The APK Factory Service should be deployable to two different hostclasses: * release * review Release signs APKs with the production certificate unique to that app Review signs APKs with a DEBUG cert
We may need to adjust Zamboni (Marketplace API) to give the reviewer APK instance elevated access. See bug 889744
APK Signer - would have two different endpoints. review - signs with any old cert and DEBUG flag from the ant build release - signs with the securly hosted - cert which is one per app
Hey Ryan, what would we do here to create key stores with a debug cert? https://github.com/mozilla/apk-signer/blob/master/apk_signer/sign/signer.py
After a Vidyo chat with Kumar, it sounds like running a separate instance of the APK signer just for reviewers is the shortest distance between where we are now and where we would like to be. Only a small change to implement this FIXME https://github.com/mozilla/apk-signer/blob/master/apk_signer/sign/signer.py#L39 that can be done pretty quickly. We probably need a feature description from somebody who will actually be doing the reviewing. We definitely want to know what kind of limitations are desired for reviewer signed APKs. Limited time validity on the signature, invalid for non-reviewers to install, etc.
I asked for some feedback from reviewers over email but I think this is enough to get started on
behold! Reviewer mode https://github.com/mozilla/apk-signer/commit/6badd95d25c1aea376f396226a85f8b8ec69a150