59 bytes, text/x-review-board-request
In bug 1332916, a Java update changed the digest algorithm. We should now force it to SHA1.
Note: Attachment #8838078 [details] will require people to nuke ~/.android on their own machine. This will regenerate a new debug certificate. Do you think that may be an issue rail? To which mailing-list should I warn people about it?
Comment on attachment 8838077 [details] Bug 1340093 - Signing server: Pass digest algorithm to jarsigner command https://reviewboard.mozilla.org/r/113078/#review114908 LGTM!
Attachment #8838077 - Flags: review?(rail) → review+
Comment on attachment 8838078 [details] Bug 1340093 - Use same digest/signing algorithm as a release build https://reviewboard.mozilla.org/r/113082/#review114910
Attachment #8838078 - Flags: review?(rail) → review+
:jlorenzo when will this be applied? I will schedule the java 1.6 update for when this is checked-in and running in production.
Thanks for calling this bug out, Dave. I landed attachment 8838077 [details] on build/tools:default at: https://hg.mozilla.org/build/tools/rev/f27b452a2be5683268e1952021d3f36857497d53 . I've been told the signing server needs to be updated manually. I'll handle that next Monday morning. This is more prudent :) Regarding attachment 8838078 [details], what do you think of comment 3, rail? I'm also afraid to break people's workstations :)  https://mana.mozilla.org/wiki/display/RelEng/Signing#Signing-Deployingnewcode
Can we wait until we ship multiple releases on March 8th? I'm not that worried about workstations, phones are more important :)
Thank you Johan. I'm okay to wait on the jdk update/patch until after March 8th.
Aki published a new version of the signing server. This version takes the changes in comment 13 into account. We can now apply the jdk update, :dhouse!  https://hg.mozilla.org/build/tools/rev/7537d9b5bbba
Thank you Johan. I'll plan to update the jdk on Monday. I'm expecting that the new signing server code will be applied/running by then. Do you know if the services pick up the new published version of the signing server, or if it was manually applied?
Flags: needinfo?(dhouse) → needinfo?(jlorenzo)
Comment on attachment 8838078 [details] Bug 1340093 - Use same digest/signing algorithm as a release build Bug 1346296 make sure we use the same algos on the devs' machines. :dhouse, per , it's deployed automatically. Aki told me the new signing server is live.  https://mana.mozilla.org/wiki/display/RelEng/Signing#Signing-Deployingnewcode
Attachment #8838078 - Attachment is obsolete: true
Closing this bug out. The new signing server was deployed and bug 1346296 is a follow up.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Component: Tools → General
Product: Release Engineering → Release Engineering
You need to log in before you can comment on or make changes to this bug.