depot_tools

Commit Graph

Author	SHA1	Message	Date
Vadim Shtayura	eebc3d8232	[cipd] Check CIPD client hash against pinned SHA256 during updates. Linux and OSX only for now. This also rolls CIPD client to a version that supports pinned hashes (v2.2.5). CIPD_CLIENT_VER and CIPD_CLIENT_SRV are no longer supported as env vars, since it makes no sense when pinning hashes of the binaries at specific version on the specific backend. Also somewhat cleanup 'cipd' script to use "${VAR}", stderr and colored output consistently. R=iannucci@chromium.org, nodir@chromium.org BUG=870166 Change-Id: I9e61f9f8fbdcf10985c52828b2bfbec64b4234f0 Reviewed-on: https://chromium-review.googlesource.com/1171957 Commit-Queue: Vadim Shtayura <vadimsh@chromium.org> Reviewed-by: Nodir Turakulov <nodir@chromium.org>	7 years ago
Vadim Shtayura	7e50ee376b	[cipd] Try to bootstrap CIPD from scratch if selfupdate fails. When updating the CIPD client to be identified by SHA256 hash, old clients (that have no idea about SHA256) fail during 'selfupdate'. We'll roll our SHA256 support in two stages: 1. Deploy new client that understand SHA256 using its SHA1 name, so self-update from old clients works. 2. Deploy same (or newer) client using its SHA256 name. This would work since the client doing the self-update already understands SHA256 at this point. But we can't guarantee that ALL depot_tools deployments will update through stages (1) and (2) sequentially. Some of them may skip (1) and end-up directly in (2), failing on 'selfupdate'. This CL makes sure they can recover from this state by rebootstraping the client from scratch (this works with SHA256 hashes). R=nodir@chromium.org, iannucci@chromium.org BUG=821194 Change-Id: I27dece19e0305b5b2d6f8b0130631c1bf5f6499c Reviewed-on: https://chromium-review.googlesource.com/1149454 Commit-Queue: Vadim Shtayura <vadimsh@chromium.org> Reviewed-by: Robbie Iannucci <iannucci@chromium.org>	7 years ago

Author

SHA1

Message

Date

Vadim Shtayura

eebc3d8232

[cipd] Check CIPD client hash against pinned SHA256 during updates.

Linux and OSX only for now. This also rolls CIPD client to a version that
supports pinned hashes (v2.2.5).

CIPD_CLIENT_VER and CIPD_CLIENT_SRV are no longer supported as env vars, since
it makes no sense when pinning hashes of the binaries at specific version on
the specific backend.

Also somewhat cleanup 'cipd' script to use "${VAR}", stderr and colored output
consistently.

R=iannucci@chromium.org, nodir@chromium.org
BUG=870166

Change-Id: I9e61f9f8fbdcf10985c52828b2bfbec64b4234f0
Reviewed-on: https://chromium-review.googlesource.com/1171957
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: Nodir Turakulov <nodir@chromium.org>

Vadim Shtayura

7e50ee376b

[cipd] Try to bootstrap CIPD from scratch if selfupdate fails.

When updating the CIPD client to be identified by SHA256 hash, old clients (that
have no idea about SHA256) fail during 'selfupdate'.

We'll roll our SHA256 support in two stages:
  1. Deploy new client that understand SHA256 using its SHA1 name, so
     self-update from old clients works.
  2. Deploy same (or newer) client using its SHA256 name. This would work since
     the client doing the self-update already understands SHA256 at this point.

But we can't guarantee that ALL depot_tools deployments will update through
stages (1) and (2) sequentially. Some of them may skip (1) and end-up directly
in (2), failing on 'selfupdate'.

This CL makes sure they can recover from this state by rebootstraping the client
from scratch (this works with SHA256 hashes).

R=nodir@chromium.org, iannucci@chromium.org
BUG=821194

Change-Id: I27dece19e0305b5b2d6f8b0130631c1bf5f6499c
Reviewed-on: https://chromium-review.googlesource.com/1149454
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: Robbie Iannucci <iannucci@chromium.org>

2 Commits (af03ae194f784a9ba5e21e1a9524883482f819b6)