Make files unwritable after signing step

RESOLVED DUPLICATE of bug 737812

Status

RESOLVED DUPLICATE of bug 737812
7 years ago
6 years ago

People

(Reporter: jhopkins, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [signing])

(Reporter)

Description

7 years ago
I ran into an issue with signing Thunderbird ESR 10 where version '10.0' rather than '10.0esr' was passed to the signing step.  As a result, the already signed-off 10.0 final bits were overwritten.

We should make it more difficult to change bits after they have been signed - to help prevent situations like this from happening - by making those files non-writable. So make sure that what was signed off is what is being pushed to mirrors and avoid costly respins.

Comment 1

7 years ago
I think it would be better to check if the target files exists, then copy files, and fail otherwise.
Priority: -- → P5
Component: Release Engineering → Release Engineering: Automation (Release Automation)
Priority: P5 → --
QA Contact: release → bhearsum
Whiteboard: [signing]

Comment 2

7 years ago
Maybe dupe of bug 737812 since we don't sign as a separate step anymore and Thunderbird will use the same process soon?
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 737812
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.