Please sign the BYOB repacks for October 2nd, 2009. There are two repacks that require signing, which are located in a tarball on people at: people.mozilla.com:/tmp/byob-signing-02oct2009.tar The md5sum for this tarball is 2b1cef2025d2179864b712fb6eae52ca If there are any questions about this request, please let me know. Thanks, kev

There's a problem signing the win32 installers: Error: Signing Failed. Result = 80070057, (-2147024809) I get that calling signcode directly, or using sign-release (pretty sure the Makefile doesn't apply in this situation). If I try to do the same on an unsigned vanilla 3.5.3 installer it succeeds, so I suspect BYOB builds are created from the signed vanilla builds and this bug 501442 again. I'm going to put this back in the pool for people who have history on that bug (catlee, coop).

Replaced tarball with a corrected version (repacks re-compressed and renamed). process has also been updated to ensure that doesn't happen again. new tarball at: people.mozilla.com:/tmp/byob-signing-02oct2009.tar The md5sum for this tarball is abf5c2cf12e301a40ca6d534bbcf9bca Sorry for the additional hassle, folks.

I'll get these.

The signing instructions we have on the intranet didn't work, so I did this: export PRODUCT=firefox export VERSION=3.5.3 export BUILD=1 # doesn't matter export TAG=FIREFOX_3_5_3_RELEASE export REPO='release/mozilla-1.9.1' export EMAIL=bhearsum@mozilla.com cp ~/hg-tools/release/signing/* . scp cltbld@people.mozilla.com:/tmp/byob-signing-02oct2009.tar . make PRODUCT=${PRODUCT} VERSION=${VERSION} BUILD=${BUILD} TAG=${TAG} REPO=${REPO} EMAIL=${EMAIL} USE_NEW=1 setup make PRODUCT=${PRODUCT} VERSION=${VERSION} BUILD=${BUILD} TAG=${TAG} REPO=${REPO} EMAIL=${EMAIL} USE_NEW=1 stubs mkdir unsigned && cd unsigned tar -vxf ../byob-signing-02oct2009.tar cd .. mkdir signed for d in `find unsigned -mindepth 1 -maxdepth 1 -type d`; do rsync -av --exclude win32 $d signed/; done ./sign-release.py --keydir $KEYDIR --product $PRODUCT -j4 -o signed unsigned/Winload-Team_U5ODQ3NzY2OA

Nothing more for me to do here

(In reply to comment #4) > ./sign-release.py --keydir $KEYDIR --product $PRODUCT -j4 -o signed > unsigned/Winload-Team_U5ODQ3NzY2OA This is going to resign all the executables in the installer isn't it ? If so, that'll break partial updates for these builds.

(In reply to comment #6) > (In reply to comment #4) > > ./sign-release.py --keydir $KEYDIR --product $PRODUCT -j4 -o signed > > unsigned/Winload-Team_U5ODQ3NzY2OA > > This is going to resign all the executables in the installer isn't it ? If so, > that'll break partial updates for these builds. Ugh, yes. For some reason I thought we needed too. Kev, please disregard what I told you about the 'unsigned' dir, and I guess we'll need to resign these.

Ok, here's how I signed them properly (PLEASE IGNORE COMMENT #4): export PRODUCT=firefox export VERSION=3.5.3 export BUILD=1 # doesn't matter export TAG=FIREFOX_3_5_3_RELEASE export REPO='release/mozilla-1.9.1' export EMAIL=bhearsum@mozilla.com export KEYDIR=d:/2008-keys mkdir -p ~/signing-work/byob-${VERSION}-oct2 cd ~/signing-work/byob-${VERSION}-oct2 cp ~/hg-tools/release/signing/* . scp cltbld@people.mozilla.com:/tmp/byob-signing-02oct2009.tar . make PRODUCT=${PRODUCT} VERSION=${VERSION} BUILD=${BUILD} TAG=${TAG} REPO=${REPO} EMAIL=${EMAIL} USE_NEW=1 setup mkdir unsigned && cd unsigned tar -vxf ../byob-signing-02oct2009.tar for d in `find . -mindepth 1 -maxdepth 1 -type d`; do cd $d/win32 && ../../../signing/sign-release ${KEYDIR} && cd ../../; done ../signing/sign-files . cd .. mv unsigned signed cd signed tar -vcf ../byob-signed-02oct2009.tar . cd ../ scp byob-signed-02oct2009.tar cltbld@people.mozilla.org:/tmp Kev, Properly signed files are available in people.mozilla.org:/tmp/byob-signed-02oct2009.tar. md5sum is: bc2b84ced5b0246bf7f82b08f9746f88

Are we all done here?

Apologies, didn't close this out. Thanks folks!