Partner Repacks and EME Free#
Partner Repacks are where we take a built and signed Firefox desktop build and modify things (branding, plugins, prefs), potentially also do so for l10n repacks, then re-sign the new files. The main point of contact here will be Mike Kaply.
EME Free is a repacked Firefox without Encrypted Media Extensions, which allows you to run a Firefox without DRM (at the cost of broken video streaming). These use the same workflow and logic as partner repacks, but are not associated with an external partner.
How do I find the manifests and scripts?#
These are configured in taskcluster.ci.config.partner-urls.
The scripts are in repack-scripts.
How do we add/remove partners?#
This is via manifest manipulation. If we’re adding a new partner, we’ll need to create a partner repo first, before pointing to it in the manifest.
This has largely been out of Releng’s hands, and we’ve only seen a reduction of the number of partners since the 2020 layoffs. These PRs have come from Kaply, e.g. Remove unused partners #26.
How do I see partner tasks?#
There are a ton of
release-eme-free-* tasks in a given Firefox desktop RC or dot-release promote graph. Also Firefox desktop betas >= b5.
Many of these tasks might not be visible in Treeherder. We intentionally hid them, then decided to show them, but haven’t finished that process. We probably want to make them visible for easier sheriffing of failed release tasks.
How do I find partner release artifacts?#
EME-Free shows up in our candidates and releases directories on archive.m.o.
Some partner repacks are public, and we push those binaries to, e.g. https://archive.mozilla.org/pub/firefox/candidates/105.0b9-candidates/build1/partner-repacks/. Other partner repacks are private, and we push them to the partner bucket, which is not visible on archive.m.o.
We can also find the partner tasks and download their private artifacts.
How do I run partner repacks off-cycle?#
Are there any known issues for partner repacks?#
Beyond not being visible on Treeherder, we also don’t grant scriptworker tasks the correct
queue:get-artifact:releng/partner/* scopes (these are needed since partner artifacts are private). Instead, we grant these scopes to the worker
clientId’s. This blocks using the temporary credentials granted to the task, which is best practice. Once we grant the proper scopes, we can re-roll out the fix for scriptworker #426 download artifacts with temp_queue if possible, and scriptworker will follow the same scopes pattern as docker- and generic-worker, where we use the scopes granted to the task rather than the scopes granted to the worker.