Closed Bug 640168 Opened 13 years ago Closed 8 years ago

push to mirrors should verify that nothing has changed since the virus scan / permissions check

Categories

(Release Engineering :: Release Automation: Other, defect, P5)

Product:
Release Engineering
Component:
Release Automation: Other
Platform:
x86_64
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bhearsum, Unassigned)

References

Details

(Whiteboard: [automation][releases]) 

Recently we started running the permissions check and virus scan well ahead of pushing to mirrors. This is great for getting those things out of the critical path but it leaves us vulnerable to attack if someone modifies files between those checks and pushing to mirrors. We should verify that nothing changes between those checks and pushing.

One idea to do this is to use "--out-format=%B %l %M %U %G %f" when running the "rsync -n -av ...". This will print out file sizes, permissions, owners, groups, modified times, and the file names. Then, at the start of push to mirrors we should re-run that rsync and compare the output. If those match there should be no reason to check file hashes, because those are already in *SUMS, which we've verified haven't changed.

Doing the above reduces our exposure window significantly, I don't think it eliminates it completely, though. If we do it, we should probably wait until the permissions checks and virus scan are done before running the rsync -n.
found in triage.
Priority: -- → P5
Whiteboard: [automation][releases]
No longer blocks: hg-automation
Mass move of bugs to Release Automation component.
Blocks: hg-automation
Component: Release Engineering → Release Engineering: Automation (Release Automation)
No longer blocks: hg-automation
Product: mozilla.org → Release Engineering
The files we upload are write-only-once, so this should be addressed.
Status: NEW → RESOLVED
Closed: 8 years ago
QA Contact: rail
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.