Closed
Bug 1070227
Opened 10 years ago
Closed 9 years ago
Write a script to sign all existing add-ons
Categories
(addons.mozilla.org Graveyard :: Admin/Editor Tools, defect, P2)
addons.mozilla.org Graveyard
Admin/Editor Tools
Tracking
(Not tracked)
RESOLVED
FIXED
2015-01
People
(Reporter: clouserw, Unassigned)
References
Details
(Whiteboard: [qa-])
Once the signing infrastructure is in place we want to sign all of our existing add-ons. This should probably use celery since it will be long running. This should be able to be re-run without breaking anything. Perhaps checking for a null serialnumber in the `files` table would be the best way to find add-ons which haven't been signed. Note bug 1070191 which might have code this script can leverage or be combined with.
|
||
Updated•10 years ago
|
Assignee: nobody → olivier
|
||
Comment 2•9 years ago
|
||
PR: https://github.com/mozilla/olympia/pull/353 Fixed in https://github.com/mozilla/olympia/commit/6c72c7115419a1dd6d6fae099c436fa4d32a0e3f
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
|
||
Updated•9 years ago
|
Whiteboard: [qa-]
Target Milestone: --- → 2015-01
|
Reporter | |
Comment 3•9 years ago
|
||
I don't think the patch in comment 2 increments add-on versions. For this script we need to ensure that add-on versions get incremented so updates are recognized. Let me know if I missed that part and reclose this bug if I did. Thanks. From emails: > Yes, we need to increment the version. Partly because of the CDN problems > (but those can be worked around), but mostly because we're going to need > to serve signed updates to prevent add-ons from being disabled when Firefox > upgrades, and that won't happen if the version numbers aren't incremented. > > Essentially, Firefox has a very specific version number algorithm[1], and > we need to make sure that we bump the version number in a way that it > understands as a higher version number. Since it only recognizes > 4-component version numbers, my suggestion is: > > 1) For version numbers with 3 or fewer components, add a 4th component of > ".1". So, "3.1" becomes "3.1.0.1", and "3.5.2" becomes "3.5.2.1". > > 2) For version numbers with 4 components, bump the *number* portion of the > 4th component. So, "3.1.0.1" becomes "3.1.0.2", "3.5.1.b" becomes > "3.5.1.1b", and "3.5.1.2b" becomes "3.4.2.3b". > > > [1] https://developer.mozilla.org/en-US/docs/Toolkit_version_format
Assignee: olivier → nobody
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Reporter | |
Comment 4•9 years ago
|
||
Jorge would like this to email the add-on developers and let them know about the change. Jorge - do you want to email just owners or everyone? What should the email say?
Flags: needinfo?(jorge)
|
||
Comment 5•9 years ago
|
||
We will do some mass mailing before this is run so developers are aware of what's coming. We should also notify developers (owner roles only) once their add-ons are signed so they can give the signed versions a try and make sure everything's okay. I've been holding up on this because I haven't had time to write the email text yet. I'll try to get to it this week.
Flags: needinfo?(jorge)
|
|
||
Comment 6•9 years ago
|
||
Here's a draft of what I think we should send developers when they have their add-ons auto-signed: https://etherpad.mozilla.org/auto-sign-email
|
|
||
Comment 7•9 years ago
|
||
:jorgev maybe it needs a few modifications: 1/ in fact it's often multiple versions of addons that are signed: any version that is - reviewed (prelim or full) - compatible with firefox version 4 or more (if the addon is "default to compatible") - compatible with firefox version 37 or more (if the addon is not "default to compatible") 2/ the versions are "signed in place": the current files are signed (we sign the files themselves, so the original file is overwritten with the signed one), the versions have their version bumped (with an added .1-signed) 3/ there's thus no repackaging or approval There's one thing we have to take into consideration also: if we send a mail for each and every version that is signed, some addon owners will have a real mail bomb (some addons have hundreds of versions, not sure how many do qualify for an auto-signing though). So I think we should only send one mail per addon (not one per version), and thus simply tell them about the ".1-signed" addition, not give them all the new version numbers. What do you think?
Flags: needinfo?(jorge)
|
|
Reporter | |
Comment 8•9 years ago
|
||
Definitely want one per add-on, not per-version. I think we should only send to the owners of the add-on, not anyone else on the list
|
|
||
Comment 9•9 years ago
|
||
I agree with Wil. Let's just send a single email. I'm also okay with the modified wording on https://github.com/mozilla/olympia/pull/525, modulo removing the second paragraph.
Flags: needinfo?(jorge)
|
|
||
Comment 10•9 years ago
|
||
PR for the email: https://github.com/mozilla/olympia/pull/525
|
|
||
Comment 11•9 years ago
|
||
Fixed in https://github.com/mozilla/olympia/commit/9a391d88d46b7387d36adf9f4b01a097fcfad372
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → FIXED
|
Assignee | |
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•