The default bug view has changed. See this FAQ.

pymake hacks in release repacks drop all but one signing server from list

RESOLVED FIXED

Status

Release Engineering
Release Automation
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: bhearsum, Assigned: bhearsum)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

3 years ago
c:\builds\moz2_slave\tb-rel-c-beta-w32_rpk_1-000000\comm-beta\obj-l10n\mail\locales\Makefile:115:0: command 'c:/mozilla-build/python27/python.exe c:/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/comm-beta/mozilla/build/pymake/pymake/../make.py repackage-win32-installer AB_CD=br WIN32_INSTALLER_IN=c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\thunderbird.exe' failed, return code 2
Usage: signtool.py [options] file [file ...]

If no include patterns are specified, all files will be considered. -i/-x only
have effect when signing entire directories.

signtool.py: error: no hosts capable of signing formats: signcode

  MOZ_SIGN_CMD=python /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/scripts/release/signing/signtool.py --cachedir /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/signing_cache -t /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/token -n /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/nonce -c /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/scripts/release/signing/host.cert -H gpg:signcode:mar:jar:b2gmar:signing4.srv.releng.scl3.mozilla.com:9120 -H gpg:signcode:mar:jar:b2gmar:signing5.srv.releng.scl3.mozilla.com:9120 -H gpg:signcode:mar:jar:b2gmar:signing6.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing2.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing3.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing4.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing1.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing2.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing3.srv.releng.scl3.mozilla.com:9120
(Assignee)

Comment 1

3 years ago
The actual command that tried to execute was:
c:\builds\moz2_slave\tb-rel-c-beta-w32_rpk_1-000000\comm-beta\mozilla\toolkit\mozapps\installer\windows\nsis\makensis.mk:64:0$ python c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\scripts\\\\release\\\\signing\\\\signtool.py --cachedir c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\signing_cache -t c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\token -n c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\nonce -c c:\\\\builds\\\\moz2_slave\\\\tb-rel-c-beta-w32_rpk_1-000000\\\\scripts\\\\release\\\\signing\\\\host.cert -H gpg:dmgv2:mar:mac-v2-signing3.srv.releng.scl3.mozilla.com:9120 -f signcode "l10ngen/setup.exe"

Which makes it look like something somewhere is dropping some of the potential hosts....
(Assignee)

Comment 2

3 years ago
The problem is this long lived hack which strips out all but one of the signing servers: https://github.com/mozilla/build-tools/blob/master/scripts/l10n/create-release-repacks.py#L90

Fix is incoming.
(Assignee)

Updated

3 years ago
Assignee: nobody → bhearsum
(Assignee)

Comment 3

3 years ago
Created attachment 8472514 [details] [diff] [review]
use multiple signing servers for release repacks again

I tested all the splitting parts by hand:
>>> foo = "python /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/scripts/release/signing/signtool.py --cachedir /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/signing_cache -t /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/token -n /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/nonce -c /c/builds/moz2_slave/tb-rel-c-beta-w32_rpk_1-000000/scripts/release/signing/host.cert -H gpg:signcode:mar:jar:b2gmar:signing4.srv.releng.scl3.mozilla.com:9120 -H gpg:signcode:mar:jar:b2gmar:signing5.srv.releng.scl3.mozilla.com:9120 -H gpg:signcode:mar:jar:b2gmar:signing6.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing2.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing3.srv.releng.scl3.mozilla.com:9120 -H gpg:dmg:mar:mac-signing4.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing1.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing2.srv.releng.scl3.mozilla.com:9120 -H gpg:dmgv2:mar:mac-v2-signing3.srv.releng.scl3.mozilla.com:9120"
>>> a = foo.split("-H", 1)[1].split("-H")
>>> a[0]
' gpg:signcode:mar:jar:b2gmar:signing4.srv.releng.scl3.mozilla.com:9120 '

I think the rest is trivial enough...
Attachment #8472514 - Flags: review?(rail)
(Assignee)

Comment 4

3 years ago
Created attachment 8472519 [details] [diff] [review]
use correct way to append a string
Attachment #8472519 - Flags: review?(rail)
Comment on attachment 8472519 [details] [diff] [review]
use correct way to append a string

Review of attachment 8472519 [details] [diff] [review]:
-----------------------------------------------------------------

::: scripts/l10n/create-release-repacks.py
@@ +88,5 @@
>              " -c " + \
> +            path.join(os.getcwd(), "scripts", "release", "signing", "host.cert").replace('\\', '\\\\\\\\')
> +        signingServers = os.environ["MOZ_SIGN_CMD"].split("-H", 1)[1].split("-H")
> +        for s in signingServers:
> +            env["MOZ_SIGN_CMD"] += " -H %s" % s.strip

Just add () at the end.
Attachment #8472519 - Flags: review?(rail) → review+
Attachment #8472514 - Attachment is obsolete: true
Attachment #8472514 - Flags: review?(rail)
(Assignee)

Updated

3 years ago
Summary: signtool changes for mac v2 signing broke win32 release repacks → pymake hacks in release repacks drop all but one signing server from list
(Assignee)

Comment 6

3 years ago
Comment on attachment 8472519 [details] [diff] [review]
use correct way to append a string

Landed, with the needed (): https://hg.mozilla.org/build/tools/rev/a200909fae14
Attachment #8472519 - Flags: checked-in+
(Assignee)

Comment 7

3 years ago
This worked. bug 1053378 is going to look at removing these crappy hacks altogether.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.