Closed
Bug 1324510
Opened 7 years ago
Closed 7 years ago
Enable SHA384 MAR signing on Oak
Categories
(Release Engineering :: General, defect)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rail, Unassigned)
References
Details
Attachments
(1 file)
6.69 KB,
application/gzip
|
Details |
According to https://bugzilla.mozilla.org/show_bug.cgi?id=1105689#c42 we need to enable SHA384 MAR signing on Oak. This will also require a watershed in Balrog.
Reporter | ||
Comment 1•7 years ago
|
||
Something like https://gist.github.com/rail/46e66ecb78463f8e4a9d90e012ee17d5 should do the trick. Funsize will require more work.
Reporter | ||
Comment 2•7 years ago
|
||
Nick, mind if I merge m-c to oak and land some patches to test this?
Flags: needinfo?(nthomas)
Reporter | ||
Comment 3•7 years ago
|
||
Robert, I'd like to test the following update scenario on Oak. What do you think? Is there anything missing? 1) land the patches from bug 1105689 2) wait for a nightly build. It will be signed with sha1 3) land something like https://gist.github.com/rail/46e66ecb78463f8e4a9d90e012ee17d5 to enable new signing format 4) wait for the following nightly to test the update One caveat, still need to address the partial updates support, which is bug 1325095. I may consider fixing it first.
Flags: needinfo?(robert.strong.bugs)
Comment 5•7 years ago
|
||
I'm not using Oak since the Mac single-arch work finished up. Normally you'd ask rstrong, and at the moment mhowell/agashlin who are testing the stub streamlining.
Flags: needinfo?(nthomas)
Reporter | ||
Updated•7 years ago
|
Assignee: nobody → rail
Reporter | ||
Comment 6•7 years ago
|
||
Abandoning for now until we clarify the requirements.
Assignee: rail → nobody
Reporter | ||
Comment 7•7 years ago
|
||
(In reply to Rail Aliiev [:rail] ⌚️ET - PTO in August from comment #3) > Robert, I'd like to test the following update scenario on Oak. What do you > think? Is there anything missing? > > 1) land the patches from bug 1105689 > 2) wait for a nightly build. It will be signed with sha1 > 3) land something like > https://gist.github.com/rail/46e66ecb78463f8e4a9d90e012ee17d5 to enable new > signing format > 4) wait for the following nightly to test the update > > One caveat, still need to address the partial updates support, which is bug > 1325095. I may consider fixing it first. and we also need ot land the certs from bug 1366007
Reporter | ||
Comment 8•7 years ago
|
||
Copying the new public certs here in case someone doesn't have access to the original bug.
Comment 9•7 years ago
|
||
I have the certs already in my patches and I landed them on oak for testing.
Comment 10•7 years ago
|
||
This bug is fixed. :)
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•6 years ago
|
Component: General Automation → General
You need to log in
before you can comment on or make changes to this bug.
Description
•