Bug 1551738: [update-verify] Add ESR52 certs to those replaced in staging releases; r=bhearsum
authorTom Prince <mozilla@hocat.ca>
Tue, 14 May 2019 18:16:04 -0600
changeset 474116 b1523c5d75ba8b3bd05103c6252f1356e0c238ad
parent 474115 8e07958a53a27c09737a770979a19874bbb38161
child 474117 fd32e1c1f0edf5dcbe8eeb592d00052ff03dc5e7
push id36023
push userncsoregi@mozilla.com
push dateThu, 16 May 2019 21:56:43 +0000
treeherdermozilla-central@786f094a30ae [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhearsum
bugs1551738
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1551738: [update-verify] Add ESR52 certs to those replaced in staging releases; r=bhearsum When testing updates from ESR52, the SHA-1 release certs in the updater need to be replaced with the dep certs update-verify to succeed. Differential Revision: https://phabricator.services.mozilla.com/D31173
tools/update-verify/release/mar_certs/README
tools/update-verify/release/mar_certs/sha1/dep1.der
tools/update-verify/release/mar_certs/sha1/dep2.der
tools/update-verify/release/mar_certs/sha1/release_primary.der
tools/update-verify/release/mar_certs/sha1/release_secondary.der
tools/update-verify/release/updates/verify.sh
--- a/tools/update-verify/release/mar_certs/README
+++ b/tools/update-verify/release/mar_certs/README
@@ -17,8 +17,13 @@ Then use your favourite editor to change
         }
       }
     }
 
 You can pad the PrintableString with spaces to increase the length of the cert (1 space = 1 byte).
 
 Then, convert back to der:
 ascii2der -i dep1.ascii -o newdep1.der
+
+The certificats in the sha1 subdirectory are from
+https://hg.mozilla.org/mozilla-central/file/0fcbe72581bc/toolkit/mozapps/update/updater
+which are the SHA-1 certs from before they where updated in Bug 1105689. They only include the release 
+certs, since the nightly certs are different length, and we only care about updates from old ESRs.
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..ec8ce6184dbc1855249de8ec1c065de8f8982d80
GIT binary patch
literal 709
zc$_n6VmfHh#JF++GZP~d6Dz~CqdV>x@Un4gwRyCC=VfGMWo0l>GE^{-V`C0wVHOq-
zO3g`4EKXJMbqrD{&P>nC%u83uPOUVM6X!KFGB7kWFf=tVFfoq;b4}n}qRePwR6@3z
zk(GhDiIJZHD9**y#K_2S&hXO0?QxyFCuRQM;b>kNx%BVp*wy+oI~HG__;pv7;B@E9
zswY*Z&tyJtZS-Gf+G?I(i)R~pdF}nk^4eyGO`9jfjoJ4j?<r4kOsI%&{X74O=aa6G
z8PihDrRCSTom^9Puf}eg-1R(N3&sV7>;L5XY_Ht6B+%u<o<k-JQ}pZ{r(`u=b=LTw
zBP_h8(@4Bjx+Xd){>yxe-zOF>I~(|Zr9-LQvIX0I$`tct{M#h*>Yte6*2>H+F>eIi
zzWsK8p|8u6d|>;<%io-qow=p9e&7D{AD#<I<sQFiBI9nv!ft)OpyN@RZn~5G>;ENB
z6NR1no(cb{=GCn__}4GE_<l*Bfrz@e`(-9(Mg~T-$YBNrOrTTQzQ6a<-q)XCZs1-2
zxbDp4Z}q;DJw+B(XI*daT*k6K==E&b=c_L}XIv@RZS##OtaG>0eCv5Dc(m>d8{FsG
zyLi>qN0T%@KS^6{oPX$XbH|Fn_&M@%RWr6K*8iPpXnUdLk&a+*;g#)1uQ$h^lxGvw
ze<b(Wa1Y~yz#tc^$1m>wlrht|FuSrt-r?iJw~KS#<~WG%Jg$~{YV~)vdY1gQL(Iu%
zu2%7||2qG0<&~6_xifd3klCE?ls>=l^4cif$Q=!j=Q}FI1_;b72w0;0`_Jl$k5(*<
z|5Y;mg>YkUzu!j}W&72hi={n9F3UdoJ|pGuAO7vrr?M7wC6+PdT>Sa=h>VsH07m{U
ARsaA1
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4d0f244df2fefa8d94ff417d75d6af789d5677b7
GIT binary patch
literal 713
zc$_n6VmfNj#JF|=GZP~d6Dz~CqdSERc-c6$+C196^D;8BvN9N`7%CYkurY_SFbhit
zrRJn27N;usItD2eXQt<6=A|oSr&cN$8OVwA8X6fG8X6dy8W<W_MuE8|a4wOiG%+e6
zThGYKz}&>h&j1wXVrpV!WVo8dYHM@;CZEjn{~Fi%PcOPr$>O)NcuVSPp+nC;oKR|J
zKe0*T@J7##tClCY&t_Ti?B>*0;rstSXgVo)enT_YnrlKE-z`}&hpkk>qj~AV4SV-^
z*#8iYS<W8s>NmGY?ey-mxAyNdck67cvub#L^Xr*4xgKZCQ>rqx&zsFGbuf(mUvRbZ
z^Z&Pkdy`!kytVleyh!sgONC*-`Pa*$SDsz}Y+~5um=bL4%(_Q-c|kYl>5GpYXO_8`
z#r`;II&*1T;;)WrYVHh|AF8A?Y0N1rxTF2bJ}V@B+K0%<&3n^2rsr#Kj57;#m8shE
zUc|?Fg5RNKF#>EUs=LnnH!wx$+ZAy)JlxmI#LURRh!#Q2pnwrRvbNdhE8o5Mrgt(J
zUv#NfX&AODGMnE{=)U={z)e<dtM8%zGrY9f9{!(j!Rd|2XOZ2SRuK$_6(V&W-l6YP
zWXza6TQcje7_+DN&HHXzGG!gt3TLK8#YTl%4AZ(28$T7^s*Ijh?^gJHg585v(MylE
zuZnk@@42mWZg6w!C1ZClU(=O!679=QxZFL!y)JAT7u(7UCcdX`{o--GD8jn#=JH)`
zsSzt=CTh((kj&?K`TF#=MIBZvR!3(a-M)EOG}q@#TW0SUn4Zmc?DK==QrVxEEi#*Y
zy7RZ|o6MsPU9-N(3+g><3-+!Lk+)LLSj=S*t1frQOfbD9rr=Byul%hq`?SmeAQK~=
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..11417c35e7ffe8af28486e716722be8211bf865f
GIT binary patch
literal 709
zc$_n6VmfHh#JF++GZP~d6Dz~iZJ(tKc-c6$+C196^D;8BvN9Mb87dgau`!3TFbj(Z
zrRJn27N;usItD2eXQt<6=A|oSr&b!siSrs78dw^c7#SH`8XH7`xQ0e>E>UJQF)ATj
z&B)5Y+{DPw02Jq9YGPz$*i)zdy)o0-Lw|ilqVLyQQ}<~$^PJ3=+;m&_{*SrEJf~9i
zCjKk3SA;aSKf2DVHD~Lb)hjz^PxfE(^(>q4Z@a>~p3LI6Cgio)xLo_s;`6`Y?u+@K
zE(?`aCu-et*;{J7oQ3`5`WbU#OBA(sbImCfdlPi3CeopLr}Wpu3)H8+*=>HYUdJ~{
z=MQJrv7)7tpCk9)N;*_@@i41p&pyl2*k#`7E4!AObUfdFPVd2ur7vBdvu@%vb@k)y
zH?Rm;YW6jA=Z^CeleRWp4?A5`-!j$GZ33V6b#-~E9mbz5JY6S8ynX#%N6ty{*n>GM
zig)v0voz?D6q3IChR0`4J@Z_vw)pKeyc?OA85tPSB8M3iFeTC_b1T!uw$vUiGQVoa
zkRUc^j^2|Pq1)@d75;pWb5QTv6nA%n)UJvv``$KgIPit1VqcM`pV<3{pLrRtItNTn
zpU7KlThTw|&iVEGOCOw@XHl|PydlnE-c_>;wcUv<{f&-J2bpjCXI=1gTB<$Ya?1D3
zm$c_U^z(fl`(5wnK7-fmm34nRNXJAkDL7)fvrgmKbk3bC1r1!ZY_?2Jm#WH$54^VW
z=@Ne@<>^0vOgLrraXCx+2k$O6Z3B<pleTbloh#Uv6Z-Vhmw7$c<-fT$F|I!M$D{w}
zjl(t$-<R{Gs60EjB=PqIx8*%SGACY$Wo!NXvhCf^8PoK8IW#{UEL84`n6mRC0G|pe
A;Q#;t
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..16a7ef6d91d9e9fd5efd41837c7019898e9ef20f
GIT binary patch
literal 713
zc$_n6VmfNj#JF|=GZP~d6Dz~ieWIQQylk9WZ60mkc^Mg5Ss4se43!KN*qB3En1v;S
zQgc!hi&GVR9fK5#Gt=`j^U@WvQ!5pW4CKUl4Gj$}jm!-#OiYX|qCi|jBRH2xQ<@l+
zkgaEAWngY%<Yxeib1^kBGBT`Q=dRl(rSzeGQ{mk=uQNCTn>yp39bf9Bx_{f#>8*;K
z)~Bbxv9V0h$-nw`y+uoEpw)b)TMX<+o?cgrG}-_2SJ|z1{*D_<_E^kxYP|NMUuNso
z$182K_WyE>;CDH?LiPE=yQ+>i<}_{5U$-J$>d!squxH8h)ZO}49nNL{+O%&^(T|xP
zf}3qJRx2Lkf1tF&?CpE@1Ch~6wx*q5ek}hORx5R?l#BPS@g^Zlkq3cHnF}-pDz>TL
zt9@r0%XjR<yln-ks$Ge{U3Y9X<h>>~Q?x9ivi8K}DxdbR-`2lg_4w_pEC0gP7X*20
zZT}WEd&@&v_3T|ceHa$2%Nr$K+f}=V$<fzzHxn}>10z}lF@pkTQn%%Mi)WK(y^M~^
z`r5f>`P%<V%Ev#-E;F0bno>4v^Nwep%4^>FF|IptR7`w_=7fHZz3RIT)iWr+IB>@9
z?yKEXdc<017j^cX?Nk3OzU6X@`W5LLYEIYkwC%alZyt-^qraI|;bJAP<kAesq-}*C
zZ#`A2lGggOvDiQ$kWsr}w^#*FfL1f>BF3GK*B7qq?*FIGY_8WH`0BTYbyjMSyh}uN
z_7s1{g|Yt%ZJedoe3^FVwQ2U+3qLX|L|c>Z=(&1E|NR}llKIZ99d7mAYHyErbwwoo
zK4F#p@29tm>9ga7>pNIKpZKjYdvRfdT&?_kfp474rgwc}u6)4NwElwARs)a6WdKc$
BD)s;X
--- a/tools/update-verify/release/updates/verify.sh
+++ b/tools/update-verify/release/updates/verify.sh
@@ -25,17 +25,17 @@ fi
 touch ${diff_summary_log}
 
 pushd `dirname $0` &>/dev/null
 MY_DIR=$(pwd)
 popd &>/dev/null
 retry="$MY_DIR/../../../../mach python -m redo.cmd -s 1 -a 3"
 cert_replacer="$MY_DIR/../replace-updater-certs.py"
 
-dep_overrides="nightly_aurora_level3_primary.der dep1.der nightly_aurora_level3_secondary.der dep2.der release_primary.der dep1.der release_secondary.der dep2.der"
+dep_overrides="nightly_aurora_level3_primary.der dep1.der nightly_aurora_level3_secondary.der dep2.der release_primary.der dep1.der release_secondary.der dep2.der sha1/release_primary.der sha1/dep1.der sha1/release_secondary.der sha1/dep2.der"
 nightly_overrides="dep1.der nightly_aurora_level3_primary.der dep2.der nightly_aurora_level3_secondary.der release_primary.der nightly_aurora_level3_primary.der release_secondary.der nightly_aurora_level3_secondary.der"
 release_overrides="dep1.der release_primary.der dep2.der release_secondary.der nightly_aurora_level3_primary.der release_primary.der nightly_aurora_level3_secondary.der release_secondary.der"
 
 runmode=0
 config_file="updates.cfg"
 UPDATE_ONLY=1
 TEST_ONLY=2
 MARS_ONLY=3