632793 - signing scripts should support signing partner repacks after the fact

Status: RESOLVED WONTFIX

(Release Engineering :: Release Automation, defect, P3)

Description

[bhearsum@mozilla.com (:bhearsum)]

Currently, the signing scripts have a "previously signed" mode that allows us to sign locales after the fact. This works fine for normal, unmodified repacks, but doesn't work in a case where we're signing a localized partner repack after the fact. Because we only unpack and cache "firstLocale" in previously signed mode, we still end up resigning all the localized bits of the partner repack, because only the en-US binaries are in the cache.

Ideally, "previously signed" mode should detect which locales it needs to unpack and cache prior to starting to sign things.

Comment 1

[bhearsum@mozilla.com (:bhearsum)]

Until this is fixed, the best way to sign partner repacks after the fact is to rebuild the cache one by one, by calling sign-release.py with --first-locale $locale --keep-cache, for each $locale that has a partner repack that needs signing. Once that's done, you can sign them with --keep-cache. bug 632627 and the 3.6.14 build notes have a concrete example of this (https://wiki.mozilla.org/Releases/Firefox_3.6.14/BuildNotes).

Realistically this is low priority because it's rare that we'll hit it, and there's a workaround.

Comment 2

[John O'Duinn [:joduinn] (please use "needinfo?" flag)]

found in triage - I think this actually lives in the new "RelEng:Automation" component.

Comment 3

[bhearsum@mozilla.com (:bhearsum)]

Mass move of bugs to Release Automation component.

Comment 4

[bhearsum@mozilla.com (:bhearsum)]

We don't use these signing scripts anymore.