Open g-k opened 5 years ago
For omni.ja signing Callek says:
the easiest way for a full one is to grab a firefox installer (windows .zip or linux .tar.bz2) and extract and find . -name omni.ja there will be two in there
as for the stripped down copy there is two types of omni.ja files in here -- https://github.com/mozilla-releng/signingscript/tree/master/tests/data preload and non-preload)
This could consist of:
see also #138
OK I landed a benchmark for https://github.com/mozilla-services/autograph/issues/347#issuecomment-539553583 in #397, but we might not have the right signing options:
@Callek you're using the SHA256 PKCS7 digest and COSE ES256 right? Are there any other options you're passing?
@Callek you're using the SHA256 PKCS7 digest and COSE ES256 right? Are there any other options you're passing?
Correct, only those:
sign_req["options"]["cose_algorithms"] = ["ES256"]
sign_req["options"]["pkcs7_digest"] = "SHA256"
@escapewindow may have a different algorithm in use for something else, but I'm not seeing it if so.
run perf tests in CI to let us know if we introduce perf regressions in CI output (ideally like https://arewefastyet.com/)