Closed Bug 1383996 Opened 7 years ago Closed 7 years ago

Make `mach artifact toolchain` produce a manifest for consumption by the chain-of-trust system

Categories

(Firefox Build System :: General, enhancement)

enhancement
Not set
normal

Tracking

(firefox56 fixed)

RESOLVED FIXED
mozilla56
Tracking Status
firefox56 --- fixed

People

(Reporter: glandium, Assigned: glandium)

References

Details

Attachments

(2 files)

The format was discussed with aki over a month ago and further acknowledged a few days ago.
Depends on: 1313111
Comment on attachment 8889741 [details]
Bug 1383996 - Add an argument to `mach artifact toolchain` to store a manifest for chain-of-trust validation.

https://reviewboard.mozilla.org/r/160822/#review166494

::: python/mozbuild/mozbuild/mach_commands.py:1962
(Diff revision 1)
>                  return 1
>  
> +        if artifacts:
> +            ensureParentDir(artifact_manifest)
> +            with open(artifact_manifest, 'w') as fh:
> +                json.dump(artifacts, fh, indent=4)

You might as well throw a `sort_keys=True` in here so output is deterministic.
Attachment #8889741 - Flags: review?(gps) → review+
Comment on attachment 8889742 [details]
Bug 1383996 - Make most calls to `mach artifact toolchain` output a manifest.

https://reviewboard.mozilla.org/r/160824/#review166496

I'm not crazy about writing the file into topsrcdir. But we're already extracting tooltool archives into topsrcdir. So meh.

::: taskcluster/scripts/misc/tooltool-download.sh:27
(Diff revision 1)
>      # When the worker has the relengapi proxy setup, use it.
>      TOOLTOOL_DL_FLAGS="${TOOLTOOL_DL_FLAGS=} --tooltool-url=http://relengapi/tooltool/"
>  fi
>  
> +if [ -n "$UPLOAD_DIR" ]; then
> +    TOOLTOOL_DL_FLAGS="${TOOLTOOL_DL_FLAGS=} --artifact-manifest $UPLOAD_DIR/toolchains.json"

It is /slightly/ weird to see "toolchains.json" in a file that purports to be generic. But there is another reference to "toolchains" in this file, so feel free to ignore this comment.
Attachment #8889742 - Flags: review?(gps) → review+
(In reply to Gregory Szorc [:gps] from comment #4)
> Comment on attachment 8889742 [details]
> Bug 1383996 - Make most calls to `mach artifact toolchain` output a manifest.
> 
> https://reviewboard.mozilla.org/r/160824/#review166496
> 
> I'm not crazy about writing the file into topsrcdir. But we're already
> extracting tooltool archives into topsrcdir. So meh.

FWIW, I want to move all that at some point.
Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/6a49ccfbabeb
Add an argument to `mach artifact toolchain` to store a manifest for chain-of-trust validation. r=gps
https://hg.mozilla.org/integration/autoland/rev/ba130cb1f427
Make most calls to `mach artifact toolchain` output a manifest. r=gps
https://hg.mozilla.org/mozilla-central/rev/6a49ccfbabeb
https://hg.mozilla.org/mozilla-central/rev/ba130cb1f427
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Product: Core → Firefox Build System
You need to log in before you can comment on or make changes to this bug.