User:Catlee/AutomatedSigning: Difference between revisions

Jump to navigation Jump to search

User:Catlee/AutomatedSigning (view source)

Revision as of 19:57, 8 November 2010

424 bytes added ,  8 November 2010
no edit summary
No edit summary
No edit summary
Line 15: Line 15:


hmac could be some token generated from a combination of date and per-release secret.  The secret could be given to both the keymaster and builds to generate checksums so the keymaster knows that requests to sign files are valid for this release in a certain time period.
hmac could be some token generated from a combination of date and per-release secret.  The secret could be given to both the keymaster and builds to generate checksums so the keymaster knows that requests to sign files are valid for this release in a certain time period.
* Connection between slave and keymaster must be encrypted (https)
* app on keymaster must have a list of acceptable files to sign (e.g. Firefox X.Y.Z.exe, not files inside archives)
* signing app must have minimum binary size to sign.  should sanity check sizes
* restrict connections by IP
* slave should include a hash or other transformation of .ssh/ffxbld so signing app can verify that it is indeed a build slave
Catlee
Confirmed users
2,456

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/266275"

Navigation menu