Closed Bug 392969 Opened 17 years ago Closed 17 years ago

implement Sign step for Bootstrap

Categories

(Release Engineering :: General, defect, P2)

Product:
Release Engineering
Component:
General
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rhelmer, Assigned: rhelmer)

References

Details

Attachments

(1 file, 3 obsolete files)

patch as landed
2.65 KB, patch
Details | Diff | Splinter Review 
Bootstrap currently has an unused "Sign" step; I am going to move this between "Repack" and "Updates" and use it to watch for win32 signed bits (with signing still done manually elsewhere).

Current process is that unsigned win32 files go in e.g.:
/firefox/nightly/2.0.0.6-candidates/rc2/unsigned/

We pull, sign and push back to:

/firefox/nightly/2.0.0.6-candidates/rc2/

Couple ways we could go here. I am thinking that the Sign step will just sit in a look and wait for something to happen, and then it'll exit so the process can go on.

One way to do this is to look for a file, that must be copied last (e.g. the signing log file). This seems like the simplest way to go, for now.
Attached patch simplest way I can think of (obsolete) — Splinter Review 
Assignee: build → rhelmer
Status: NEW → ASSIGNED

        Attachment #277464 -
        Flags: review?(nrthomas)

    
    

    
  


  
Now with 100% more testing!

        Attachment #277464 -
        Attachment is obsolete: true

        Attachment #277497 -
        Flags: review?(nrthomas)

        Attachment #277464 -
        Flags: review?(nrthomas)

    
    

    
  
Comment on attachment 277497 [details] [diff] [review]
sec not millis, better logfile name, grab product/version for announce

>Index: Bootstrap/Step/Sign.pm
>===================================================================
...
>+    my $signedDir = $config->GetFtpCandidateDir(bitsUnsigned => 0);
>+    my $unsignedDir = $config->GetFtpCandidateDir(bitsUnsigned => 1);
>+
>+    while (! -f catfile($unsignedDir . '/win32_signing.log')) {
>+        sleep(10);
>+    }

I think you want $signedDir in the -f test, unless you're proposing we stash the log in unsigned/ instead ? That'd save on removing it in the Stage step but you have to remember to tweak the target when rsyncing it up. 

Also, I had a look on the signing server and the recent trend seems to be to use rc$rc in the log name, otherwise you end up clobbering logs when signing later rc's. So maybe 
    catfile($signedDir, 'win32_signing_rc' . $rc . '.log') 
instead.

>+sub Announce {

This seems a bit weird for a manual step, since you know you did the signing. Is it for completeness, or as a cross check that you pushed up the log ? Would a message saying "Win32 builds done, please go sign them" be a useful prod when Sign starts ? (or modify the announce for the win32 Repack)

More generally, do you have thoughts on how we finish off the Stage step ? Last I checked we'd need a second Sign step to create the detached sigs & signed win32 installers, and do the final merging of the updates with everything else. I was wondering if we want to have Sign-Win32 and Sign-All steps, or we just add more code to Stage. Might want to rename this step in the first case.

        Attachment #277497 -
        Flags: review?(nrthomas) → review-

    
    

    
  
(In reply to comment #3)
> (From update of attachment 277497 [details] [diff] [review])
> >Index: Bootstrap/Step/Sign.pm
> >===================================================================
> ...
> >+    my $signedDir = $config->GetFtpCandidateDir(bitsUnsigned => 0);
> >+    my $unsignedDir = $config->GetFtpCandidateDir(bitsUnsigned => 1);
> >+
> >+    while (! -f catfile($unsignedDir . '/win32_signing.log')) {
> >+        sleep(10);
> >+    }
> 
> I think you want $signedDir in the -f test, unless you're proposing we stash
> the log in unsigned/ instead ? That'd save on removing it in the Stage step but
> you have to remember to tweak the target when rsyncing it up. 

Ok I understand from talking with cf in irc now.. this only returns a signed dir if you're on win32. This step just runs on stage.

Let's just do: 
my $unsignedDir = $config->GetFtpCandidateDir(bitsUnsigned => 1);

> Also, I had a look on the signing server and the recent trend seems to be to
> use rc$rc in the log name, otherwise you end up clobbering logs when signing
> later rc's. So maybe 
>     catfile($signedDir, 'win32_signing_rc' . $rc . '.log') 
> instead.


Seems kind of redundant because it's in an "rc" dir already.. maybe this makes more sense on the other side? I'll go ahead and do this.


> >+sub Announce {
> 
> This seems a bit weird for a manual step, since you know you did the signing.
> Is it for completeness, or as a cross check that you pushed up the log ? Would
> a message saying "Win32 builds done, please go sign them" be a useful prod when
> Sign starts ? (or modify the announce for the win32 Repack)


It's more for QA's benefit.


> More generally, do you have thoughts on how we finish off the Stage step ? Last
> I checked we'd need a second Sign step to create the detached sigs & signed
> win32 installers, and do the final merging of the updates with everything else.
> I was wondering if we want to have Sign-Win32 and Sign-All steps, or we just
> add more code to Stage. Might want to rename this step in the first case.


Personally, I think we should do all signing at this stage, but I am vigorously ignoring installer signing at this point :)

The Stage step gets to the point where we have a stage-signed/ dir ready for signing, and I think we'll have to take over by hand from there for now. 

    
    

    
  

      
      
      
      

        Attached patch
          
          
        rc in the logfilename (obsolete)
        — Splinter Review
      

    


  

        Attachment #277497 -
        Attachment is obsolete: true

    
    

    
  
(In reply to comment #5)
> Created an attachment (id=277569) [details]
> rc in the logfilename


Also cleans up the GetFTPCandidates() usage

    
    

    
  
Comment on attachment 277569 [details] [diff] [review]
rc in the logfilename

r+ with some small changes ...

>Index: Bootstrap/Step/Sign.pm
...
>     my $logDir = $config->Get(sysvar => 'logDir');

Can be removed as not used any more.

>+    exit(1);

Left over from testing ?

>+    while (! -f catfile($signedDir . '/win32_signing_rc' . $rc . '.log')) {

Not really using catfile here, just concatenation. How about 
   catfile($signedDir, 'win32_signing_rc' . $rc . '.log')

        Attachment #277569 -
        Flags: review+

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch as landedSplinter Review
      

    


  
Checking in README;
/cvsroot/mozilla/tools/release/README,v  <--  README
new revision: 1.5; previous revision: 1.4
done
Checking in release;
/cvsroot/mozilla/tools/release/release,v  <--  release
new revision: 1.13; previous revision: 1.12
done
Checking in Bootstrap/Step/Sign.pm;
/cvsroot/mozilla/tools/release/Bootstrap/Step/Sign.pm,v  <--  Sign.pm
new revision: 1.7; previous revision: 1.6
done

        Attachment #277569 -
        Attachment is obsolete: true

    
  
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Product: mozilla.org → Release Engineering

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: