Need automatic hsts preload list updates on any branches based on Gecko 18 and later

RESOLVED FIXED

Status

Release Engineering
General Automation
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: keeler, Assigned: RyanVM)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 1 obsolete attachment)

Since bug 800444, we expire the hsts preload list after 18 weeks since its last update. That means that any branch since then needs to periodically update the list using the automated mechanism we have set up.
(see also bug 948004)
(Assignee)

Comment 1

3 years ago
Created attachment 8362105 [details] [diff] [review]
enable hsts updates on all gecko branches >=18

Look OK to you, David? I left the v1.1hd branch of b2g18 off because that receives merges from the regular b2g18 branch anyway.
Attachment #8362105 - Flags: feedback?(dkeeler)
Comment on attachment 8362105 [details] [diff] [review]
enable hsts updates on all gecko branches >=18

Review of attachment 8362105 [details] [diff] [review]:
-----------------------------------------------------------------

I think I was a little confused when I filed this bug. The issue is branches that are around for a long time (like esr) definitely need this update to happen. However, I also recall making the decision to not enable this for beta to prevent last-minute changes that may cause compatibility issues. Since it is enabled on aurora and we move the trains every 6 weeks, the list won't ever expire on beta (or release, for that matter).
Long story short: I don't think we actually want to enable this for beta, but I don't know enough about the b2g trains to say whether they need it or not. Hopefully this explanation tells you what you need to know, though.
Attachment #8362105 - Flags: feedback?(dkeeler) → feedback+
(Assignee)

Comment 3

3 years ago
Does B2G make use of HSTS? Because the support time for the releases isn't ESR-length, but still much longer than desktop. If it does, I think we should do the updates.
(In reply to Ryan VanderMeulen [:RyanVM UTC-5] from comment #3)
> Does B2G make use of HSTS? 

As far as I can tell, yes.

> Because the support time for the releases isn't
> ESR-length, but still much longer than desktop. If it does, I think we
> should do the updates.

Sounds good.
(Assignee)

Comment 5

3 years ago
Created attachment 8363096 [details] [diff] [review]
enable hsts updates on b2g branches >=18

Per comment 4.
Assignee: nobody → ryanvm
Attachment #8362105 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #8363096 - Flags: review?(catlee)

Updated

3 years ago
Attachment #8363096 - Flags: review?(catlee) → review+
(Assignee)

Comment 6

3 years ago
Comment on attachment 8363096 [details] [diff] [review]
enable hsts updates on b2g branches >=18

https://hg.mozilla.org/build/buildbot-configs/rev/62eac305a67c
Attachment #8363096 - Flags: checked-in+
in production.
(Assignee)

Comment 8

3 years ago
Hrm, it appears to have worked on b2g26 but not b2g18?
http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-b2g18-linux64/mozilla-b2g18-linux64-hsts-bm64-build1-build0.txt.gz
(Assignee)

Comment 10

3 years ago
What, you mean we don't post a latest b2g18 build?! Shocking :)

Anyway, I think attempts to do this automatically on that branch are going to be futile, so I went ahead and did a manual update.
https://hg.mozilla.org/releases/mozilla-b2g18/rev/fb89776dd0c1

I'll post a patch here for disabling them again.
(Assignee)

Comment 11

3 years ago
Created attachment 8366673 [details] [diff] [review]
disable HSTS updates on b2g18
Attachment #8366673 - Flags: review?(catlee)

Updated

3 years ago
Attachment #8366673 - Flags: review?(catlee) → review+
(Assignee)

Comment 12

3 years ago
Comment on attachment 8366673 [details] [diff] [review]
disable HSTS updates on b2g18

https://hg.mozilla.org/build/buildbot-configs/rev/96b9f5e3f48b
Attachment #8366673 - Flags: checked-in+

Comment 13

3 years ago
In production.
(Assignee)

Updated

3 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.