-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for verifying downloaded file's SHA-512 hash #241
Comments
@EricRahm I assume this hash only applies to the installer binaries to download, but not all the other files including the .zip file for Windows. |
@whimboo There's a hash for every build file. For example: https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2015/01/2015-01-29-03-02-02-mozilla-central/firefox-38.0a1.en-US.win64-x86_64.checksums includes both the installer and the zip. |
Ah, great. Thanks. Sounds like a good improvement. |
I would like to work on this bug, whats the best way to work on it. |
@whimboo Do you have any notes for @parthbakshi? |
Hi @parthbakshi. Great to hear that you have interests to work on this issue! Sorry for the late response but I was away for a full month. So the best way is to fork the repository and create a local clone of it. Then you should make yourself familiar with the different kinds of Firefox builds (Nightly, Aurora, Beta, Release, candidate builds, tinderbox builds) which are supported by mozdownload. Once done it would be good to know how this checksum file looks like for those different kinds of builds. After that the download() method of the scraper would have to be extended to being able to also get the checksum file, parse the entries, and do the checks if specified via the command line (--verify). Let me know if you have further questions. You can also reach me on the moznet IRC network in the #automation channel. |
Ok i have forked the repo, Is there a doc where i can read about the various builds and how the checksums/SHA-512 actually look? |
Whenever i run the mozdownload on my machine im getting an error executing it, is there anything that i am missing?
|
As mentioned on IRC this is most likely Python version 2.6 which is causing those problems. Please upgrade to latest 2.7 and it should work. |
@parthbakshi, given the amount of time which has been passed by here, I assume you will not work on this issue anymore? It's somewhat important for us now given that in the last days we had a couple of corrupted downloads without seeing a failure from mozdownload. |
Sorry work got in the way you can reassign it to someone else. On Thu, Oct 29, 2015 at 6:03 PM Henrik Skupin [email protected]
|
Thanks for letting me know! |
Hello, |
So for each platform we have a checksums file located right next to the builds. This file contains checksums for all files related to the platform. So we should check first if such a file is present, download it, and then we can generate the hash locally and compare it with the one from the checksums file. |
I would like to work on this issue |
Sure, go ahead and let us know how you proceed and where you need help. Don't hesitate to ask your questions on IRC. You can find me in the #automation channel. Thanks. |
is it still open i would like to work on it |
hi there @whimboo for the #454 issue as you said :you were going to distribute the code in pieces |
I would like to work on this issue |
I am new here . I want to work on this bug . Looking for mentorship to get started. Thank you. |
After waiting for a long time , i have got time to work on this bug I saw the person before me hasn't commited any changes since last year(2017). Thus i am taking over the bug for submitting the patch . I tried with the patch but it is still incomplete
@whimboo Is this issue still open? If Yes, I'd like to work on it |
It turned out that this particular issue was too complicated to get fixed in the past as mentored issue. As such I will remove the mentored flag. |
Hey @whimboo I'd like to take a dig at this. Seemed like @rei2hu got most of the things right from what I can see in his PR. I have one question, are all checksum file names similar to what was mentioned earlier in this thread? i.e. extension of the release file replaced with .checksum or is there a specific format followed for each release? Any resource to help me with this? |
Each build has an associated
<product>...<locale><platform>.checksums
file. The SHA-512 hash contained in the file could be used to verify the hash of the download.Proposal:
The text was updated successfully, but these errors were encountered: