Closed
Bug 1290179
Opened 6 years ago
Closed 6 years ago
Automate SHA1 repacks
Categories
(Release Engineering :: Release Automation: Other, defect)
Release Engineering
Release Automation: Other
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rail, Assigned: rail)
References
Details
Attachments
(3 files)
58 bytes,
text/x-review-board-request
|
jlund
:
review+
rail
:
checked-in+
|
Details |
58 bytes,
text/x-github-pull-request
|
mkaply
:
review+
rail
:
checked-in+
|
Details | Review |
48 bytes,
text/x-github-pull-request
|
jlund
:
review+
|
Details | Review |
https://bugzilla.mozilla.org/show_bug.cgi?id=1284484#c5 gives some idea how to run them. * Modify the repack script to accept a config variable which allows skipping the following steps: self.copyFiles() self.addPadding() self.internallySignBuild() self.repackBuild() * create repack configs * schedule the repacks similar to https://github.com/rail/releasetasks/blob/master/releasetasks/templates/firefox/partner_repacks.yml.tmpl#L47-L88 * make sure to exclude them from the main push similar to eme-free in https://github.com/rail/releasetasks/blob/master/releasetasks/templates/firefox/push_to_releases.yml.tmpl#L81 (they will be copied by https://github.com/rail/releasetasks/blob/master/releasetasks/templates/firefox/partner_repacks.yml.tmpl#L129) * Create aliases for installers (Firefox-{,beta,esr}-sha1?) aliases in bouncer * add new bouncer product in https://dxr.mozilla.org/mozilla-central/source/testing/mozharness/configs/releases/bouncer_firefox_release.py and friends, make sure to use the alias, so we update it automatically. Updating the alias may lead to a race condition, especially for betas, when we have repacks still in progress, but we publish to beta. Not sure how to prevent this... I don't really want to block publishing a release on partner repacks. Maybe we can split the update aliases step into 2 and make the second depend on partner repacks.
Comment 1•6 years ago
|
||
Rail, Before we go down this path, is it actually worthwhile to do an SHA1 signed installed based off an installer for a Firefox version that requires SSE2? Specifically--> * User goes to firefox.com to download the browser, on windows, in a system that we can't detect if they are new enough for SHA2 (and thus also can't presumably detect SSE2 support) * User needs to download a Firefox that doesn't require SSE2 (Firefox 48 being the last in that set) * User can then update to a newer Firefox that is signed without SHA1 via our updater code, AND Firefox+Balrog will also detect if the user can download/run a Firefox with SSE2 as a requirement. If however, we don't deem lack of SSE2 Support to be a blocker to detect on the website front, we certainly can do this [SHA1] with newer versions on the download page itself. I'm not sure who makes that call, on the user facing clickthrough paths, but I think it makes sense to get that call before investing in this work.
Comment hidden (mozreview-request) |
Comment 3•6 years ago
|
||
mozreview-review |
Comment on attachment 8782477 [details] Bug 1290179 - Automatically update SHA1 bouncer aliases a=release DONTBUILD https://reviewboard.mozilla.org/r/72642/#review70282
Attachment #8782477 -
Flags: review?(bugspam.Callek) → review+
Assignee | ||
Updated•6 years ago
|
Keywords: leave-open
Pushed by raliiev@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/2c239b4efab7 Add bouncer products for SHA1 installers r=Callek a=release DONTBUILD
Assignee | ||
Comment 5•6 years ago
|
||
Comment on attachment 8782477 [details] Bug 1290179 - Automatically update SHA1 bouncer aliases a=release DONTBUILD https://hg.mozilla.org/integration/mozilla-inbound/rev/2c239b4efab7 https://hg.mozilla.org/releases/mozilla-aurora/rev/18102c4b2276 https://hg.mozilla.org/releases/mozilla-beta/rev/98f83e513e45 https://hg.mozilla.org/releases/mozilla-release/rev/74c318753778 https://hg.mozilla.org/releases/mozilla-esr45/rev/0d30594f9725
Attachment #8782477 -
Flags: checked-in+
Comment 7•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2c239b4efab7
Assignee | ||
Comment 8•6 years ago
|
||
Let's try mkaply this time ;)
Attachment #8784911 -
Flags: review?(mozilla)
Comment 9•6 years ago
|
||
Comment on attachment 8784911 [details] [review] PR reviewed and merged.
Attachment #8784911 -
Flags: review?(mozilla) → review+
Assignee | ||
Comment 10•6 years ago
|
||
Attachment #8785342 -
Flags: review?(jlund)
Assignee | ||
Updated•6 years ago
|
Attachment #8784911 -
Flags: checked-in+
Updated•6 years ago
|
Attachment #8785342 -
Flags: review?(jlund) → review+
Assignee | ||
Comment 11•6 years ago
|
||
Worked fine in Firefox 49.0b8. Still need to enable aliases (https://hg.mozilla.org/integration/mozilla-inbound/rev/2c239b4efab7#l1.16 and friends) after bug 1295275 is live
Depends on: 1295275
Comment hidden (mozreview-request) |
Comment 13•6 years ago
|
||
mozreview-review |
Comment on attachment 8782477 [details] Bug 1290179 - Automatically update SHA1 bouncer aliases a=release DONTBUILD https://reviewboard.mozilla.org/r/72642/#review73292
Attachment #8782477 -
Flags: review?(jlund) → review+
Comment 14•6 years ago
|
||
Pushed by raliiev@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/64b21c1e7b92 Automatically update SHA1 bouncer aliases r=jlund a=release DONTBUILD
Assignee | ||
Comment 15•6 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/64b21c1e7b92 https://hg.mozilla.org/releases/mozilla-aurora/rev/845d630fe4a9 https://hg.mozilla.org/releases/mozilla-beta/rev/a947fabffddd https://hg.mozilla.org/releases/mozilla-release/rev/0e808827a3ed
Comment 16•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/64b21c1e7b92
Assignee | ||
Comment 17•6 years ago
|
||
Worked fine in 49.0b9
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Comment 18•5 years ago
|
||
Removing leave-open keyword from resolved bugs, per :sylvestre.
Keywords: leave-open
You need to log in
before you can comment on or make changes to this bug.
Description
•