121
edits
Releases/Firefox 4.0b8/BuildNotes: Difference between revisions
Releases/Firefox 4.0b8/BuildNotes (view source)
Revision as of 00:58, 17 December 2010
, 17 December 2010→Offering completes as partials for win32
| Line 399: | Line 399: | ||
* [http://people.mozilla.org/~coop/4.0b7_completes_as_partials.log output log] | * [http://people.mozilla.org/~coop/4.0b7_completes_as_partials.log output log] | ||
==== Signing issues ==== | |||
Starting with {{Bug|554321}}, we introduce a patch that lets us sign partner-repacks at the same time as everything else (rather than the previous practice of signing locale repacks, then generating partner-repacks off of signed builds and resigning). This patch was landed shortly before the tools repo was tagged for beta 7. Beta 7 proceeded as normal, using this signing patch and passed verify_signatures, and update_verify. | |||
However, we later hit problems in staging before the 3.5/3.6 releases where the signed MARs were inconsistent with the installers due to a problem with how the list of files to be signed was sorted in the partner-repack patch, causing MARs to be signed ahead of installers, which tripped up our caching. The issue was fixed in {{bug|613320}}. The problems discovered in that bug are confirmed *not* affecting the stable branches, so the next 3.5/3.6 releases should not encounter these problems. | |||
Since we could generate valid partials from the busted b7 MARs, for this release, we have switched the partial update snippet to point to the complete MAR which applies correctly regardless of the busted beta 7 MARs. Since the signing issue has already been fixed, this means that going forward, the beta 8->beta 9 (and onwards) partials should be able to be generated without issues. | |||
The reason that this slipped through in the first place was because I only tested for consistency between locales when testing the signed builds, and did not run update_verify on builds signed with the original partner-repack patch. | |||
As part of the signing changes that have landed, we now verify the checksums of the MAR and installer internals as part of verify_signatures, which will catch the case where we have inconsistent checksums on any installer/MAR internals. | |||
Looking forward, the best way to decrease the possibility of things like this happening in the future would probably be to expand the coverage provided by update_verify (we should have a way to find out about inconsistencies in applying updates before we try to generate updates for the next release). We already have the checksum verification steps in the signing code now to guard against the specific cases of checksum differences between the MARs and installers. | |||
=== Post repack 3 snippet fixes === | === Post repack 3 snippet fixes === | ||