package signing check in service/monitor signs an invalid app

RESOLVED WORKSFORME

Status

RESOLVED WORKSFORME
4 years ago
4 years ago

People

(Reporter: eviljeff, Unassigned)

Tracking

x86_64
Windows 7
Points:
---

Details

(Reporter)

Description

4 years ago
https://github.com/mozilla/zamboni/blob/master/apps/amo/monitors.py#L253 
signs 
https://github.com/mozilla/zamboni/blob/master/apps/amo/nagios_check_packaged_app.zip 
but the manifest isn't in the root of the zip (its in a subfolder), so isn't actually a valid app.

The check should either fail on an invalid zip file, or at a minimum we should be testing with a valid zip.
This specific monitoring command checks that the signer is up and running. Since the signer is not responsible for validating apps then it makes sense for it not to fail on an invalid app. It's a little weird but for the sole purpose of monitoring, I think it's ok to perform a signing check like this. Feel free to re-open if there's something I missed.

As an aside, I don't see a monitoring check that probes the validator to see if it's up and running. That would be nice to have since we've seen it go down before.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.