Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There are s3 addresses in the Rust 1.14 manifests #38519

Closed
brson opened this Issue Dec 21, 2016 · 10 comments

Comments

Projects
None yet
3 participants
@brson
Copy link
Contributor

brson commented Dec 21, 2016

[pkg.cargo.target.arm-unknown-linux-gnueabi]
available = true
url = "https://s3.amazonaws.com/rust-lang-ci/cargo-builds/298a0127f703d4c2500bb06d309488b92ef84ae1/cargo-nightly-arm-unknown-linux-gnueabi.tar.gz"
hash = "a98891b4d4d7576b544e70b791c2c87887653b9def92e29ac10d5e7323db08f1"

This is incorrect. Every address in the manifest should be from static.rust-lang.org. I don't want to make any guarantees that https://s3.amazonaws.com/rust-lang-ci/cargo-builds will always exist. I believe there is minor functionality in rustup that will break if the manifest contains multiple root URLs.

@brson

This comment has been minimized.

Copy link
Contributor Author

brson commented Dec 22, 2016

The cargo tarballs mentioned in the manifest also don't have accompanying .asc signatures, which people expect as part of our release process. There are .sha256 files.

Fortunately the cargo hashes are captured in the signed manifest. For this release I will go make the signatures and upload them to the cargo-builds s3 bucket by hand.

cc @rillian

@rillian

This comment has been minimized.

Copy link
Contributor

rillian commented Dec 22, 2016

Thanks @brson! I have a packaging script I use to upload new releases to the Firefox build infrastructure and it failed on the missing cargo signatures.

Thanks also for pointing out that the manifest is signed; I'll add that as a verification step.

@brson

This comment has been minimized.

Copy link
Contributor Author

brson commented Dec 22, 2016

I've deployed .asc files for the cargo builds and checked that the hashes match.

@rillian

This comment has been minimized.

Copy link
Contributor

rillian commented Dec 22, 2016

Signature files are working now.

@alexcrichton

This comment has been minimized.

Copy link
Member

alexcrichton commented Dec 26, 2016

@brson how serious is a regression is this? Is it something we should fix ASAP? Patch rustup ASAP?

I don't currently have plans to fix this until we redo releases entirely, but we can prioritize a fix if it's causing active breakage.

@brson

This comment has been minimized.

Copy link
Contributor Author

brson commented Dec 29, 2016

I'd like to fix before the next release. I think the fix as of now is in rust-buildbot.

@brson brson self-assigned this Dec 29, 2016

@brson brson added the P-high label Dec 29, 2016

@brson

This comment has been minimized.

Copy link
Contributor Author

brson commented Jan 12, 2017

I'm still on it.

@brson

This comment has been minimized.

Copy link
Contributor Author

brson commented Jan 17, 2017

I've deployed a fix to production. We should expect tomorrow's nightly manifests to contain the right URLs. Leaving this open until I've confirmed it works in beta as well, since the code paths are slightly different.

@rillian

This comment has been minimized.

Copy link
Contributor

rillian commented Jan 17, 2017

\o/

@brson

This comment has been minimized.

Copy link
Contributor Author

brson commented Jan 18, 2017

Nightly looks fixed. Still waiting to see a beta, and actually I want to wait until we get a new stable to close this, because that's the code path that's different.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.