Closed Bug 723526 Opened 13 years ago Closed 13 years ago

Make files unwritable after signing step

Categories

(Release Engineering :: Release Automation, defect)

Product:
Release Engineering
Component:
Release Automation
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 737812

People

(Reporter: jhopkins, Unassigned)

Details

(Whiteboard: [signing])

I ran into an issue with signing Thunderbird ESR 10 where version '10.0' rather than '10.0esr' was passed to the signing step. As a result, the already signed-off 10.0 final bits were overwritten. We should make it more difficult to change bits after they have been signed - to help prevent situations like this from happening - by making those files non-writable. So make sure that what was signed off is what is being pushed to mirrors and avoid costly respins.
I think it would be better to check if the target files exists, then copy files, and fail otherwise.
Priority: -- → P5
Component: Release Engineering → Release Engineering: Automation (Release Automation)
Priority: P5 → --
QA Contact: release → bhearsum
Whiteboard: [signing]
Maybe dupe of bug 737812 since we don't sign as a separate step anymore and Thunderbird will use the same process soon?
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.