Automate signing of hotfix XPIs

RESOLVED WONTFIX

Status

Release Engineering
General
P3
normal
RESOLVED WONTFIX
6 years ago
2 months ago

People

(Reporter: coop, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [signing][xpi])

(Reporter)

Description

6 years ago
The security team would like us to get rid of keymaster, but we still rely on keymaster to sign Thunderbird releases (bug 730328) and hotfix XPIs.

We should find a way to automate the signing of hotfix XPIs using the new linux signing servers, possibly by using some kind of dropbox-type utility.

Updated

6 years ago
Depends on: 759180
Priority: -- → P3
(Assignee)

Updated

5 years ago
Product: mozilla.org → Release Engineering
I'm hoping that the new AMO signing infra will start signing hotfixes...
Mossop, am I reading bug 1151537 correctly that hotfixes will be signed by the AMO infra from now? If that's the case, I think it means that there's no need for RelEng to maintain XPI signing certs.
Flags: needinfo?(dtownsend)
(In reply to Ben Hearsum [:bhearsum] from comment #2)
> Mossop, am I reading bug 1151537 correctly that hotfixes will be signed by
> the AMO infra from now? If that's the case, I think it means that there's no
> need for RelEng to maintain XPI signing certs.

That is correct yes.
Flags: needinfo?(dtownsend)
(In reply to Dave Townsend [:mossop] from comment #3)
> (In reply to Ben Hearsum [:bhearsum] from comment #2)
> > Mossop, am I reading bug 1151537 correctly that hotfixes will be signed by
> > the AMO infra from now? If that's the case, I think it means that there's no
> > need for RelEng to maintain XPI signing certs.
> 
> That is correct yes.

Thanks!
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
(Assignee)

Updated

2 months ago
Component: General Automation → General
Product: Release Engineering → Release Engineering
You need to log in before you can comment on or make changes to this bug.