Closed Bug 1346359 Opened 9 years ago Closed 9 years ago

Script to submit transparency certs to CT

Categories

(Release Engineering :: Release Automation, enhancement, P1)

Product:
Release Engineering
Component:
Release Automation
Type:
enhancement

Tracking

(firefox55 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox55 --- fixed

People

(Reporter: rbarnes, Assigned: rbarnes)

References

Details

Attachments

(1 file)

Bug 1346359 - Script to submit transparency certs to CT
59 bytes, text/x-review-board-request
rail
: review+
Details
For binary transparency, we need a script that can submit the transparency certificate for a release (Bug 1346354) to a certificate transparency log. This just entails a POST request, as specified in RFC 6962: https://tools.ietf.org/html/rfc6962#section-4.1
Blocks: 1341396
Assignee: nobody → rlb
Comment on attachment 8846176 [details] Bug 1346359 - Script to submit transparency certs to CT Here's a draft of the script we could put in a worker to do log submission. Basically just cargo-culted off of the Merkle tree patch. Does this look like about the right direction?
Attachment #8846176 - Flags: feedback?(rail)
Attachment #8846176 - Flags: feedback?(catlee)
BTW, you should be able to try this out locally with the following: > cd testing/mozharness > python scripts/release/submit-to-ct.py \ > --chain https://ipv.sx/tmp/chain.pem \ > --log https://ct.googleapis.com/pilot \ > --sct ./test.sct Don't worry, you won't add anything to the log if you try this; the cert is already there, so the log just returns the information it already has.
Comment on attachment 8846176 [details] Bug 1346359 - Script to submit transparency certs to CT https://reviewboard.mozilla.org/r/119266/#review122048 ::: testing/mozharness/scripts/release/submit-to-ct.py:2 (Diff revision 1) > +import os > +import requests I don't think `requests` is installed by default. You need to install it and import in functions, see https://dxr.mozilla.org/mozilla-central/source/testing/mozharness/scripts/release/uptake_monitoring.py#40-43 and https://dxr.mozilla.org/mozilla-central/source/testing/mozharness/scripts/release/uptake_monitoring.py#89 ::: testing/mozharness/scripts/release/submit-to-ct.py:6 (Diff revision 1) > +import os > +import requests > +import sys > +import pem > +import base64 > +from redo import retriable The same here ::: testing/mozharness/scripts/release/submit-to-ct.py:14 (Diff revision 1) > +sys.path.insert(1, os.path.dirname(os.path.dirname(sys.path[0]))) > + > +from mozharness.base.script import BaseScript > +from mozharness.mozilla.signed_certificate_timestamp import SignedCertificateTimestamp > + > +@retriable(sleeptime=1, attempts=2) Unfortunatelly you cannot use the redo decorators before you import it (runtime). You can either explicitly use `redo.retry` like in https://dxr.mozilla.org/mozilla-central/source/testing/mozharness/scripts/release/uptake_monitoring.py#113 or hide the functions somewhere after you import redo.
Attachment #8846176 - Flags: feedback?(rail) → feedback+
Priority: -- → P1
Attachment #8846176 - Flags: review?(rail)
Comment on attachment 8846176 [details] Bug 1346359 - Script to submit transparency certs to CT https://reviewboard.mozilla.org/r/119266/#review122588 LGTM!
Attachment #8846176 - Flags: review?(rail) → review+
Comment on attachment 8846176 [details] Bug 1346359 - Script to submit transparency certs to CT https://reviewboard.mozilla.org/r/119266/#review122590
Pushed by rlb@ipv.sx: https://hg.mozilla.org/integration/autoland/rev/7df65af169f5 Script to submit transparency certs to CT r=rail
https://hg.mozilla.org/mozilla-central/rev/7df65af169f5
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: