Closed
Bug 1845368
Opened 9 months ago
Closed 9 months ago
set-up `pine` as a permanent project branch for the Desktop Integrations team
Categories
(Release Engineering :: General, task)
Release Engineering
General
Tracking
(firefox117 fixed)
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox117 | --- | fixed |
People
(Reporter: bhearsum, Assigned: bhearsum)
References
Details
Attachments
(6 files)
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
55 bytes,
text/x-github-pull-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review |
This team has special requirements when working on the installer and the updater, specifically:
- We need updates to work on a dedicated channel (we'll use
nighly-pine
)- Another part of this is ensuring that the certificates we build into the updater binary match what we sign with (in this case: the nightly certs - see below).
- We need to publish builds to archive.mozilla.org (this is implied by needing updates...but I'll call it out explicitly as well).
- We need to sign with real certificates to ensure that testing is as close to
mozilla-central
as possible. (Self signed certificates do not work for certain scenarios. This is slightly unusual, but not unprecedented. We did it previously with oak, and also for the most recent project onpine
.)
The last time we set-up a branch like this was over in https://bugzilla.mozilla.org/show_bug.cgi?id=1518570, which should provide some inspiration for the changes needed here.
Assignee | ||
Comment 1•9 months ago
|
||
Assignee | ||
Comment 2•9 months ago
|
||
Pushed by bhearsum@mozilla.com: https://hg.mozilla.org/ci/ci-configuration/rev/0c2c86ddf4cd remove unnecessary scopes from pine; drop pine-stable entirely r=releng-reviewers,gbrown
Pushed by bhearsum@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/cd968bb2d516 set-up pine as a branch that supports nightly updates r=releng-reviewers,taskgraph-reviewers,gbrown
Comment 5•9 months ago
|
||
bugherder |
Assignee | ||
Comment 6•9 months ago
|
||
Pushed by bhearsum@mozilla.com: https://hg.mozilla.org/ci/ci-configuration/rev/79b8c9e20449 add cron targets for pine nightly builds r=releng-reviewers,gbrown
Comment 8•9 months ago
|
||
Assignee | ||
Comment 9•9 months ago
|
||
Also:
- Drop it from the list of release promotion projects, because we won't be running release promotion there
- Add it to the nightly scope list for signing, so we can sign with real certs
Comment 10•9 months ago
|
||
Pushed by bhearsum@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/79b0fc180757 mark pine as a release project, so we can use level 3 workers r=releng-reviewers,taskgraph-reviewers,hneiva
Comment 11•9 months ago
|
||
bugherder |
Assignee | ||
Comment 12•9 months ago
|
||
We're already signing with these certificates, but I missed this change that's needed to make sure the updater is verifying with this. Currently it's using dep1
and dep2
, which cause a validation error when trying to update.
Comment 13•9 months ago
|
||
Pushed by bhearsum@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0252ecd5496b embed production mar certificates into pine builds r=bytesized,application-update-reviewers
Comment 14•9 months ago
|
||
bugherder |
You need to log in
before you can comment on or make changes to this bug.
Description
•