When dealing with AV vendors, I have to give them checksums of all signed files in addition to the signed installers. Currently I pull down the exe, install it, and then slurp up the installed files. I'd be able to automate the process a lot more if the build system saved the signed files before putting them into an exe. Basically, I want /cygdrive/c/DOCUME~1/cltsign/LOCALS~1/Temp/1/tmpSFjFh6/nonlocalized from ftp://ftp.mozilla.org/pub/firefox/nightly/3.6.4-candidates/build6/win32_signing_build6.log zipped up and placed into somewhere like ftp://ftp.mozilla.org/pub/firefox/nightly/3.6.4-candidates/build6/

What if we wrote another checksums files during signing, listing all files within the installers ? With that, the SHA1SUMs file and installers in the candidates dir, they'd have everything they need ?

I think that would work. Would they even need to look at the installers in the candidate dir? It looks like the exes are included in ftp://ftp.mozilla.org/pub/firefox/nightly/3.6.4-candidates/build6/SHA1SUMS and ideally the signed SHA1SUMS would include the signed exe's as well.

(In reply to comment #2) > I think that would work. Would they even need to look at the installers in the > candidate dir? It looks like the exes are included in > ftp://ftp.mozilla.org/pub/firefox/nightly/3.6.4-candidates/build6/SHA1SUMS and > ideally the signed SHA1SUMS would include the signed exe's as well. You're talking about the EXEs from inside the installers? I suspect we'd want those in a separate file or files. Most would be common to all locales, but one (uninstall/helper.exe) is localized.

Updating summary per comment #1

Mass move of bugs to Release Automation component.

(In reply to Christian Legnitto [:LegNeato] from comment #0) > When dealing with AV vendors, I have to give them checksums of all signed > files in addition to the signed installers. Currently I pull down the exe, > install it, and then slurp up the installed files. Alex or Lukas, does still happen with releases?

(In reply to Ben Hearsum [:bhearsum] from comment #6) > (In reply to Christian Legnitto [:LegNeato] from comment #0) > > When dealing with AV vendors, I have to give them checksums of all signed > > files in addition to the signed installers. Currently I pull down the exe, > > install it, and then slurp up the installed files. > > Alex or Lukas, does still happen with releases? I'm following up with Christian to find out if we were still doing this in late 2011.

Christian let us know this is no longer necessary because of process changes in how the AV vendors grab our builds.

Ok, we can reopen if we need it again in the future