Open Bug 1343891 Opened 7 years ago Updated 11 months ago

consider not generating/publishing hashes for MARs

Categories

(Release Engineering :: Release Automation: Updates, enhancement, P3)

Product:
Release Engineering
Component:
Release Automation: Updates
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: bhearsum, Unassigned)

Details

Yesterday I learned that the hashes we publish in update responses do not get used (https://bugzilla.mozilla.org/show_bug.cgi?id=1343543#c7) when signing is on. Given that we sign MARs on all platforms now, should we stop generating and publishing unnecessary hashes?
Do we still need to publish the size of MARs?
Priority: -- → P3
(In reply to Rail Aliiev [:rail] ⌚️ET from comment #1)
> Do we still need to publish the size of MARs?

Yes
Tom, Julien, any thoughts on this?
Flags: needinfo?(tom)
Flags: needinfo?(jvehent)
I think MAR signing (and possibly signing the XML documents in bug 1304782) provides sufficient security, so OK to remove the hashes.
Flags: needinfo?(jvehent)
Just to make sure I understand, we're talking about the sha512 in the updates.xml file as seen here right:

> <update appVersion="53.0a2" buildID="20170301084303" channel="aurora" displayVersion="53.0a2" installDate="1488381778682" isCompleteUpdate="false" isOSUpdate="false" name="Firefox Developer Edition 53.0a2" serviceURL="https://aus5.mozilla.org/update/6/Firefox/53.0a2/20170222084056/Linux_x86_64-gcc3/tl/aurora/Linux%204.8.0-37-generic%20(GTK%203.20.9%2Clibpulse%209.0.0)/NA/default/default/update.xml?force=1" showNeverForVersion="false" showPrompt="false" promptWaitTime="691200" backgroundInterval="0" type="minor" detailsURL="https://www.mozilla.org/firefox/aurora/" previousAppVersion="53.0a2" statusText="Nakabinbin na Pag-Install" platformVersion="53.0a2" foregroundDownload="true"><patch type="complete" URL="https://mozilla-nightly-updates.s3.amazonaws.com/mozilla-aurora/20170301084303/Firefox-mozilla-aurora-53.0a2-linux64-tl.complete.mar?versionId=QHCwMXYd4hRMsVirOrqqHEftkl3K1P83" finalURL="https://mozilla-nightly-updates.s3.amazonaws.com/mozilla-aurora/20170301084303/Firefox-mozilla-aurora-53.0a2-linux64-tl.complete.mar?versionId=QHCwMXYd4hRMsVirOrqqHEftkl3K1P83" hashFunction="sha512" hashValue="8a84dd34cca8306b73c7754d8189d6481a6bd2ac0d84b01be358a97d803fd76cae045350fe3c492aec2d9f91f379b52ebfe4ba57f984af6d8d922caa23fc454e" size="65793254" selected="true" state="failed"/></update>

If so, I agree, no need to do this. 

In the future I think it will be good to have hashes of signed objects in a log (some of my thoughts are at https://github.com/mozilla-services/autograph/issues/40#issuecomment-256078864 )but that will be in a different place than here and won't need to be sent to the client.
Flags: needinfo?(tom)
Filed bug 1373267 to remove the hashFunction and hashValue attributes from nsIUpdatePatch, etc.
We'll have to be careful on the Balrog side to avoid breaking submission tools, and ensure that we continue to serve hashFunction/hashValue to older clients that still require it. I think we'll probably want to continue returning responses that have hashFunction/hashValue in them until we have a watershed that includes the new client code that doesn't require it.

When we do make the switch, we'll have to be careful to avoid breaking the submission tools. We'll probably want a new type of blob that accepts hashFunction/hashValue as an input, but doesn't return it in the XML. Once that's in place, we can update the client tools to stop sending it. We'll probably need to branch that code to ensure that we continue to send it for ESR or other other older branches that still require it.
Component: Release Automation: Other → Release Automation: Updates
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.