Closed Bug 373116 Opened 13 years ago Closed 13 years ago

verify that what we ship is what we tested

Categories

(Release Engineering :: General, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 372765

People

(Reporter: rhelmer, Assigned: rhelmer)

References

Details

Attachments

(1 file)

For Firefox and Thunderbird builds, there are two differences between the files that QA tests and the files that are actually shipped:

* renamed from e.g. product-version.locale.os.??? (aka "prestage") to e.g. "win32/en-US/Firefox Setup 2.0.0.2.exe" (exact filename depends on OS) aka ("stage").

* Windows builds are signed using the authenticode tool

I'd like to be able to prove that the candidate builds tested are what was actually pushed ("stage" builds are copied directly to the release directory). Linux and Mac builds should be identical, so it's pretty simple to compare those.

To check Windows we could unpack each prestage/stage pair and check the contents. 

I think what would be ideal is a tool that (1) verifies the existence and validity of the authenticode signature and (2) ignores that signature when comparing against the equivalent "prestage" file. I don't know enough yet about authenticode to know if this is feasible.
Assignee: nobody → rhelmer
Blocks: end2end-bld
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 372765
Component: Testing → Release Engineering
Product: Core → mozilla.org
QA Contact: testing → release
Version: Trunk → other
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.