1290737 - Simplify SHA1 special handling in bouncer

Status: VERIFIED FIXED

(Webtools :: Bouncer, defect)

Description

[Rail Aliiev [:rail]]

Bug 1284484 will be generating special installers signed with the SHA1 cert and will be living separately from the main binaries (in "win32-sha1" directory).

Also, we want to refresh them from time to time or for every build (bug 1290179). Bouncer "knows" the sha1 version for all branches and it's hardcoded, what makes it harder to refresh the installers.

The idea is to add separate products for sha1 installers and point aliases to them. Something like:

firefox-sha1 (alias) -> firefox-48.0-sha1 (product)

This way we can use "firefox-sha1" in bouncer and avoid patching it every time we want to deploy a newer version.

This will disable bouncer serving older versions, because we don't have the knowledge of what versions are sha1 and which ones are sha2.

PR for feedback incoming.

Comment 1

[Rail Aliiev [:rail]]

Attachment: PR to simplify SHA1 handling logic

Comment 2

[Rail Aliiev [:rail]]

If the PR looks good, I'd like to do the same for TB, so we can drop compareVersions. Also I'd need to add/adjust product aliases.

Comment 3

[Jeremy Orem [:oremj]]

I've merged your patch and created https://github.com/mozilla-services/go-bouncer/releases/tag/v1.2.0. Also available on docker hub: mozilla/gobouncer:v1.2.0

Comment 4

[Rail Aliiev [:rail]]

Thank you! Do you know when it is going to be live?

Comment 5

[Jeremy Orem [:oremj]]

We can schedule a push. Any preference or just as soon as possible?

Comment 6

[Rail Aliiev [:rail]]

I don't have any rush, up to you.

Comment 7

[Matt Brandt [:mbrandt]]

Bumping to resolved/fixed - this was merged and successfully deployed to stage.

Comment 8

[Matt Brandt [:mbrandt]]

Bumping to Verifed. The automated e2e tests were updated and are passing both on stage as well as prod (post deploy)