SecReview: Proposal for automating BrowserID RPM Builds, Signing, and Mrepo distribution.

RESOLVED WONTFIX

Status

mozilla.org
Security Assurance: Review Request
P3
normal
RESOLVED WONTFIX
6 years ago
3 years ago

People

(Reporter: bobm, Assigned: ygjb)

Tracking

Details

(Whiteboard: [pending secreview][score:24:low][start 2012-10-11][target 2012-10-12])

(Reporter)

Description

6 years ago
1.	Contact: Bob Micheletto

2.	Short Description: Building and signing deployable BrowserID RPMs from Jenkins.  See longer description below.
	
3.	Jenkins is @ https://ci.mozilla.org/, and here https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=10256403, Mrepo: https://mana.mozilla.org/wiki/display/SYSADMIN/mrepo, and BrowserID here: https://intranet.mozilla.org/Services/Ops/BrowserID
	
4.	Blocker for: 783506
	
5.	What is the urgency or needed completion date of this review? Our desired (stretch) implementation is by the end of August.  
	
6.	To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal? --> B2G, through enabling faster deployments of BrowserID to stage and then production.
	
7.	Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
  ◦	Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? No.
  ◦	Are there any portions of the project that interact with 3rd party services? No.
  ◦	Will your application/service collect user data? If so, please describe: No.
	
8.	If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):  
	
9.	Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.  Desired implementation is by the end of August.  
Mandatory invitee: Bob Micheletto
Optional: Ben Adida (Identity), Jared Hirsch (Identity), Austin King (Identity), Brian Hourigan (Mrepo), Shyam Mani (Jenkins), Gene Wood (Services Operations), Richard Soderberg (Services Operations)

Longer description of the proposed as referenced above in line #2:
1. A new RPM train tag is added to the github repository for broswerid, or browserid hotfix, triggering Jenkins to build the BrowserID RPM.  

2. Jenkins builds the RPM, signs it, and drops it in a local directory on the Jenkins server to be retrieved by process on mrepo server.  

3. A job on the mrepo server retrieves the RPM from the Jenkins server, verifies the signature, examines the file manifest and trigger scripts, then if everything looks good adds it to the mozilla-services mrepo.
(Reporter)

Updated

6 years ago
Blocks: 783506
Whiteboard: [pending secreview] → [pending secreview][triage needed]
Assignee: nobody → yboily
(Assignee)

Updated

6 years ago
Whiteboard: [pending secreview][triage needed] → [pending secreview]
(Assignee)

Updated

6 years ago
Whiteboard: [pending secreview] → [pending secreview][score:24:low]
(Assignee)

Updated

6 years ago
Due Date: 2012-10-12
Whiteboard: [pending secreview][score:24:low] → [pending secreview][score:24:low][start 2012-10-11][target 2012-10-12]
(Assignee)

Updated

6 years ago
Priority: -- → P3
(Assignee)

Comment 1

3 years ago
Since Persona is nearing EOL this can be closed.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.