux-i686.partial.20141021040207-20141021040207.mar',
05:13:20 INFO - 'partialMarHash': '68e2bf83a00721ebaf65d1d5bd10500e8a3b45d1cee4483632a083fea59bb3d030396991e30db36f678684c4d0231bf5851b432a2db563fd7894ace747bc393c',
05:13:20 INFO - 'partialMarSize': 6618,
05:13:20 INFO - u'platform': u'linux',
05:13:20 INFO - 'previous_buildid': '20141021040207',
05:13:20 INFO - u'product': u'firefox',
05:13:20 INFO - u'project': u'',
05:13:20 INFO - u'repository': u'',
05:13:20 INFO - u'revision': u'02550df602110228ea56505b532ceddbc250c5a6',
05:13:20 INFO - u'scheduler': u'oak nightly',
05:13:20 INFO - u'slavename': u'bld-linux64-spot-059',
05:13:20 INFO - 'sourcestamp': '02550df60211',
05:13:20 INFO - u'symbolsUrl': u'http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/oak-linux/1413889327/firefox-36.0a1.en-US.linux-i686.crashreporter-symbols.zip',
05:13:20 INFO - 'testresults': [('num_ctors', 'num_ctors', 71, '71')],
05:13:20 INFO - u'testsUrl': u'http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/oak-linux/1413889327/firefox-36.0a1.en-US.linux-i686.tests.zip'}}
05:13:20 INFO - Calling Balrog submission script
05:13:20 INFO - retry: Calling <bound method FxDesktopBuild.run_command of <__main__.FxDesktopBuild object at 0x1d6d490>> with args: (['python', '/builds/slave/oak-lx-ntly-000000000000000000/build/tools/scripts/updates/balrog-submitter.py', '--build-properties', '/builds/slave/oak-lx-ntly-000000000000000000/balrog_props.json', '--api-root', 'https://aus4-admin.mozilla.org', '--username', 'ffxbld', '-t', 'nightly', '--credentials-file', '/builds/slave/oak-lx-ntly-000000000000000000/oauth.txt', '--verbose'],), kwargs: {}, attempt #1
05:13:20 INFO - Running command: ['python', '/builds/slave/oak-lx-ntly-000000000000000000/build/tools/scripts/updates/balrog-submitter.py', '--build-properties', '/builds/slave/oak-lx-ntly-000000000000000000/balrog_props.json', '--api-root', 'https://aus4-admin.mozilla.org', '--username', 'ffxbld', '-t', 'nightly', '--credentials-file', '/builds/slave/oak-lx-ntly-000000000000000000/oauth.txt', '--verbose']
05:13:20 INFO - Copy/paste: python /builds/slave/oak-lx-ntly-000000000000000000/build/tools/scripts/updates/balrog-submitter.py --build-properties /builds/slave/oak-lx-ntly-000000000000000000/balrog_props.json --api-root https://aus4-admin.mozilla.org --username ffxbld -t nightly --credentials-file /builds/slave/oak-lx-ntly-000000000000000000/oauth.txt --verbose
05:13:20 INFO - Balrog request to https://aus4-admin.mozilla.org/releases/Firefox-oak-nightly-20141021040207
05:13:20 INFO - Data sent: None
05:13:20 INFO - Starting new HTTPS connection (1): aus4-admin.mozilla.org
05:13:21 INFO - "HEAD /releases/Firefox-oak-nightly-20141021040207 HTTP/1.1" 200 0
05:13:21 INFO - Balrog request to https://aus4-admin.mozilla.org/releases/Firefox-oak-nightly-20141021040207/builds/Linux_x86-gcc3/en-US
05:13:21 INFO - Data sent: {'product': u'Firefox', 'hashFunction': u'sha512', 'alias': 'null', 'schema_version': 4, 'data_version': '2', 'copyTo': '["Firefox-oak-nightly-latest"]', 'version': u'36.0a1', 'data': '{"buildID": "20141021040207", "platformVersion": "36.0a1", "displayVersion": "36.0a1", "appVersion": "36.0a1", "completes": [{"fileUrl": "http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2014/10/2014-10-21-04-02-07-oak/firefox-36.0a1.en-US.linux-i686.complete.mar", "hashValue": "225d0e1932917ecb3b4b7c71a8d9ac06610efb94", "from": "*", "filesize": 52378590}]}'}Flags: needinfo?(mshal)
Flags: needinfo?(jlund)
Flags: needinfo?(bhearsum)
|
|
Reporter | |
Comment 5•9 years ago
|
||
Yep, just to clarify in comment 1 I mentioned it was an sha1, but I did also write code to verify 100% that it is 100% an sha1 but the manifest says sha512 for the type.
|
Assignee | |
Comment 6•9 years ago
|
||
Use sha512 for the mar hashes.
Assignee: nobody → mshal
Flags: needinfo?(mshal)
Flags: needinfo?(jlund)
Attachment #8509925 -
Flags: review?(mh+mozilla)
|
|
Reporter | |
Comment 7•9 years ago
|
||
So was this affecting only oak or also other things? Partial being 512 but full being sha1.
|
||
Updated•9 years ago
|
Attachment #8509925 -
Flags: review?(mh+mozilla) → review+
|
||
Comment 8•9 years ago
|
||
(In reply to Brian R. Bondy [:bbondy] from comment #7) > So was this affecting only oak or also other things? Partial being 512 but > full being sha1. so far, the code that would cause this bug has only been rolled out to all twig branches bar fx-team and alder. So this will also affect Maple and Ash (ash is a testing/staging branch). The other branches don't run nightlies so they are unaffected. Apologies for any inconveniences this caused.
|
|
Reporter | |
Comment 9•9 years ago
|
||
No problem, thanks for fixing!
|
|
Assignee | |
Comment 10•9 years ago
|
||
inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/2d393d07f218 try: https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=434c88299059
https://hg.mozilla.org/mozilla-central/rev/2d393d07f218
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 12•9 years ago
|
||
aurora uplift for bug 1093897: https://hg.mozilla.org/releases/mozilla-aurora/rev/14de6cbff9c2
|
|
Assignee | |
Comment 13•9 years ago
|
||
beta uplift for bug 1093897: https://hg.mozilla.org/releases/mozilla-beta/rev/72d8ba95b2db
|
|
Assignee | |
Updated•9 years ago
|
status-firefox34:
--- → fixed
status-firefox35:
--- → fixed
|
|
Assignee | |
Updated•9 years ago
|
status-b2g-v2.0:
--- → fixed
status-firefox-esr31:
--- → fixed
|
||
Updated•5 years ago
|
Component: General Automation → General
You need to log in
before you can comment on or make changes to this bug.
Description
•