[Webkit-unassigned] [Bug 197164] New: webkitpy auto installer should download packages using `curl` instead of python's urllib.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 22 10:31:32 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=197164
Bug ID: 197164
Summary: webkitpy auto installer should download packages using
`curl` instead of python's urllib.
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Tools / Tests
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dean_johnson at apple.com
CC: lforschler at apple.com
I think webkitpy's auto installer should use `curl` to download packages instead of Python's urllib2 library. There are many reasons for this:
1. urllib2 can fail with obscure messages due to failures to TLS versions[1] or permissions on certs[2]. These messages could be communicated back to the user, but they generally do not have clear solutions to them.
2. Hashes for expected packages are already stored in Tools/Scripts/webkitpy/thirdparty/__init__.py.
So using `curl`, we could get around TLS version issues and cert permission issues using --no-verify, but also still guarantee we're getting the package we expect by checking the hashes of the downloaded packages against what they are known to be.
I'm not sure if this should be done for Windows as well, but would err on the side of caution and say to use the default behavior on Windows until someone was able to verify the same codepath worked.
[1] via https://bugs.webkit.org/show_bug.cgi?id=197046 - <urlopen error [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)>
[2] via https://bugs.webkit.org/show_bug.cgi?id=197046 - <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190422/0634f1c9/attachment-0001.html>
More information about the webkit-unassigned
mailing list