[Webkit-unassigned] [Bug 197164] New: webkitpy auto installer should download packages using `curl` instead of python's urllib.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 22 10:31:32 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=197164

            Bug ID: 197164
           Summary: webkitpy auto installer should download packages using
                    `curl` instead of python's urllib.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Tools / Tests
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dean_johnson at apple.com
                CC: lforschler at apple.com

I think webkitpy's auto installer should use `curl` to download packages instead of Python's urllib2 library. There are many reasons for this:
1. urllib2 can fail with obscure messages due to failures to TLS versions[1] or permissions on certs[2]. These messages could be communicated back to the user, but they generally do not have clear solutions to them.
2. Hashes for expected packages are already stored in Tools/Scripts/webkitpy/thirdparty/__init__.py.

So using `curl`, we could get around TLS version issues and cert permission issues using --no-verify, but also still guarantee we're getting the package we expect by checking the hashes of the downloaded packages against what they are known to be.

I'm not sure if this should be done for Windows as well, but would err on the side of caution and say to use the default behavior on Windows until someone was able to verify the same codepath worked.

[1] via https://bugs.webkit.org/show_bug.cgi?id=197046 - <urlopen error [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)>
[2] via https://bugs.webkit.org/show_bug.cgi?id=197046 - <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190422/0634f1c9/attachment-0001.html>

More information about the webkit-unassigned mailing list