Closed Bug 829415 Opened 11 years ago Closed 11 years ago

Elm nightly MAR files and exes are not being signed correctly

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Platform:
x86_64
Windows 8
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bbondy, Assigned: bhearsum)

References

Details

(Whiteboard: [buildduty])

Attachments

(1 file)

use nightly signing servers for elm nightlies, like before
541 bytes, patch
Callek
: review+
bhearsum
: checked-in+
Details | Diff | Splinter Review 
This is blocking some other elm work, so if you can look into it that would be greatly appreciated!

I think something changed on in build config for the elm branch within the past couple weeks.
This probably happened at the same time as the other OS platforms were added other than just Windows.

We had a different independent bug that was happening before we realized this problem though.
Hence why it's only being reported now.

The MAR files are being signed with the private key associated with /toolkit/mozapps/update/updater/dep1.der
But instead it should be signed with the private key associated with /toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der
I verified that the public key in this cert dep1.der verifies the MAR files.

Also the updater.exe file used to be digitally signed by the level 3 repo only nightly cert (name=Mozilla Corporation, issuer=issuer), but it is now being signed by: name=Mozilla Fake SPC, issuer=Mozilla Fake CA.
This is stopping MozillaMaintenance serive updates from succeeding, but not all updates. The MAR problem is stopping any updates at all from working on elm.

You can see this behavior in the following build:
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2013-01-08-08-31-04-elm/
Which would try to updat eto the latest elm build, but fail because it's expecting the nightly level 3 cert and signed updater.exe by a trusted authority.
> This probably happened at the same time as the other OS platforms were added other than just Windows.

Note that around that time, bug 780561 landed on elm, iirc. I'm not excluding a breakage from there.
Component: Release Engineering → Release Engineering: Automation (General)
QA Contact: catlee
Whiteboard: [buildduty]
Will look into this very soon.
Assignee: nobody → bhearsum
Attachment #701100 - Flags: review?(catlee)
Attachment #701100 - Flags: review?(catlee) → review+
Comment on attachment 701100 [details] [diff] [review]
use nightly signing servers for elm nightlies, like before

Landed this, starting a reconfig very soon. Brian, wait until I close this bug before you start respinning anything.
Attachment #701100 - Flags: checked-in+
This in production. You can trigger new nightlies anytime now Brian.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Thanks for the quick resolution!
Product: mozilla.org → Release Engineering
Component: General Automation → General
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: