Closed Bug 1338232 Opened 7 years ago Closed 7 years ago

Remove md5 and sha1, add sha256 checksums in release automation

Categories

(Release Engineering :: Release Automation: Other, defect, P2)

defect

Tracking

(firefox-esr52 fixed)

RESOLVED FIXED
Tracking Status
firefox-esr52 --- fixed

People

(Reporter: rail, Assigned: mtabara)

References

Details

Attachments

(5 files)

We should stop using and publishing md5/sha1 checksums in release automation. Additionally we should generate sha256 checksums. sha512 checksums can stay as they are.
Comment on attachment 8835833 [details]
Bug 1338232 - remove sha1, md5 from tc nightly graph checksums.

https://reviewboard.mozilla.org/r/111408/#review112686
Attachment #8835833 - Flags: review?(rail) → review+
* didn't test it but isolated functions
* I took the liberty of renaming the file_sha512 since it wasn't used anywhere else in the firefox tree. If there's a slight possiblity of it being used downstream, I'll take the change back and add a separate function within the beetmover script
Attachment #8835857 - Flags: review?(rail)
Comment on attachment 8835833 [details]
Bug 1338232 - remove sha1, md5 from tc nightly graph checksums.

https://hg.mozilla.org/build/puppet/rev/96a4a0b11c67
Attachment #8835833 - Flags: checked-in+
So:
* TC nightlies are done
* there's patch to r? for release promotion
* the only leftover if I'm not wrong is the BB infrastructure (since we've switched to TC nightlies for central and aurora, I suppose that's off the table), which means the Fennec and Thunderbird checksums.

@rail: can you point me with some hints where to look in the infra for the changes?
Comment on attachment 8835857 [details] [diff] [review]
Bug 1338232 - add sha256 to relpro automation.

Review of attachment 8835857 [details] [diff] [review]:
-----------------------------------------------------------------

::: testing/mozharness/mozharness/base/script.py
@@ +2245,2 @@
>          bs = 65536
> +        hasher = hashlib.new(hash_type)

Awwww, thanks for catching this bug!
Attachment #8835857 - Flags: review?(rail) → review+
Status update: 
* TC nightlies are done - not yet landed though via beetmoverscript bump

@rail:
* can I land the patch on central and graft it to aurora/beta/release/esr45?
* the only leftover if I'm not wrong is the BB infrastructure (since we've switched to TC nightlies for central and aurora, I suppose that's off the table), which means the Fennec and Thunderbird checksums. Can you point me with some hints where to look in the code for those changes?

Thanks!
Flags: needinfo?(rail)
(In reply to Mihai Tabara [:mtabara]⌚️GMT from comment #8)
> Status update: 
> * TC nightlies are done - not yet landed though via beetmoverscript bump
> 
> @rail:
> * can I land the patch on central and graft it to aurora/beta/release/esr45?

I'd say uplift to aurora/beta only. The release/esr45 branches will be dead soon. The changes are release automation related. a=release



> * the only leftover if I'm not wrong is the BB infrastructure (since we've
> switched to TC nightlies for central and aurora, I suppose that's off the
> table), which means the Fennec and Thunderbird checksums. Can you point me
> with some hints where to look in the code for those changes?

I believe they use the same script, see

http://archive.mozilla.org/pub/mobile/candidates/52.0b6-candidates/build1/logs/release-mozilla-beta-fennec_checksums-bm74-build1-build17.txt.gz

https://archive.mozilla.org/pub/thunderbird/candidates/52.0b2-candidates/build1/logs/release-comm-beta-thunderbird_checksums-bm74-build1-build6.txt.gz
Flags: needinfo?(rail)
Assignee: nobody → mtabara
(In reply to Mihai Tabara [:mtabara]⌚️GMT from comment #8)
> Status update: 
> * TC nightlies are done - not yet landed though via beetmoverscript bump

TC nightlies are done - sorry for before. They were done as soon as the puppet patch landed. E.g http://archive.mozilla.org/pub/firefox/nightly/2017/02/2017-02-17-11-01-56-mozilla-central/firefox-54.0a1.en-US.linux-i686.checksums 

> @rail:
> * can I land the patch on central and graft it to aurora/beta/release/esr45?
> * the only leftover if I'm not wrong is the BB infrastructure (since we've
> switched to TC nightlies for central and aurora, I suppose that's off the
> table), which means the Fennec and Thunderbird checksums. Can you point me
> with some hints where to look in the code for those changes?
> 
> Thanks!

Incoming reviewboard! :)
Keywords: leave-open
Status: NEW → ASSIGNED
Comment on attachment 8838665 [details]
Bug 1338232 - add sha256 hash in checksums automation.  a=release DONTBUILD

https://reviewboard.mozilla.org/r/113494/#review115072
Attachment #8838665 - Flags: review?(rail) → review+
Pushed by mtabara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7c8ac1b19355
add sha256 hash in checksums automation. r=rail a=release DONTBUILD
The patches from this bug should ensure we have both SHA512SUMS and SHA256SUMS from now on. Let's wait the beta9 on Thursday to see if the changes that will be picked-up are verifying correctly.
Priority: -- → P2
Comment on attachment 8840701 [details]
Bug 1338232 - Fix typo  a=release DONTBUILD

https://reviewboard.mozilla.org/r/115134/#review116612
Attachment #8840701 - Flags: review?(nthomas) → review+
Pushed by raliiev@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/97c3c3880570
Fix typo r=nthomas a=release DONTBUILD
(In reply to Nick Thomas [:nthomas] from comment #19)
> Comment on attachment 8840701 [details]
> Bug 1338232 - Fix typo  a=release DONTBUILD
> 
> https://reviewboard.mozilla.org/r/115134/#review116612

Thanks for fixing this, mea culpa.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
This broke Thunderbird \o/

http://buildbot-master70.bb.releng.use1.mozilla.com:8001/builders/release-comm-beta-thunderbird_checksums/builds/5/steps/run_script/logs/stdio

12:38:23    FATAL - Missing necessary format for file linux-i686/xpi/bg.xpi

If you check generated checksums files, they don't have sha256 :/
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment on attachment 8841060 [details]
Bug 1338232 - Use sha512 only for old release automation.

https://reviewboard.mozilla.org/r/115412/#review116848
Attachment #8841060 - Flags: review?(aki) → review+
Worked fine \o/
Status: REOPENED → RESOLVED
Closed: 7 years ago7 years ago
Resolution: --- → FIXED
Removing leave-open keyword from resolved bugs, per :sylvestre.
Keywords: leave-open
You need to log in before you can comment on or make changes to this bug.