diff --git a/Makefile.in b/Makefile.in index 407e373573fb..626edae551d3 100644 --- a/Makefile.in +++ b/Makefile.in @@ -192,7 +192,7 @@ profiledbuild:: $(MAKE) default MOZ_PROFILE_GENERATE=1 MOZ_LTO= $(call BUILDSTATUS,TIER_FINISH pgo_profile_generate) $(call BUILDSTATUS,TIER_START pgo_package) - $(MAKE) package MOZ_INTERNAL_SIGNING_FORMAT= MOZ_EXTERNAL_SIGNING_FORMAT= + $(MAKE) package rm -f jarlog/en-US.log $(call BUILDSTATUS,TIER_FINISH pgo_package) $(call BUILDSTATUS,TIER_START pgo_profile) diff --git a/taskcluster/docs/partner-repacks.rst b/taskcluster/docs/partner-repacks.rst index 6e4f1683a1b9..bda748fa12d0 100644 --- a/taskcluster/docs/partner-repacks.rst +++ b/taskcluster/docs/partner-repacks.rst @@ -207,7 +207,7 @@ Repackage Signing * Mac & Windows: ``release-partner-repackage`` ``release-eme-free-repackage`` * Linux: ``release-partner-repack-chunking-dummy`` -This step GPG signs all platforms, and sha2signcode signs the Windows installer. +This step GPG signs all platforms, and authenticode signs the Windows installer. Beetmover ^^^^^^^^^ @@ -249,4 +249,4 @@ that channel it will fallback to the ``release`` channel. The update files for t modify the ``distribution/`` directory, so the customizations are not modified. `Bug 1430254 `_ is an example of an exception to this -logic. \ No newline at end of file +logic. diff --git a/taskcluster/docs/signing.rst b/taskcluster/docs/signing.rst index cdc9ca3501b5..e077feb4dbf1 100644 --- a/taskcluster/docs/signing.rst +++ b/taskcluster/docs/signing.rst @@ -107,7 +107,7 @@ is a ``tar.gz``. individual file or internals of the zipfile, skipping any already-signed files and a select few blocklisted files (using the `should_sign_windows`_ function). It returns a signed individual binary or zipfile with signed internals, depending -on the input. This format includes ``authograph_authenticode``, and +on the input. This format includes ``autograph_authenticode``, and ``autograph_authenticode_stub``. ``mar`` signing signs our update files (Mozilla ARchive). ``mar_sha384`` is diff --git a/taskcluster/taskgraph/transforms/geckodriver_signing.py b/taskcluster/taskgraph/transforms/geckodriver_signing.py index fb09cebf2841..f15320c48e8d 100644 --- a/taskcluster/taskgraph/transforms/geckodriver_signing.py +++ b/taskcluster/taskgraph/transforms/geckodriver_signing.py @@ -95,7 +95,7 @@ def make_repackage_signing_description(config, jobs): def _craft_upstream_artifacts(dependency_kind, build_platform): if build_platform.startswith('win'): - signing_format = 'sha2signcode' + signing_format = 'autograph_authenticode' extension = 'zip' elif build_platform.startswith('linux'): signing_format = 'autograph_gpg' diff --git a/taskcluster/taskgraph/transforms/openh264_signing.py b/taskcluster/taskgraph/transforms/openh264_signing.py index 0c2b01147ee8..d25b2f639ad6 100644 --- a/taskcluster/taskgraph/transforms/openh264_signing.py +++ b/taskcluster/taskgraph/transforms/openh264_signing.py @@ -60,7 +60,7 @@ def make_signing_description(config, jobs): if 'win' in build_platform: # job['primary-dependency'].task['payload']['command'] - formats = ['sha2signcode'] + formats = ['autograph_authenticode'] else: formats = ['autograph_gpg'] diff --git a/taskcluster/taskgraph/transforms/repackage_signing_partner.py b/taskcluster/taskgraph/transforms/repackage_signing_partner.py index f73017590ee5..16791df619db 100644 --- a/taskcluster/taskgraph/transforms/repackage_signing_partner.py +++ b/taskcluster/taskgraph/transforms/repackage_signing_partner.py @@ -81,7 +81,7 @@ def make_repackage_signing_description(config, jobs): "paths": [ get_artifact_path(dep_job, "{}/target.installer.exe".format(repack_id)), ], - "formats": ["sha2signcode", "autograph_gpg"] + "formats": ["autograph_authenticode", "autograph_gpg"] }] partner_config = get_partner_config_by_kind(config, config.kind) @@ -96,7 +96,7 @@ def make_repackage_signing_description(config, jobs): get_artifact_path(dep_job, "{}/target.stub-installer.exe".format( repack_id)), ], - "formats": ["sha2signcode", "autograph_gpg"] + "formats": ["autograph_authenticode", "autograph_gpg"] }) elif 'mac' in build_platform: upstream_artifacts = [{ diff --git a/toolkit/mozapps/installer/upload-files.mk b/toolkit/mozapps/installer/upload-files.mk index d13cd1cba652..0781912da111 100644 --- a/toolkit/mozapps/installer/upload-files.mk +++ b/toolkit/mozapps/installer/upload-files.mk @@ -133,10 +133,6 @@ ifeq ($(MOZ_PKG_FORMAT),BZ2) endif ifeq ($(MOZ_PKG_FORMAT),ZIP) - ifdef MOZ_EXTERNAL_SIGNING_FORMAT - # We can't use sha2signcode on zip files - MOZ_EXTERNAL_SIGNING_FORMAT := $(filter-out sha2signcode,$(MOZ_EXTERNAL_SIGNING_FORMAT)) - endif PKG_SUFFIX = .zip INNER_MAKE_PACKAGE = $(call py_action,make_zip,'$(MOZ_PKG_DIR)' '$(PACKAGE)') INNER_UNMAKE_PACKAGE = $(call py_action,make_unzip,$(UNPACKAGE)) diff --git a/tools/update-packaging/Makefile.in b/tools/update-packaging/Makefile.in index f8fc6140818c..91ba79b047b9 100644 --- a/tools/update-packaging/Makefile.in +++ b/tools/update-packaging/Makefile.in @@ -33,18 +33,6 @@ endif include $(topsrcdir)/config/rules.mk include $(topsrcdir)/toolkit/mozapps/installer/packager.mk -ifdef MOZ_EXTERNAL_SIGNING_FORMAT -# We can't use sha2signcode on mar files -MOZ_EXTERNAL_SIGNING_FORMAT := $(filter-out sha2signcode,$(MOZ_EXTERNAL_SIGNING_FORMAT)) -MOZ_EXTERNAL_SIGNING_FORMAT := mar $(MOZ_EXTERNAL_SIGNING_FORMAT) -endif - -ifndef MAR_OLD_FORMAT -MAR_SIGN_FORMAT=mar_sha384 -else -MAR_SIGN_FORMAT=mar -endif - dir-stage := $(call mkdir_deps,$(STAGE_DIR)) complete-patch:: $(dir-stage)