Closed Bug 1226641 Opened 9 years ago Closed 8 years ago

Release Promotion should sign the signing tasks

Categories

(Release Engineering :: Release Automation: Other, defect)

Product:
Release Engineering
Component:
Release Automation: Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: Callek, Assigned: Callek)

References

Details

Attachments

(3 files, 1 obsolete file)

[puppet] WIP
2.34 KB, patch
jlund
: review+
Details | Diff | Splinter Review
[releasetasks] merely a WIP
47 bytes, text/x-github-pull-request
jlund
: feedback+
Details | Review
[tools] pass signing key down
1.22 KB, patch
rail
: review+
Details | Diff | Splinter Review 
To support the hardening we did for funsize (c.f. https://github.com/mozilla/funsize/pull/24/files ) we need to sign the signing tasks.

This will require puppet changes too, ala http://hg.mozilla.org/build/puppet/rev/4b09a04d4a3d
Noteworthy, https://github.com/mozilla/signingworker/pull/12/files means that we currently must use the same key as we use for funsize.

That should be ok...
Attached patch [tools] WIP (obsolete) — Splinter Review 
This is untested, and my WIP....
Attachment #8696075 - Flags: feedback?(jlund)
Attached patch [puppet] WIPSplinter Review 

        Attachment #8696076 -
        Flags: review?(jlund)

    
    

    
  


  
This PR too, is untested, and will need tests written. I just wanted to get it up prior to mozlando.

        Attachment #8696081 -
        Flags: feedback?(jlund)

    
    

    
  
Comment on attachment 8696076 [details] [diff] [review]
[puppet] WIP

Review of attachment 8696076 [details] [diff] [review]:
-----------------------------------------------------------------

::: modules/releaserunner/manifests/init.pp
@@ +79,4 @@
>              owner     => "${users::builder::username}",
>              group     => "${users::builder::group}",
>              source    => "puppet:///modules/$module_name/docker-worker-pub.pem"
> +        # XXX: Todo name funsize_signing_pvt_key better for current use-case

++

        Attachment #8696076 -
        Flags: review?(jlund) → review+

        Attachment #8696075 -
        Flags: feedback?(jlund) → feedback+

        Attachment #8696081 -
        Flags: feedback?(jlund) → feedback+

    
    

    
  


  

        Attachment #8696075 -
        Attachment is obsolete: true

        Attachment #8701493 -
        Flags: review?(rail)

    
  

        Attachment #8701493 -
        Flags: review?(rail) → review+

    
    

    
  
This looks to be working
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED

    
    

    
  
Had the following in this comment for a long while, unsubmitted:

https://hg.mozilla.org/build/puppet/rev/85a0ac317be3
https://hg.mozilla.org/build/puppet/rev/41efb71f3c7e

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: