[tor-commits] [tor-browser-bundle/master] Bug #14420: Remove old auth cruft from fetch-inputs.sh

[gk at torproject.org]

commit 9a8c0663abb0359b743865bca24b22316bb16fac
Author: Mike Perry <mikeperry-git at torproject.org>
Date:   Tue Jan 27 08:05:16 2015 -0800

    Bug #14420: Remove old auth cruft from fetch-inputs.sh
---
 gitian/fetch-inputs.sh |   44 ++------------------------------------------
 1 file changed, 2 insertions(+), 42 deletions(-)

diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 3311547..fdbbc69 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -112,30 +112,13 @@ update_git() {
 }
 
 ##############################################################################
-# Get package files from mirror
-
 # Get+verify sigs that exist
-for i in OPENSSL # OBFSPROXY
-do
-  PACKAGE="${i}_PACKAGE"
-  URL="${MIRROR_URL}${!PACKAGE}"
-  SUFFIX="asc"
-  get "${!PACKAGE}" "$URL"
-  get "${!PACKAGE}.$SUFFIX" "$URL.$SUFFIX"
-
-  if ! verify "${!PACKAGE}" "$WRAPPER_DIR/gpg/$i.gpg" $SUFFIX; then
-    echo "$i: GPG signature is broken for ${URL}"
-    mv "${!PACKAGE}" "${!PACKAGE}.badgpg"
-    exit 1
-  fi
-done
-
-for i in BINUTILS GCC PYTHON PYCRYPTO M2CRYPTO PYTHON_MSI GMP LXML
+for i in OPENSSL BINUTILS GCC PYTHON PYCRYPTO M2CRYPTO PYTHON_MSI GMP LXML
 do
   PACKAGE="${i}_PACKAGE"
   URL="${i}_URL"
   if [ "${i}" == "PYTHON" -o "${i}" == "PYCRYPTO" -o "${i}" == "M2CRYPTO" -o \
-       "${i}" == "PYTHON_MSI" -o "${i}" == "LXML" ]; then
+       "${i}" == "PYTHON_MSI" -o "${i}" == "LXML" -o "${i}" == "OPENSSL" ]; then
     SUFFIX="asc"
   else
     SUFFIX="sig"
@@ -189,29 +172,6 @@ do
   get "${!PACKAGE}" "${MIRROR_URL_YAWNING}${!PACKAGE}"
 done
 
-# Verify packages with weak or no signatures via multipath downloads
-# (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-# XXX: Google won't allow wget -N.. We need to re-download the whole
-# TOOLCHAIN4 each time. Rely only on SHA256 for now..
-mkdir -p verify
-cd verify
-for i in OPENSSL OSXSDK
-do
-  URL="${i}_URL"
-  PACKAGE="${i}_PACKAGE"
-  if ! wget -U "" -N --no-remove-listing "${!URL}"; then
-    echo "$i url ${!URL} is broken!"
-    mv "${!PACKAGE}" "${!PACKAGE}.removed"
-    exit 1
-  fi
-  if ! diff "${!PACKAGE}" "../${!PACKAGE}"; then
-    echo "Package ${!PACKAGE} differs from our mirror's version!"
-    exit 1
-  fi
-done
-
-cd ..
-
 # NoScript and HTTPS-Everywhere are magikal and special:
 wget -U "" -N ${NOSCRIPT_URL}
 wget -U "" -N ${HTTPSE_URL}