Closed
Bug 915131
Opened 11 years ago
Closed 10 years ago
document jar secret details on signing docs
Categories
(Release Engineering :: General, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: bhearsum, Assigned: mozilla)
Details
We just need some brief details on how to generate jar secrets on https://intranet.mozilla.org/RelEngWiki/index.php/Signing#Set_up_.22secrets.22_directory.
Comment 1•10 years ago
|
||
Now at https://mana.mozilla.org/wiki/display/RelEng/Signing. I was wondering how android signing worked today.
Reporter | ||
Comment 2•10 years ago
|
||
Aki, any chance you can do this before you leave us?
Flags: needinfo?(escapewindow+mozbugs)
Assignee | ||
Comment 3•10 years ago
|
||
What do you mean by jar secrets? Generating a signing key?
Flags: needinfo?(bhearsum)
Assignee | ||
Comment 4•10 years ago
|
||
Or changing the passphrase?
Reporter | ||
Comment 5•10 years ago
|
||
(In reply to Aki Sasaki [:aki] from comment #3) > What do you mean by jar secrets? Generating a signing key? Basically, how do I go from nothing -> having the bits I need to do JAR signing. So signing key generation, any conversion that needs to happen, etc. Changing the passphrase could be useful too.
Flags: needinfo?(bhearsum)
Assignee | ||
Comment 6•10 years ago
|
||
Ok, I'll take it. The biggest thing here is probably an admonition that losing the signing key for android will be Very Very Bad, as in losing everyone's profile bad. But there may be a need for a new one for some reason, so it may be useful.
Assignee: nobody → escapewindow+mozbugs
Flags: needinfo?(escapewindow+mozbugs)
Assignee | ||
Comment 7•10 years ago
|
||
Android-signing-on-demand is https://bugzilla.mozilla.org/show_bug.cgi?id=705807 . I was actually not a part of this, nor did I deal much with signing* so I don't know what was done with the jar secrets. I also don't seem to have access to log into signing* so I can't try to reverse engineer it currently. https://bugzilla.mozilla.org/show_bug.cgi?id=705807 was the signing-on-demand bug.... looks like Catlee set up the server + in-tree makefiles, and then I did the client-side stuff. http://developer.android.com/tools/publishing/app-signing.html#cert are the official docs for private key creation. http://stackoverflow.com/questions/4387954/changing-android-signing-key-password for changing the passwords... essentially 'keytool' allows for a new keypass and storepass (there are two passphrases). https://bugzilla.mozilla.org/show_bug.cgi?id=562843 has attempts at creating an official Verisign android signing key, and found it was impossible... Google *requires* a cert with an expiration date longer than 22 October 2033. If we lose our secrets/keys, we are going to have to abandon all of our current Firefox for Android installs for Nightly, Beta, and Release, and publish a new product and convince people it's really us and have them install it manually. It will be Bad.
Assignee | ||
Comment 8•10 years ago
|
||
(In reply to Aki Sasaki [:aki] from comment #7) > Android-signing-on-demand is > https://bugzilla.mozilla.org/show_bug.cgi?id=705807 . I was actually not a > part of this, nor did I deal much with signing* so I don't know what was > done with the jar secrets. I also don't seem to have access to log into > signing* so I can't try to reverse engineer it currently. > > https://bugzilla.mozilla.org/show_bug.cgi?id=705807 was the > signing-on-demand bug.... looks like Catlee set up the server + in-tree > makefiles, and then I did the client-side stuff. Yes, these contradict each other. I was a part of this, but did not touch the server- or jar-secrets- side.
Assignee | ||
Comment 9•10 years ago
|
||
From http://hg.mozilla.org/build/tools/file/1076430daae4/lib/python/signing/utils.py#l191 and http://hg.mozilla.org/build/tools/file/1076430daae4/release/signing/signscript.py#l115 it looks like we just have the keystore copied onto the server.
Assignee | ||
Comment 10•10 years ago
|
||
Updated https://mana.mozilla.org/wiki/display/RelEng/Signing#Signing-Setup%22secrets%22directory with my guesses sans-signing* server access.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Component: General Automation → General
You need to log in
before you can comment on or make changes to this bug.
Description
•