Create a PKG bundle for Mac for enterprise users
Categories
(Firefox Build System :: General, enhancement)
Tracking
(Not tracked)
People
(Reporter: mkaply, Unassigned)
References
Details
Attachments
(1 file)
Feedback from Mac enterprise users is that a PKG would be useful, similar to how we did an MSI for Windows. The process to do it on Mac seems simple: sudo pkgbuild --install-location /Applications --component /Volumes/Firefox/Firefox.app Firefox.pkg Not sure how this could be done on Linux.
|
Reporter | |
Comment 1•5 years ago
|
||
Some info on how to do it on Linux http://krypted.com/mac-os-x/inspecting-creating-mac-installer-packages-linux/
|
||
Comment 2•5 years ago
|
||
This is more a build/packaging thing than an installer thing.
Per conversation with :kmoir, I'm going through untriaged bugs in her components and marking the ones which look to be enhancements/tasks with the enhancement severity to get them out of the triage queue.
If this incorrect, please remove the tag.
|
|
Reporter | |
Comment 4•5 years ago
|
||
So this is becoming more of an issue with enterprise Mac. Need to look into how to prioritize.
The process itself seems very straightforward for a basic installer.
This would be similar to MSI, not designed for regular users.
|
||
Comment 5•5 years ago
|
||
Aki, Nick, can you look at if this request would fit into the current work for notarizing macOS builds?
|
||
Comment 6•5 years ago
|
||
Sure. I added a trello card and can add it to iscript.
|
||
Comment 7•5 years ago
|
||
Thanks for your help on this, I'm trying to scope the ESR68 delivery, can you please confirm if this could be done in time for 68?
|
|
||
Comment 8•5 years ago
|
||
removing NI to Aaron, I was intending to NI aki...
|
|
||
Comment 9•5 years ago
|
||
Hm, looks like 68 goes to release/esr in July.
We were just discussing timeframes for the notarization work, and there's a chance that spills into Q3. We could also potentially create the pkg in a linux-based repackage step, but that would be a separate piece of work.
If we slip 68.0esr, is it ok to uplift into a later 68.x esr release? Or do we need to be in place for 68.0?
|
|
||
Comment 10•5 years ago
|
||
Thanks Akl
I don't think it's something allowed per the ESR rules but probably Mike would know for sure?
|
|
Reporter | |
Comment 11•5 years ago
|
||
I don't see a problem uplifting something like this. It's primarily build related.
|
|
||
Comment 12•5 years ago
|
||
(In reply to Aki Sasaki [:aki] from comment #9)
Hm, looks like 68 goes to release/esr in July.
We were just discussing timeframes for the notarization work, and there's a chance that spills into Q3. We could also potentially create the pkg in a linux-based repackage step, but that would be a separate piece of work.If we slip 68.0esr, is it ok to uplift into a later 68.x esr release? Or do we need to be in place for 68.0?
Can you please clarify what the most likely plan for shipping this would be?
Land on 69 Nightly and then uplift to 68 Beta?
This should be available for both release and ESR users.
|
|
||
Comment 13•5 years ago
|
||
We will land on nightly and uplift as needed, depending on timing. If that lands before 68.0b1, then it can ride the trains. If it lands afterwards, we'll need to uplift to beta, and potentially release/esr68 depending on how late it is.
We're currently hoping we can land by 68.0b1, but we're making contingency plans.
|
||
Comment 14•5 years ago
|
||
Mike, did you hear anything about signing and/or notarization of the pkg in the feedback ? Wondering our requirements look like.
|
|
||
Comment 15•5 years ago
|
||
And which branches would we want to support this on ? That plays into capacity planning for infra.
|
|
Reporter | |
Comment 16•5 years ago
|
||
Mike, did you hear anything about signing and/or notarization of the pkg in the feedback ? Wondering our requirements look like.
All I heard at the Mac conference week was "signed package". Nothing about notarization at this point.
And which branches would we want to support this on ? That plays into capacity planning for infra.
ESR and release. Probably beta for testing, but definitely not nightly.
|
|
||
Comment 17•5 years ago
|
||
|
|
||
Comment 18•5 years ago
|
||
AkI can you please confirm the uplift plan for this so relman (Julien now cc here) knows what to expect?
|
|
||
Comment 19•5 years ago
|
||
It still depends on timing, and our wants. We can uplift if we're late to land and we want this on beta, esr, or release.
|
|
||
Comment 20•5 years ago
|
||
Per comment 12 and comment 16 I confirm we want this on Beta, release and ESR. Starting with the 68 release.
|
|
||
Comment 21•5 years ago
|
||
AkI, can you please help understand the latest regarding nightly landing and uplift timing so relman knows what to expect?
|
|
||
Comment 22•5 years ago
|
||
We're going to miss the beta uplift. We're still trying to get both notarization and pkg landed at the same time, because it's less work overall. If notarization delays pkg too far, we'll have to get pkg working by itself, and then undo that work to get pkg+notarization landed together, later in the 68 cycle.
|
|
||
Comment 23•5 years ago
|
||
For info we decided to move this to release 69 and we will want to bring it to a ESR 68.X given feature value does not justify going through the exception process.
|
|
||
Comment 24•5 years ago
|
||
Hi AKi, can you please update us on this? QA is looking at it now as part of the 69 QA cycle.
|
|
||
Comment 25•5 years ago
|
||
PKG installers are included in the mac notarization patchset. We're in the final stretch there, and ideally we can land that before Whistler, then potentially uplift to beta once we get QA signoff.
|
||
Comment 26•5 years ago
|
||
(In reply to Aki Sasaki [:aki] from comment #25)
PKG installers are included in the mac notarization patchset. We're in the final stretch there, and ideally we can land that before Whistler, then potentially uplift to beta once we get QA signoff.
This means that manual QA is required for Nightly 69 as well?
|
|
||
Comment 27•5 years ago
|
||
(In reply to Camelia Badau [:cbadau], Release Desktop QA from comment #26)
(In reply to Aki Sasaki [:aki] from comment #25)
PKG installers are included in the mac notarization patchset. We're in the final stretch there, and ideally we can land that before Whistler, then potentially uplift to beta once we get QA signoff.
This means that manual QA is required for Nightly 69 as well?
The exact same changes will land in Nightly 69, and then will be uplifted to Beta 68 when it passes QA. So either yes, for Nightly 69 as well, or we can consider that for Nightly 69 instead, and just make sure it still works in 68.
|
|
||
Comment 28•5 years ago
|
||
And when will we have the build available so we can start testing on Nightly 69 and Beta 68?
We are now at Firefox 68 Beta 9 and if we want to have this feature in Firefox Beta 68, it will be necessary to land this as soon as possible because we are close to the end of the cycle.
|
||
Comment 29•5 years ago
|
||
Camelia, this was deferred to 69 per comment 23.
|
|
||
Comment 30•5 years ago
|
||
I know that the feature was deferred to 69, but in comment 27, Aki Sasaki spoke about testing on Nightly 69 and then uplifting to Beta 68. This is the reason I mentioned Firefox Beta 68.
So in the end, which are the versions we will test?
|
|
||
Comment 31•5 years ago
|
||
69, and eventually ESR 68.x in a later cycle.
|
|
||
Comment 32•5 years ago
|
||
That makes sense.
I should hopefully have a pkg installer on maple by EOD, though that may slip. When we're ready to land pkg on central, it will come with mac notarization, which will:
- switch mac signing from the mac signing servers to our new notarization pool
- widevine and omnija signing will also happen from this new pool, rather than the signing scriptworkers. The signing will still happen in Autograph.
- add notarization to our nightlies, betas, and release signing. This should allow us to install Firefox without warnings on MacOS Catalina
- add signed pkg installers
We've done a decent amount of testing here, but we'll want a sanity check when this lands:
- does it install cleanly, without errors?
- does it update cleanly, without errors?
- does Netflix still play? (widevine)
- do the pkg installers work?
We can freeze mac nightly updates while this testing happens.
I'm aiming for being able to land notarization+pkg into central tomorrow or Friday, though that is aggressive and may slip. Is QA ready for that schedule?
Once we're on central, we can determine when to uplift to esr68.
|
||
Comment 33•5 years ago
|
||
QA was not prepared to test this feature in Nightly 69, because that was not specified in the original request. I think most of the plan described in the last few comments here is news to us.
I don't have an answer yet with respect to whether QA is ready for the schedule outlined in Comment 32, and to be frank, it's hard to follow what the actual plan is for Nightly 69, Beta 69 and ESR 68, based on the currently available information.
Aki, Romain - please comment in PI-60 with the plan and final schedule, so that we have a clear understanding on what builds should be covered and when. In the meantime, we'll look into whether we can pull this off in what time we have left this cycle, without affecting our other commitments.
|
|
||
Comment 34•5 years ago
|
||
(In reply to Andrei Vaida [:avaida] from comment #33)
QA was not prepared to test this feature in Nightly 69, because that was not specified in the original request. I think most of the plan described in the last few comments here is news to us.
QA has been asking for PKG installers for quite some time in this bug. I'm not sure what the difference is between testing this in Nightly 69 and Beta 68, other than installing a different file?
I don't have an answer yet with respect to whether QA is ready for the schedule outlined in Comment 32, and to be frank, it's hard to follow what the actual plan is for Nightly 69, Beta 69 and ESR 68, based on the currently available information.
Aki, Romain - please comment in PI-60 with the plan and final schedule, so that we have a clear understanding on what builds should be covered and when. In the meantime, we'll look into whether we can pull this off in what time we have left this cycle, without affecting our other commitments.
I don't have access (tried to create an account, and it looks like you're out of licenses). Comment 32 is what I believe should be tested, though it's looking iffy that we'll be able to land this week. Releng can test a lot of this if QA doesn't have cycles, but the PKG is still on your plate. I still am not sure why it would matter significantly if you're testing the PKG installer in Nightly 69 or Beta 68.
|
||
Comment 35•5 years ago
|
||
(In reply to Aki Sasaki [:aki] from comment #34)
(In reply to Andrei Vaida [:avaida] from comment #33)
QA was not prepared to test this feature in Nightly 69, because that was not specified in the original request. I think most of the plan described in the last few comments here is news to us.
QA has been asking for PKG installers for quite some time in this bug. I'm not sure what the difference is between testing this in Nightly 69 and Beta 68, other than installing a different file?
I don't have an answer yet with respect to whether QA is ready for the schedule outlined in Comment 32, and to be frank, it's hard to follow what the actual plan is for Nightly 69, Beta 69 and ESR 68, based on the currently available information.
Aki, Romain - please comment in PI-60 with the plan and final schedule, so that we have a clear understanding on what builds should be covered and when. In the meantime, we'll look into whether we can pull this off in what time we have left this cycle, without affecting our other commitments.
I don't have access (tried to create an account, and it looks like you're out of licenses). Comment 32 is what I believe should be tested, though it's looking iffy that we'll be able to land this week. Releng can test a lot of this if QA doesn't have cycles, but the PKG is still on your plate. I still am not sure why it would matter significantly if you're testing the PKG installer in Nightly 69 or Beta 68.
Hi Aki, The PI request for this feature includes only Beta testing in Fx69. As you probably know, Nightly testing is optional and best-effort only. We already have a list of features that require nightly testing and it is quite late to add a new request . As per the original request this will be tested in Fx69 Beta. If there are any changes to this expectation, please create a new PI request (https://moz-pi-test.atlassian.net/servicedesk/customer/portal/9) and follow the exception path (https://docs.google.com/document/d/1jOTngDV_WWJGelTz4205ux4i5sAWfYNILHYmLLmHYeQ/edit). Also, if you think Nightly Testing is must, my advice would be wait for the next Release if that's a possibility.
|
|
||
Comment 36•5 years ago
|
||
Ok, no worries. The PKG installers will exist in Nightly, but won't get QA until the merge.
|
|
||
Updated•5 years ago
|
|
|
||
Comment 37•5 years ago
|
||
Landed in Nightly.
|
|
||
Comment 38•5 years ago
|
||
Cbadau and I both noticed that the pkg installer will overwrite your nightly in /Applications without prompting. I suspect this may be the expected behavior. Are we expecting different behavior?
|
|
Reporter | |
Comment 39•5 years ago
|
||
(In reply to Aki Sasaki [:aki] (he/him) (UTC-7) from comment #38)
Cbadau and I both noticed that the pkg installer will overwrite your nightly in /Applications without prompting. I suspect this may be the expected behavior. Are we expecting different behavior?
Overwrite without prompting is the expected behavior.
Description
•