mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 13:21:05 +00:00
Bug 1540276: Migrate authenticode signing to autograph r=Callek,mshal
Differential Revision: https://phabricator.services.mozilla.com/D47114 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
cecd7f36da
commit
4a7ce514be
@ -192,7 +192,7 @@ profiledbuild::
|
||||
$(MAKE) default MOZ_PROFILE_GENERATE=1 MOZ_LTO=
|
||||
$(call BUILDSTATUS,TIER_FINISH pgo_profile_generate)
|
||||
$(call BUILDSTATUS,TIER_START pgo_package)
|
||||
$(MAKE) package MOZ_INTERNAL_SIGNING_FORMAT= MOZ_EXTERNAL_SIGNING_FORMAT=
|
||||
$(MAKE) package
|
||||
rm -f jarlog/en-US.log
|
||||
$(call BUILDSTATUS,TIER_FINISH pgo_package)
|
||||
$(call BUILDSTATUS,TIER_START pgo_profile)
|
||||
|
@ -207,7 +207,7 @@ Repackage Signing
|
||||
* Mac & Windows: ``release-partner-repackage`` ``release-eme-free-repackage``
|
||||
* Linux: ``release-partner-repack-chunking-dummy``
|
||||
|
||||
This step GPG signs all platforms, and sha2signcode signs the Windows installer.
|
||||
This step GPG signs all platforms, and authenticode signs the Windows installer.
|
||||
|
||||
Beetmover
|
||||
^^^^^^^^^
|
||||
@ -249,4 +249,4 @@ that channel it will fallback to the ``release`` channel. The update files for t
|
||||
modify the ``distribution/`` directory, so the customizations are not modified.
|
||||
|
||||
`Bug 1430254 <https://bugzilla.mozilla.org/show_bug.cgi?id=1430254>`_ is an example of an exception to this
|
||||
logic.
|
||||
logic.
|
||||
|
@ -107,7 +107,7 @@ is a ``tar.gz``.
|
||||
individual file or internals of the zipfile, skipping any already-signed files
|
||||
and a select few blocklisted files (using the `should_sign_windows`_ function).
|
||||
It returns a signed individual binary or zipfile with signed internals, depending
|
||||
on the input. This format includes ``authograph_authenticode``, and
|
||||
on the input. This format includes ``autograph_authenticode``, and
|
||||
``autograph_authenticode_stub``.
|
||||
|
||||
``mar`` signing signs our update files (Mozilla ARchive). ``mar_sha384`` is
|
||||
|
@ -95,7 +95,7 @@ def make_repackage_signing_description(config, jobs):
|
||||
|
||||
def _craft_upstream_artifacts(dependency_kind, build_platform):
|
||||
if build_platform.startswith('win'):
|
||||
signing_format = 'sha2signcode'
|
||||
signing_format = 'autograph_authenticode'
|
||||
extension = 'zip'
|
||||
elif build_platform.startswith('linux'):
|
||||
signing_format = 'autograph_gpg'
|
||||
|
@ -60,7 +60,7 @@ def make_signing_description(config, jobs):
|
||||
|
||||
if 'win' in build_platform:
|
||||
# job['primary-dependency'].task['payload']['command']
|
||||
formats = ['sha2signcode']
|
||||
formats = ['autograph_authenticode']
|
||||
else:
|
||||
formats = ['autograph_gpg']
|
||||
|
||||
|
@ -81,7 +81,7 @@ def make_repackage_signing_description(config, jobs):
|
||||
"paths": [
|
||||
get_artifact_path(dep_job, "{}/target.installer.exe".format(repack_id)),
|
||||
],
|
||||
"formats": ["sha2signcode", "autograph_gpg"]
|
||||
"formats": ["autograph_authenticode", "autograph_gpg"]
|
||||
}]
|
||||
|
||||
partner_config = get_partner_config_by_kind(config, config.kind)
|
||||
@ -96,7 +96,7 @@ def make_repackage_signing_description(config, jobs):
|
||||
get_artifact_path(dep_job, "{}/target.stub-installer.exe".format(
|
||||
repack_id)),
|
||||
],
|
||||
"formats": ["sha2signcode", "autograph_gpg"]
|
||||
"formats": ["autograph_authenticode", "autograph_gpg"]
|
||||
})
|
||||
elif 'mac' in build_platform:
|
||||
upstream_artifacts = [{
|
||||
|
@ -133,10 +133,6 @@ ifeq ($(MOZ_PKG_FORMAT),BZ2)
|
||||
endif
|
||||
|
||||
ifeq ($(MOZ_PKG_FORMAT),ZIP)
|
||||
ifdef MOZ_EXTERNAL_SIGNING_FORMAT
|
||||
# We can't use sha2signcode on zip files
|
||||
MOZ_EXTERNAL_SIGNING_FORMAT := $(filter-out sha2signcode,$(MOZ_EXTERNAL_SIGNING_FORMAT))
|
||||
endif
|
||||
PKG_SUFFIX = .zip
|
||||
INNER_MAKE_PACKAGE = $(call py_action,make_zip,'$(MOZ_PKG_DIR)' '$(PACKAGE)')
|
||||
INNER_UNMAKE_PACKAGE = $(call py_action,make_unzip,$(UNPACKAGE))
|
||||
|
@ -33,18 +33,6 @@ endif
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
include $(topsrcdir)/toolkit/mozapps/installer/packager.mk
|
||||
|
||||
ifdef MOZ_EXTERNAL_SIGNING_FORMAT
|
||||
# We can't use sha2signcode on mar files
|
||||
MOZ_EXTERNAL_SIGNING_FORMAT := $(filter-out sha2signcode,$(MOZ_EXTERNAL_SIGNING_FORMAT))
|
||||
MOZ_EXTERNAL_SIGNING_FORMAT := mar $(MOZ_EXTERNAL_SIGNING_FORMAT)
|
||||
endif
|
||||
|
||||
ifndef MAR_OLD_FORMAT
|
||||
MAR_SIGN_FORMAT=mar_sha384
|
||||
else
|
||||
MAR_SIGN_FORMAT=mar
|
||||
endif
|
||||
|
||||
dir-stage := $(call mkdir_deps,$(STAGE_DIR))
|
||||
|
||||
complete-patch:: $(dir-stage)
|
||||
|
Loading…
Reference in New Issue
Block a user