Closed Bug 1628491 Opened 6 years ago Closed 2 years ago

mac signers need new XCode

Categories

(Infrastructure & Operations :: RelOps: Puppet, task)

Product:
Infrastructure & Operations
Component:
RelOps: Puppet
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INACTIVE

People

(Reporter: mozilla, Unassigned)

Details

Attachments

(1 file)

GitHub Pull Request - full xcode package via s3
61 bytes, text/x-github-pull-request
Details | Review

Our Mac signers rely on altool, which is installed as part of XCode. Apple has changed altool significantly since we've imaged our signing pool. It looks like we need to upgrade XCode to get support for bug 1620697. We should roll the new version of XCode to a single machine for testing, before rolling out to the rest of the pool.

I believe the current process involves creating a new base image, reimaging one or a handful of machines pointing at that new image to test, and optionally making that the default image when we want to roll it out everywhere. I think it's likely that we'll need to update the signers' XCode installs frequently, potentially at a faster frequency than the test or PGO pools. If that's true, and if the reimaging process is heavyweight, we may want to consider alternate solutions: update through the App Store? or otherwise update XCode without reimaging.

We may have resolved bug 1620697 without this. We probably need to plan for when this becomes necessary, however.

No longer blocks: lost-notarization-uuid

I agree with the thought not baking full xcode into the base image as it is currently done since building new images is a heavy process. I also think the softwareupdate tool might be a good path to explore for installing Xcode.

Assignee: nobody → jwatkins

For posterity, we were looking at an XCode upgrade because of altool improvements described here
https://mjtsai.com/blog/2019/07/03/
https://mjtsai.com/blog/2020/04/02/altool-4-01/
in short - XCode 11 added concurrent uploads for notarization, and defaulted to https transport.

In the end we worked around the issue in bug 1620697 but at some point we'll have to investigate how to keep current with XCode.

Component: RelOps: Hardware → RelOps: Puppet
QA Contact: mcornmesser
Assignee: jwatkins → dhouse
Assignee: dhouse → relops
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: