Open
Bug 1343891
Opened 7 years ago
Updated 11 months ago
consider not generating/publishing hashes for MARs
Categories
(Release Engineering :: Release Automation: Updates, enhancement, P3)
Release Engineering
Release Automation: Updates
Tracking
(Not tracked)
NEW
People
(Reporter: bhearsum, Unassigned)
Details
Yesterday I learned that the hashes we publish in update responses do not get used (https://bugzilla.mozilla.org/show_bug.cgi?id=1343543#c7) when signing is on. Given that we sign MARs on all platforms now, should we stop generating and publishing unnecessary hashes?
Comment 2•7 years ago
|
||
(In reply to Rail Aliiev [:rail] ⌚️ET from comment #1) > Do we still need to publish the size of MARs? Yes
Comment 3•7 years ago
|
||
Tom, Julien, any thoughts on this?
Flags: needinfo?(tom)
Flags: needinfo?(jvehent)
Comment 4•7 years ago
|
||
I think MAR signing (and possibly signing the XML documents in bug 1304782) provides sufficient security, so OK to remove the hashes.
Flags: needinfo?(jvehent)
Comment 5•7 years ago
|
||
Just to make sure I understand, we're talking about the sha512 in the updates.xml file as seen here right: > <update appVersion="53.0a2" buildID="20170301084303" channel="aurora" displayVersion="53.0a2" installDate="1488381778682" isCompleteUpdate="false" isOSUpdate="false" name="Firefox Developer Edition 53.0a2" serviceURL="https://aus5.mozilla.org/update/6/Firefox/53.0a2/20170222084056/Linux_x86_64-gcc3/tl/aurora/Linux%204.8.0-37-generic%20(GTK%203.20.9%2Clibpulse%209.0.0)/NA/default/default/update.xml?force=1" showNeverForVersion="false" showPrompt="false" promptWaitTime="691200" backgroundInterval="0" type="minor" detailsURL="https://www.mozilla.org/firefox/aurora/" previousAppVersion="53.0a2" statusText="Nakabinbin na Pag-Install" platformVersion="53.0a2" foregroundDownload="true"><patch type="complete" URL="https://mozilla-nightly-updates.s3.amazonaws.com/mozilla-aurora/20170301084303/Firefox-mozilla-aurora-53.0a2-linux64-tl.complete.mar?versionId=QHCwMXYd4hRMsVirOrqqHEftkl3K1P83" finalURL="https://mozilla-nightly-updates.s3.amazonaws.com/mozilla-aurora/20170301084303/Firefox-mozilla-aurora-53.0a2-linux64-tl.complete.mar?versionId=QHCwMXYd4hRMsVirOrqqHEftkl3K1P83" hashFunction="sha512" hashValue="8a84dd34cca8306b73c7754d8189d6481a6bd2ac0d84b01be358a97d803fd76cae045350fe3c492aec2d9f91f379b52ebfe4ba57f984af6d8d922caa23fc454e" size="65793254" selected="true" state="failed"/></update> If so, I agree, no need to do this. In the future I think it will be good to have hashes of signed objects in a log (some of my thoughts are at https://github.com/mozilla-services/autograph/issues/40#issuecomment-256078864 )but that will be in a different place than here and won't need to be sent to the client.
Flags: needinfo?(tom)
Comment 6•7 years ago
|
||
Filed bug 1373267 to remove the hashFunction and hashValue attributes from nsIUpdatePatch, etc.
Reporter | ||
Comment 7•7 years ago
|
||
We'll have to be careful on the Balrog side to avoid breaking submission tools, and ensure that we continue to serve hashFunction/hashValue to older clients that still require it. I think we'll probably want to continue returning responses that have hashFunction/hashValue in them until we have a watershed that includes the new client code that doesn't require it. When we do make the switch, we'll have to be careful to avoid breaking the submission tools. We'll probably want a new type of blob that accepts hashFunction/hashValue as an input, but doesn't return it in the XML. Once that's in place, we can update the client tools to stop sending it. We'll probably need to branch that code to ensure that we continue to send it for ESR or other other older branches that still require it.
Updated•6 years ago
|
Component: Release Automation: Other → Release Automation: Updates
Updated•11 months ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•