Signing server: Pass digest algorithm to jarsigner command

RESOLVED FIXED

Status

Release Engineering
General
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: jlorenzo, Assigned: jlorenzo)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

MozReview Requests

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

a year ago
In bug 1332916, a Java update changed the digest algorithm. We should now force it to SHA1.
(Assignee)

Updated

a year ago
Assignee: nobody → jlorenzo
(Assignee)

Updated

a year ago
Group: mozilla-employee-confidential
Comment hidden (mozreview-request)
Comment hidden (mozreview-request)
(Assignee)

Comment 3

a year ago
Note: Attachment #8838078 [details] will require people to nuke ~/.android on their own machine. This will regenerate a new debug certificate. Do you think that may be an issue rail? To which mailing-list should I warn people about it?
Comment on attachment 8838077 [details]
Bug 1340093 - Signing server: Pass digest algorithm to jarsigner command

https://reviewboard.mozilla.org/r/113078/#review114908

LGTM!
Attachment #8838077 - Flags: review?(rail) → review+
Comment on attachment 8838078 [details]
Bug 1340093 - Use same digest/signing algorithm as a release build

https://reviewboard.mozilla.org/r/113082/#review114910
Attachment #8838078 - Flags: review?(rail) → review+
:jlorenzo when will this be applied? I will schedule the java 1.6 update for when this is checked-in and running in production.
(Assignee)

Comment 7

a year ago
Thanks for calling this bug out, Dave.

I landed attachment 8838077 [details] on build/tools:default at: https://hg.mozilla.org/build/tools/rev/f27b452a2be5683268e1952021d3f36857497d53 . I've been told the signing server needs to be updated manually. I'll handle that next Monday morning. This is more prudent :)

Regarding attachment 8838078 [details], what do you think of comment 3, rail? I'm also afraid to break people's workstations :)

[1] https://mana.mozilla.org/wiki/display/RelEng/Signing#Signing-Deployingnewcode
Flags: needinfo?(rail)
Can we wait until we ship multiple releases on March 8th?

I'm not that worried about workstations, phones are more important :)
Flags: needinfo?(rail)
Thank you Johan. I'm okay to wait on the jdk update/patch until after March 8th.
(Assignee)

Comment 10

a year ago
Aki published a new version of the signing server[1]. This version takes the changes in comment 13 into account. We can now apply the jdk update, :dhouse!

[1] https://hg.mozilla.org/build/tools/rev/7537d9b5bbba
Flags: needinfo?(dhouse)
Thank you Johan. I'll plan to update the jdk on Monday. I'm expecting that the new signing server code will be applied/running by then. Do you know if the services pick up the new published version of the signing server, or if it was manually applied?
Flags: needinfo?(dhouse) → needinfo?(jlorenzo)
(Assignee)

Updated

a year ago
Blocks: 1346296
(Assignee)

Comment 12

a year ago
Comment on attachment 8838078 [details]
Bug 1340093 - Use same digest/signing algorithm as a release build

Bug 1346296 make sure we use the same algos on the devs' machines.

:dhouse, per [1], it's deployed automatically. Aki told me the new signing server is live. 

[1] https://mana.mozilla.org/wiki/display/RelEng/Signing#Signing-Deployingnewcode
Attachment #8838078 - Attachment is obsolete: true
Flags: needinfo?(jlorenzo)
(Assignee)

Comment 13

a year ago
Closing this bug out. The new signing server was deployed and bug 1346296 is a follow up.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED

Updated

a year ago
Blocks: 1346968
Component: Tools → General
Product: Release Engineering → Release Engineering
You need to log in before you can comment on or make changes to this bug.