Closed
Bug 1340093
Opened 7 years ago
Closed 7 years ago
Signing server: Pass digest algorithm to jarsigner command
Categories
(Release Engineering :: General, defect)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jlorenzo, Assigned: jlorenzo)
References
Details
Attachments
(1 file, 1 obsolete file)
In bug 1332916, a Java update changed the digest algorithm. We should now force it to SHA1.
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → jlorenzo
|
|
Assignee | |
Updated•7 years ago
|
Group: mozilla-employee-confidential
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 3•7 years ago
|
||
Note: Attachment #8838078 [details] will require people to nuke ~/.android on their own machine. This will regenerate a new debug certificate. Do you think that may be an issue rail? To which mailing-list should I warn people about it?
|
||
Comment 4•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8838077 [details] Bug 1340093 - Signing server: Pass digest algorithm to jarsigner command https://reviewboard.mozilla.org/r/113078/#review114908 LGTM!
Attachment #8838077 -
Flags: review?(rail) → review+
|
|
||
Comment 5•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8838078 [details] Bug 1340093 - Use same digest/signing algorithm as a release build https://reviewboard.mozilla.org/r/113082/#review114910
Attachment #8838078 -
Flags: review?(rail) → review+
:jlorenzo when will this be applied? I will schedule the java 1.6 update for when this is checked-in and running in production.
|
|
Assignee | |
Comment 7•7 years ago
|
||
Thanks for calling this bug out, Dave. I landed attachment 8838077 [details] on build/tools:default at: https://hg.mozilla.org/build/tools/rev/f27b452a2be5683268e1952021d3f36857497d53 . I've been told the signing server needs to be updated manually. I'll handle that next Monday morning. This is more prudent :) Regarding attachment 8838078 [details], what do you think of comment 3, rail? I'm also afraid to break people's workstations :) [1] https://mana.mozilla.org/wiki/display/RelEng/Signing#Signing-Deployingnewcode
Flags: needinfo?(rail)
|
|
||
Comment 8•7 years ago
|
||
Can we wait until we ship multiple releases on March 8th? I'm not that worried about workstations, phones are more important :)
Flags: needinfo?(rail)
Thank you Johan. I'm okay to wait on the jdk update/patch until after March 8th.
|
|
Assignee | |
Comment 10•7 years ago
|
||
Aki published a new version of the signing server[1]. This version takes the changes in comment 13 into account. We can now apply the jdk update, :dhouse! [1] https://hg.mozilla.org/build/tools/rev/7537d9b5bbba
Flags: needinfo?(dhouse)
|
||
Comment 11•7 years ago
|
||
Thank you Johan. I'll plan to update the jdk on Monday. I'm expecting that the new signing server code will be applied/running by then. Do you know if the services pick up the new published version of the signing server, or if it was manually applied?
Flags: needinfo?(dhouse) → needinfo?(jlorenzo)
|
|
Assignee | |
Comment 12•7 years ago
|
||
Comment on attachment 8838078 [details] Bug 1340093 - Use same digest/signing algorithm as a release build Bug 1346296 make sure we use the same algos on the devs' machines. :dhouse, per [1], it's deployed automatically. Aki told me the new signing server is live. [1] https://mana.mozilla.org/wiki/display/RelEng/Signing#Signing-Deployingnewcode
Attachment #8838078 -
Attachment is obsolete: true
Flags: needinfo?(jlorenzo)
|
|
Assignee | |
Comment 13•7 years ago
|
||
Closing this bug out. The new signing server was deployed and bug 1346296 is a follow up.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
||
Updated•7 years ago
|
Component: Tools → General
You need to log in
before you can comment on or make changes to this bug.
Description
•