Closed
Bug 569489
Opened 14 years ago
Closed 13 years ago
Create and upload checksums files of internals of release packages/installers
Categories
(Release Engineering :: Release Automation: Other, defect, P4)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: christian, Unassigned)
Details
(Whiteboard: [releases])
When dealing with AV vendors, I have to give them checksums of all signed files in addition to the signed installers. Currently I pull down the exe, install it, and then slurp up the installed files.
I'd be able to automate the process a lot more if the build system saved the signed files before putting them into an exe.
Basically, I want /cygdrive/c/DOCUME~1/cltsign/LOCALS~1/Temp/1/tmpSFjFh6/nonlocalized from ftp://ftp.mozilla.org/pub/firefox/nightly/3.6.4-candidates/build6/win32_signing_build6.log zipped up and placed into somewhere like ftp://ftp.mozilla.org/pub/firefox/nightly/3.6.4-candidates/build6/
Comment 1•14 years ago
|
||
What if we wrote another checksums files during signing, listing all files within the installers ? With that, the SHA1SUMs file and installers in the candidates dir, they'd have everything they need ?
I think that would work. Would they even need to look at the installers in the candidate dir? It looks like the exes are included in ftp://ftp.mozilla.org/pub/firefox/nightly/3.6.4-candidates/build6/SHA1SUMS and ideally the signed SHA1SUMS would include the signed exe's as well.
Comment 3•14 years ago
|
||
(In reply to comment #2)
> I think that would work. Would they even need to look at the installers in the
> candidate dir? It looks like the exes are included in
> ftp://ftp.mozilla.org/pub/firefox/nightly/3.6.4-candidates/build6/SHA1SUMS and
> ideally the signed SHA1SUMS would include the signed exe's as well.
You're talking about the EXEs from inside the installers?
I suspect we'd want those in a separate file or files. Most would be common to all locales, but one (uninstall/helper.exe) is localized.
Updated•14 years ago
|
Comment 4•13 years ago
|
||
Updating summary per comment #1
Summary: Upload signed yet unpacked binaries to ftp for each release → Create and upload checksums files of internals of release packages/installers
Updated•13 years ago
|
Blocks: hg-automation
Updated•13 years ago
|
No longer blocks: hg-automation
Comment 5•13 years ago
|
||
Mass move of bugs to Release Automation component.
Blocks: hg-automation
Component: Release Engineering → Release Engineering: Automation (Release Automation)
Updated•13 years ago
|
No longer blocks: hg-automation
Comment 6•13 years ago
|
||
(In reply to Christian Legnitto [:LegNeato] from comment #0)
> When dealing with AV vendors, I have to give them checksums of all signed
> files in addition to the signed installers. Currently I pull down the exe,
> install it, and then slurp up the installed files.
Alex or Lukas, does still happen with releases?
Comment 7•13 years ago
|
||
(In reply to Ben Hearsum [:bhearsum] from comment #6)
> (In reply to Christian Legnitto [:LegNeato] from comment #0)
> > When dealing with AV vendors, I have to give them checksums of all signed
> > files in addition to the signed installers. Currently I pull down the exe,
> > install it, and then slurp up the installed files.
>
> Alex or Lukas, does still happen with releases?
I'm following up with Christian to find out if we were still doing this in late 2011.
Comment 8•13 years ago
|
||
Christian let us know this is no longer necessary because of process changes in how the AV vendors grab our builds.
Comment 9•13 years ago
|
||
Ok, we can reopen if we need it again in the future
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Assignee | ||
Updated•11 years ago
|
Product: mozilla.org → Release Engineering
You need to log in
before you can comment on or make changes to this bug.
Description
•