Update Verify#

Update verify is test that runs before each Firefox Release (excluding Nightlies) are shipped. Its main purpose is to ensure that users who receive the release through an update MAR end up in the same place as a fresh install would get them. This helps us to ensure that partial MARs work in future updates, and that code signatures are valid regardless of how a user arrived at a new version.

You can read more about update verify in the Firefox Source Docs.

Running it locally#

Requirements:#

  • Docker

  • [optional | Mac] zstd (brew install zst)

Docker Image#

  1. Ship-it holds the latest builds.

  2. Clicking on “Ship task” of latest build will open the task group in Taskcluster.

  3. On the “Name contains” lookup box, search for release-update-verify-firefox and open a update-verify task

  4. Make note of the CHANNEL under Payload. ie: beta-localtest

  5. Click “See more” under Task Details and open the docker-image-update-verify task.

Download the image artifact from docker-image-update-verify task and load it manually

zstd -d image.tar.zst
docker image load -i image.tar

OR

Load docker image using mach and a task

# Replace TASK-ID with the ID of a docker-image-update-verify task
./mach taskcluster-load-image --task-id=<TASK-ID>

Update Verify Config#

  1. Open Taskcluster Task Group

  2. Search for update-verify-config and open the task

  3. Under Artifacts, download update-verify.cfg file

Run Docker#

To run the container interactively:

  • Replace <MOZ DIRECTORY> with gecko repository path on local host <br />

  • Replace <UVC PATH> with path to update-verify.cfg file on local host. ie.: ~/Downloads/update-verify.cfg

  • Replace <CHANNEL> with value from update-verify task (Docker steps)

docker run \
  -it \
  --rm \
  -e CHANNEL=beta-localtest \
  -e MOZ_FETCHES_DIR=/builds/worker/fetches \
  -e MOZBUILD_STATE_PATH=/builds/worker/.mozbuild \
  -v <UVC PATH>:/builds/worker/fetches/update-verify.cfg
  -v <MOZ DIRECTORY>:/builds/worker/checkouts/gecko \
  -w /builds/worker/checkouts/gecko \
  update-verify

> Note that MOZ_FETCHES_DIR here is different from what is used in production.

total-chunks and this-chunk refer to the number of lines in update-verify.cfg

./tools/update-verify/scripts/chunked-verify.sh --total-chunks=228 --this-chunk=4