Closed Bug 997732 Opened 10 years ago Closed 8 years ago

staging releases fail in update verify due to invalid signatures

Categories

(Release Engineering :: Release Automation: Other, defect, P3)

Product:
Release Engineering
Component:
Release Automation: Other
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: bhearsum, Unassigned)

Details

During my staging run in bug 978751 I noticed that windows update verify was failing with:
SOURCE DIRECTORY ../../update
DESTINATION DIRECTORY .
failed: 19
calling QuitProgressUI
ERROR: Error verifying signature.
ERROR: Not all signatures were verified.
ERROR: Error verifying signature.
ERROR: Not all signatures were verified.
FAIL: update status was not succeeded: failed: 19

This error means that the MAR signature couldn't be validated. This makes sense, because of all of the old versions being tested were signed by the "release" certificate, but the staging release was signed with the "dep" certificate.

Currently, the only way I know of to work around this is to sign staging releases with the "release" cert, but we've been very cautious of doing that in the past, to avoid having files floating around that look like real releases, but aren't.

If we do nothing, we'll have to live with failing update verify for staging releases - which is not great either - it means they'll need to be kicked along manually at points.
Priority: -- → P3
I don't have any good ideas here, just noting it affects Mac from 40.0 and Linux from 42.0
This is expected, we don't want update properly signed firefox to something "fake".
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.