We need to create an OS X 10.10 signing server for DR.
coop/jordan, can you specify an r4 machine to take out of service and use for this?
nagios checks removed svn commit -m 'Bug 1141626 & Bug 1141628: remove nagios checks for DR minis' Sending releng/scl3.pp Transmitting file data . Committed revision 102585.
This host was renamed in inventory to mac-v2-signing5.test.releng.scl3.mozilla.com for reimaging purposes I successfully reimaged this to yosemite 10.10. Just need to get the signing parts onboard https://inventory.mozilla.org/en-US/systems/show/3949/
I think we should be using 10.9.5 for this, that's what the other v2 signing servers are.
I managed to sign something on this machine. I couldn't start up the signing server like we normally do because StartupItemContext is gone on 10.10, but that shouldn't matter for a DR machine that's not part of automation. Here's a tarball of the app that I signed: http://people.mozilla.org/~bhearsum/FirefoxNightly-testsign-10.10.tar.gz Since we've never done signing on 10.10 we should make sure that it validates correctly as signed on all supported platforms (10.6 through 10.10, I believe). Steven, any chance you can help with that, or know who can?
> Steven, any chance you can help with that, or know who can? I can do it. And I may be the only Mozilla person who can ... which is really bad, since I'm going to be retiring later this year. But while I'm still here :-)
> http://people.mozilla.org/~bhearsum/FirefoxNightly-testsign-10.10.tar.gz I checked this, and it looks fine to me. But we really should be testing with FirefoxNightly.app dragged out from a DMG. Furthermore, this file and any DMG needs to be downloaded using a browser (like Firefox) onto every machine where you're going to test it. Otherwise neither it nor the copy of FirefoxNightly.app extracted from it will have a com.apple.quarantine attribute -- which both need to have for the "run by double-clicking" test to work properly. First I used a browser to download this file to every machine where I was going to test. Then I made sure each version of OS X in which I tested had "allow apps downloaded from" set to "Mac App Store and identified developers" (the default). (This setting isn't available on OS X 10.6.8, so I didn't use it there.) Then, in each version of OS X where I tested I extracted a new copy of FirefoxNightly.app. Then I did the following tests, which all passed: 1) Double-click on FirefoxNightly.app 2) Run spctl -a -v on FirefoxNightly.app (not available on OS X 10.6.8) 3) Run codesign -vvvv on FirefoxNightly.app I never saw the "verifying" progress bar in step 1 (as I normally would, and as I always do when double-clicking for the first time on a FirefoxNightly.app newly dragged out from a DMG). So my tests weren't entirely representative. But I think my tests show that the app in your tarball is properly signed. I tested on OS X 10.6.8, 10.8.5, 10.9.5 and 10.10.2.
Jake, you're clear to ship this machine out now as far as I'm concerned.
(In reply to Ben Hearsum [:bhearsum] from comment #9) > Jake, you're clear to ship this machine out now as far as I'm concerned. Thanks Ben!
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.