Skip to content

rustbuild: Verify sha256 of downloaded nightlies #32902

New issue
New issue
Closed
Closed
rustbuild: Verify sha256 of downloaded nightlies#32902
Labels
E-easyCall for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue.T-bootstrapRelevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap)
@alexcrichton

Description

@alexcrichton
alexcrichton
opened on Apr 12, 2016

We should be validating our downloads for two reasons:

  1. Make sure that the file wasn't corrupted in transit by accident with something like a faulty proxy.
  2. Make sure the file itself wasn't tampered with.

To accomplish this let's do two things:

  • Check into the compiler Rust source the sha256 of what we should be downloading.
  • Check the sha256 of what we just downloaded against this value.

Unfortunately we can't do this in Rust just yet, we'll have to do it in Python or shell out to some system utility. If you've got some Python chops or would like to write a little python, should be a pretty easy bug to get started!

All downloads currently happen in src/bootstrap/bootstrap.py, so this'll just be modifying the relevant pieces there. Feel free to reach out to me if you have questions!

Metadata

Metadata

Assignees

No one assigned

    Labels

    E-easyCall for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue.T-bootstrapRelevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions