774199 - Bad gpg signatures on partial mar files

Status: VERIFIED FIXED

(Release Engineering :: General, defect)

Description

[Nick Thomas [:nthomas] (UTC+12)]

eg:
nthomas@upload1:/pub/mozilla.org/firefox/candidates/14.0.1-candidates/build1/update/win32/en-US$ for f in *asc; do echo $f; gpg --verify $f; echo; done
firefox-13.0.1-14.0.1.partial.mar.asc
gpg: Signature made Mon 16 Jul 2012 12:07:05 AM PDT using DSA key ID C52175E2
gpg: BAD signature from "Mozilla Software Releases <releases@mozilla.org>"

firefox-13.0.2-14.0.1.partial.mar.asc
gpg: Signature made Fri 13 Jul 2012 05:23:31 PM PDT using DSA key ID C52175E2
gpg: BAD signature from "Mozilla Software Releases <releases@mozilla.org>"

firefox-14.0.1.complete.mar.asc
gpg: Signature made Fri 13 Jul 2012 05:20:59 PM PDT using DSA key ID C52175E2
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9D03 193D 6BDC 541B D796  C4E4 7F4D 6645 1EBC AB3A
     Subkey fingerprint: 247C A658 AA95 F617 1EB0  F13E A7D7 5CC7 C521 75E2

The 1st partial listed was manually generated, the 2nd was generated by a build slave.

Comment 1

[Nick Thomas [:nthomas] (UTC+12)]

This is also true for 11.0/12.0/13.0. Strange that it affects completes and not partials.

Comment 2

[Nick Thomas [:nthomas] (UTC+12)]

Oops, I meant that it's strange that this affects partials and not completes.

Comment 3

[Nick Thomas [:nthomas] (UTC+12)]

Attachment: en-US fix

Comment 4

[Nick Thomas [:nthomas] (UTC+12)]

Attachment: locales fix

Comment 5

[Nick Thomas [:nthomas] (UTC+12)]

Comment on attachment 647367 [details] [diff] [review]
en-US fix

http://hg.mozilla.org/build/buildbotcustom/rev/a999285bfdb3

Comment 6

[Nick Thomas [:nthomas] (UTC+12)]

Comment on attachment 647368 [details] [diff] [review]
locales fix

http://hg.mozilla.org/build/tools/rev/bb3777732463

Comment 7

[Nick Thomas [:nthomas] (UTC+12)]

Will verify in releases starting in the next day or so, but since this matches what we do for completes lets call it FIXED.

Comment 8

[Rail Aliiev [:rail]]

en-US:

$ wget -q ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/15.0b3-candidates/build1/update/linux-i686/en-US/firefox-15.0b2-15.0b3.partial.mar ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/15.0b3-candidates/build1/update/linux-i686/en-US/firefox-15.0b2-15.0b3.partial.mar.asc

$ gpg --verify firefox-15.0b2-15.0b3.partial.mar.asc 
gpg: Signature made Tue 31 Jul 2012 07:15:12 PM EDT using DSA key ID C52175E2
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9D03 193D 6BDC 541B D796  C4E4 7F4D 6645 1EBC AB3A
     Subkey fingerprint: 247C A658 AA95 F617 1EB0  F13E A7D7 5CC7 C521 75E2

localized:

$ wget -q ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/15.0b3-candidates/build1/update/linux-i686/fr/firefox-15.0b2-15.0b3.partial.mar.asc ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/15.0b3-candidates/build1/update/linux-i686/fr/firefox-15.0b2-15.0b3.partial.mar    

$ gpg --verify firefox-15.0b2-15.0b3.partial.mar.asc
gpg: Signature made Tue 31 Jul 2012 07:20:59 PM EDT using DSA key ID C52175E2
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9D03 193D 6BDC 541B D796  C4E4 7F4D 6645 1EBC AB3A
     Subkey fingerprint: 247C A658 AA95 F617 1EB0  F13E A7D7 5CC7 C521 75E2

The warning can be ignored since I haven't set a trust level for the key.

Comment 9

[Nick Thomas [:nthomas] (UTC+12)]

Woot!

Comment 10

[Justin Wood (:Callek)]

This made it into production yesterday afternoon.