Closed Bug 785539 Opened 12 years ago Closed 9 years ago

SecReview: Proposal for automating BrowserID RPM Builds, Signing, and Mrepo distribution.

Categories

(mozilla.org :: Security Assurance: Review Request, task, P3)

Tracking

(Not tracked)

RESOLVED WONTFIX
Due Date:

People

(Reporter: bobm, Assigned: ygjb)

References

Details

(Whiteboard: [pending secreview][score:24:low][start 2012-10-11][target 2012-10-12])

1.	Contact: Bob Micheletto

2.	Short Description: Building and signing deployable BrowserID RPMs from Jenkins.  See longer description below.
	
3.	Jenkins is @ https://ci.mozilla.org/, and here https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=10256403, Mrepo: https://mana.mozilla.org/wiki/display/SYSADMIN/mrepo, and BrowserID here: https://intranet.mozilla.org/Services/Ops/BrowserID
	
4.	Blocker for: 783506
	
5.	What is the urgency or needed completion date of this review? Our desired (stretch) implementation is by the end of August.  
	
6.	To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal? --> B2G, through enabling faster deployments of BrowserID to stage and then production.
	
7.	Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
  ◦	Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? No.
  ◦	Are there any portions of the project that interact with 3rd party services? No.
  ◦	Will your application/service collect user data? If so, please describe: No.
	
8.	If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):  
	
9.	Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.  Desired implementation is by the end of August.  
Mandatory invitee: Bob Micheletto
Optional: Ben Adida (Identity), Jared Hirsch (Identity), Austin King (Identity), Brian Hourigan (Mrepo), Shyam Mani (Jenkins), Gene Wood (Services Operations), Richard Soderberg (Services Operations)

Longer description of the proposed as referenced above in line #2:
1. A new RPM train tag is added to the github repository for broswerid, or browserid hotfix, triggering Jenkins to build the BrowserID RPM.  

2. Jenkins builds the RPM, signs it, and drops it in a local directory on the Jenkins server to be retrieved by process on mrepo server.  

3. A job on the mrepo server retrieves the RPM from the Jenkins server, verifies the signature, examines the file manifest and trigger scripts, then if everything looks good adds it to the mozilla-services mrepo.
Blocks: 783506
Whiteboard: [pending secreview] → [pending secreview][triage needed]
Assignee: nobody → yboily
Whiteboard: [pending secreview][triage needed] → [pending secreview]
Whiteboard: [pending secreview] → [pending secreview][score:24:low]
Due Date: 2012-10-12
Whiteboard: [pending secreview][score:24:low] → [pending secreview][score:24:low][start 2012-10-11][target 2012-10-12]
Priority: -- → P3
Since Persona is nearing EOL this can be closed.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.