For awhile we thought we'd be able to continue excluding partner repacks from the OS X signature. On Friday, we discovered that that is NOT the case - these files will have to move into Contents/Resources until such time that we have a way to do partner repacks without putting the files in the .app (eg, by using an installer). In order to make sure our partner builds run on 10.9.5 and higher, we'll need to sign them after doing the repackaging steps. Stephen, I know the app changes required are low priority, but we can probably prepare our side of things in the meantime. Did I capture this correctly?
Yes, that seems right. Also, rstrong offered to handle the client side changes. If you have questions about the client side changes, he'll probably have the most up-to-date info.
Created attachment 8493299 [details] [diff] [review] do dmg signing for partner repacks This patch is very simple, but landing it will be more complex. I intend to tag the current tip of the default branch of partner repacks with something like MAC_V1_SIGNING, and then land this patch. I'll change all of the release config templates to use MAC_V1_SIGNING as their partner repacks rev. When 34.0b1 goes to Beta, I'll change the Beta template back to use "default" as the partner repacks rev, because 34.0 requires v2 signatures. I tested this on partner-repack1 and it appeared to work: 2014-09-22 12:33:12,269 - Executing python /Users/cltbld/bhearsum/partner-repacks/scripts/tools/release/signing/signtool.py -t /Users/cltbld/bhearsum/partner-repacks/scripts/token -n /Users/cltbld/bhearsum/partner-repacks/scripts/nonce -c /Users/cltbld/bhearsum/partner-repacks/scripts/tools/release/signing/host.cert -H dmgv2:mac-v2-signing3.srv.releng.scl3.mozilla.com:9110 -H gpg:signing4.srv.releng.scl3.mozilla.com:9110 --formats gpg --formats dmgv2 "Firefox 33.0b5.dmg" 2014-09-22 12:33:12,269 - in /Users/cltbld/bhearsum/partner-repacks/scripts/repacked_builds/33.0b5/build1/partner-repacks/bing/mac/en-US/working 2014-09-22 12:33:13,533 - 26749c2e2c2714f517181db02c392e5fb602565b: processing Firefox 33.0b5.dmg on https://signing4.srv.releng.scl3.mozilla.com:9110 2014-09-22 12:33:13,545 - 26749c2e2c2714f517181db02c392e5fb602565b: uploading for signing 2014-09-22 12:33:19,151 - 26749c2e2c2714f517181db02c392e5fb602565b: processing Firefox 33.0b5.dmg on https://signing4.srv.releng.scl3.mozilla.com:9110 2014-09-22 12:33:19,186 - 26749c2e2c2714f517181db02c392e5fb602565b: OK 2014-09-22 12:33:22,001 - 914e97b70aa45ac8a51b5db36eb456bdfb049575: processing Firefox 33.0b5.dmg.tar.gz on https://mac-v2-signing3.srv.releng.scl3.mozilla.com:9110 2014-09-22 12:33:22,025 - 914e97b70aa45ac8a51b5db36eb456bdfb049575: uploading for signing 2014-09-22 12:33:30,557 - 914e97b70aa45ac8a51b5db36eb456bdfb049575: processing Firefox 33.0b5.dmg.tar.gz on https://mac-v2-signing3.srv.releng.scl3.mozilla.com:9110 2014-09-22 12:33:39,868 - 914e97b70aa45ac8a51b5db36eb456bdfb049575: OK 2014-09-22 12:33:40,708 - Done repacking mac build Firefox 33.0b5.dmg 2014-09-22 12:33:40,722 - Found /Users/cltbld/bhearsum/partner-repacks/scripts/original_builds/33.0b5/build1/win32/en-US/Firefox Setup 33.0b5.exe o
Created attachment 8493709 [details] [diff] [review] use MAC_V1_SIGNING tag for partner repacks I also took the liberty of removing this repo from places we don't actually use it.
This is fixed. We'll revert the buildbot-configs patch for Beta when we build 34.0b1, in bug 1056839. We'll need to do the same for release, I don't see a bug for that yet though.
Something here landed in production today: https://wiki.mozilla.org/ReleaseEngineering/Maintenance#Reconfigs_.2F_Deployments
> do partner repacks without putting the files in the .app (eg, by using an installer) Partner repacks should look like and install exactly like the official builds. That's the point of repacks. If we need an installer, then install rate will drop notably.