pymake hacks in release repacks drop all but one signing server from list

RESOLVED FIXED

Status

Release Engineering
Release Automation
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: bhearsum, Assigned: bhearsum)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

3 years ago
c:\builds\moz2_slave\tb-rel-c-beta-w32_rpk_1-000000\comm-beta\obj-l10n\mail\locales\Makefile:115:0: command 'c:/mozilla-build/python27/python.exe c:/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/comm-beta/mozilla/build/pymake/pymake/../make.py repackage-win32-installer AB_CD=br WIN32_INSTALLER_IN=c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\thunderbird.exe' failed, return code 2
Usage: signtool.py [options] file [file ...]

If no include patterns are specified, all files will be considered. -i/-x only
have effect when signing entire directories.

signtool.py: error: no hosts capable of signing formats: signcode

  MOZ_SIGN_CMD=python /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/scripts/release/signing/signtool.py --cachedir /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/signing_cache -t /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/token -n /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/nonce -c /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/scripts/release/signing/host.cert -H gpg:signcode:mar:jar:b2gmar:signing4.srv.releng.scl3.mozilla.com:9120 -H gpg:signcode:mar:jar:b2gmar:signing5.srv.releng.scl3.mozilla.com:9120 -H gpg:signcode:mar:jar:b2gmar:signing6.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing2.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing3.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing4.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing1.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing2.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing3.srv.releng.scl3.mozilla.com:9120
(Assignee)

Comment 1

3 years ago
The actual command that tried to execute was:
c:\builds\moz2_slave\tb-rel-c-beta-w32_rpk_1-000000\comm-beta\mozilla\toolkit\mozapps\installer\windows\nsis\makensis.mk:64:0$ python c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\scripts\\\\release\\\\signing\\\\signtool.py --cachedir c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\signing_cache -t c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\token -n c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\nonce -c c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\scripts\\\\release\\\\signing\\\\host.cert -H gpg:dmgv2:mar:mac-v2-signing3.srv.releng.scl3.mozilla.com:9120 -f signcode "l10ngen/setup.exe"

Which makes it look like something somewhere is dropping some of the potential hosts....
(Assignee)

Comment 2

3 years ago
The problem is this long lived hack which strips out all but one of the signing servers: https://github.com/mozilla/build-tools/blob/master/scripts/l10n/create-release-repacks.py#L90

Fix is incoming.
(Assignee)

Updated

3 years ago
Assignee: nobody → bhearsum
(Assignee)

Comment 3

3 years ago
Created attachment 8472514 [details] [diff] [review]
use multiple signing servers for release repacks again

I tested all the splitting parts by hand:
>>> foo = "python /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/scripts/release/signing/signtool.py --cachedir /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/signing_cache -t /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/token -n /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/nonce -c /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/scripts/release/signing/host.cert -H gpg:signcode:mar:jar:b2gmar:signing4.srv.releng.scl3.mozilla.com:9120 -H gpg:signcode:mar:jar:b2gmar:signing5.srv.releng.scl3.mozilla.com:9120 -H gpg:signcode:mar:jar:b2gmar:signing6.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing2.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing3.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing4.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing1.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing2.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing3.srv.releng.scl3.mozilla.com:9120"
>>> a = foo.split("-H", 1)[1].split("-H")
>>> a[0]
' gpg:signcode:mar:jar:b2gmar:signing4.srv.releng.scl3.mozilla.com:9120 '

I think the rest is trivial enough...
Attachment #8472514 - Flags: review?(rail)
(Assignee)

Comment 4

3 years ago
Created attachment 8472519 [details] [diff] [review]
use correct way to append a string
Attachment #8472519 - Flags: review?(rail)
Comment on attachment 8472519 [details] [diff] [review]
use correct way to append a string

Review of attachment 8472519 [details] [diff] [review]:
-----------------------------------------------------------------

::: scripts/l10n/create-release-repacks.py
@@ +88,5 @@
>              " -c " + \
> +            path.join(os.getcwd(), "scripts", "release", "signing", "host.cert").replace('\\', '\\\\\\\\')
> +        signingServers = os.environ["MOZ_SIGN_CMD"].split("-H", 1)[1].split("-H")
> +        for s in signingServers:
> +            env["MOZ_SIGN_CMD"] += " -H %s" % s.strip

Just add () at the end.
Attachment #8472519 - Flags: review?(rail) → review+
Attachment #8472514 - Attachment is obsolete: true
Attachment #8472514 - Flags: review?(rail)
(Assignee)

Updated

3 years ago
Summary: signtool changes for mac v2 signing broke win32 release repacks → pymake hacks in release repacks drop all but one signing server from list
(Assignee)

Comment 6

3 years ago
Comment on attachment 8472519 [details] [diff] [review]
use correct way to append a string

Landed, with the needed (): https://hg.mozilla.org/build/tools/rev/a200909fae14
Attachment #8472519 - Flags: checked-in+
(Assignee)

Comment 7

3 years ago
This worked. bug 1053378 is going to look at removing these crappy hacks altogether.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.