mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 21:31:04 +00:00
9e795ff565
Previously, we were downloading tooltool.py from random servers. Considering tooltool.py is used to secure the download of future components, downloading tooltool.py from potentially 3rd party services was a major lapse in our end-to-end security, as a compromised tooltool.py wouldn't honor integrity checks. This commit copies the already vendored copy of tooltool.py into the mozharness directory. A copy needs to be in the mozharness directory because then a copy of mozharness without access to a source checkout will have access to it. We modify the code in mozharness that fetches tooltool to use the copy from mozharness (unless `mach artifact toolchain` is available). Since a copy of tooltool.py is always reliably available, we can remove all config entries related to tooltool.py. MozReview-Commit-ID: C7ls1xWrPMq --HG-- rename : python/mozbuild/mozbuild/action/tooltool.py => testing/mozharness/external_tools/tooltool.py extra : rebase_source : d7b48d837805f9312c97b6e21c6527cc5f5018dc |
||
|---|---|---|
| .. | ||
| virtualenv | ||
| __init__.py | ||
| clobberer.py | ||
| count_and_reboot.py | ||
| detect_repo.py | ||
| download_file.py | ||
| extract_and_run_command.py | ||
| git-ssh-wrapper.sh | ||
| gittool.py | ||
| machine-configuration.json | ||
| mouse_and_screen_resolution.py | ||
| packagesymbols.py | ||
| performance-artifact-schema.json | ||
| robustcheckout.py | ||
| tooltool.py | ||