Make files unwritable after signing step

RESOLVED DUPLICATE of bug 737812

Status

Release Engineering
Release Automation
RESOLVED DUPLICATE of bug 737812
6 years ago
4 years ago

People

(Reporter: jhopkins, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [signing])

(Reporter)

Description

6 years ago
I ran into an issue with signing Thunderbird ESR 10 where version '10.0' rather than '10.0esr' was passed to the signing step.  As a result, the already signed-off 10.0 final bits were overwritten.

We should make it more difficult to change bits after they have been signed - to help prevent situations like this from happening - by making those files non-writable. So make sure that what was signed off is what is being pushed to mirrors and avoid costly respins.
I think it would be better to check if the target files exists, then copy files, and fail otherwise.
Priority: -- → P5

Updated

6 years ago
Component: Release Engineering → Release Engineering: Automation (Release Automation)
Priority: P5 → --
QA Contact: release → bhearsum
Whiteboard: [signing]
Maybe dupe of bug 737812 since we don't sign as a separate step anymore and Thunderbird will use the same process soon?

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 737812
(Assignee)

Updated

4 years ago
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.