Closed Bug 373116 Opened 17 years ago Closed 17 years ago

verify that what we ship is what we tested

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 372765

People

(Reporter: rhelmer, Assigned: rhelmer)

References

Details

Attachments

(1 file)

naive way to do this, e.g. unpack and "diff -r".
482 bytes, application/x-shellscript
Details 
For Firefox and Thunderbird builds, there are two differences between the files that QA tests and the files that are actually shipped:

* renamed from e.g. product-version.locale.os.??? (aka "prestage") to e.g. "win32/en-US/Firefox Setup 2.0.0.2.exe" (exact filename depends on OS) aka ("stage").

* Windows builds are signed using the authenticode tool

I'd like to be able to prove that the candidate builds tested are what was actually pushed ("stage" builds are copied directly to the release directory). Linux and Mac builds should be identical, so it's pretty simple to compare those.

To check Windows we could unpack each prestage/stage pair and check the contents. 

I think what would be ideal is a tool that (1) verifies the existence and validity of the authenticode signature and (2) ignores that signature when comparing against the equivalent "prestage" file. I don't know enough yet about authenticode to know if this is feasible.
Assignee: nobody → rhelmer
Blocks: end2end-bld
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Component: Testing → Release Engineering
Product: Core → mozilla.org
QA Contact: testing → release
Version: Trunk → other
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: