-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1882852 - remove vendored createprecomplete in iscript and signin… #955
base: master
Are you sure you want to change the base?
Conversation
b92a45a
to
c1c8558
Compare
c1c8558
to
39d5017
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is probably OK, but I think there's some risk if a backwards incompatible change is made in the future? Two possible alternatives:
- Pull
createprecomplete
from the correct revision, and run that instead. - Update/recreate the precomplete file as part of a downstream task (either
repackage-signing
or a new task). Arguably, we shouldn't be creating the precomplete file until after signing anyways. (This is probably more work than its worth at this time, though.)
This doesn't feel right. The premise of scriptworkers is not to run arbitrary code specified in the payload.
Ack, maybe. |
Uh...good point! Indeed, this is a bad idea.
Just to be clear, I don't think this needs to happen now if it happens at all. Landing this patch is a good improvement at the very least. |
39d5017
to
c9a2f66
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know much about precomplete. Syntax LGTM
…gscript This needed to be kept in sync with the code in mozilla-central, or bad things happen, which bit us in https://bugzilla.mozilla.org/show_bug.cgi?id=1882322 Instead, directly add remove instructions for the extra signature files we're adding, leaving the rest of the file unchanged.
c9a2f66
to
ceba27b
Compare
file = path[1:-1] | ||
if _get_widevine_signing_files([file]): | ||
sigfile = _get_mac_sigpath(file) | ||
fh.write('remove "{}"\n'.format(sigfile)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm now worrying that this could add a duplicate remove instruction if the file was already signed in the input archive.
[EDIT: s/not/now/ sigh]
…gscript
This needed to be kept in sync with the code in mozilla-central, or bad things happen, which bit us in
https://bugzilla.mozilla.org/show_bug.cgi?id=1882322
Instead, directly add remove instructions for the extra signature files we're adding, leaving the rest of the file unchanged.