Closed Bug 715623 Opened 13 years ago Closed 13 years ago

Load balance between signing servers

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: catlee, Assigned: rail)

Details

Attachments

(2 files, 1 obsolete file)

pass --cachedir in MOZ_SIGN_CMD
1.90 KB, patch
rail
: review+
catlee
: checked-in+
Details | Diff | Splinter Review
implement --cachedir for signtool (with quotes for nsscmd)
5.92 KB, patch
rail
: review+
catlee
: checked-in+
Details | Diff | Splinter Review
We're currently locked into using one signing server per build because of the way windows builds work. The basic problem here is that we run 'make package' followed by 'make installer'. Both targets copy the same original unsigned files to a staging directory, and then sign them. We're relying on server-side caching to make sure we get the same signcode signature given the same .dll/.exe. Having the same signature is important so that the binaries in the setup.exe, .zip, and .mar files are identical; otherwise partial updates won't apply cleanly. One fix for this is to do local caching of signed files by unsigned file hash. This way a single build will only sign each unsigned file once, instead of possibly twice.
Attachment #586177 - Flags: review?(rail)
Attachment #586181 - Flags: review?(rail)
Attachment #586181 - Flags: review?(rail) → review+
Comment on attachment 586177 [details] [diff] [review] implement --cache-dir for signtool Review of attachment 586177 [details] [diff] [review]: ----------------------------------------------------------------- ::: release/signing/signing.py @@ +474,5 @@ > + os.rename(tmpfile, dest) > + log.info("%s: OK", filehash) > + # See if we should re-sign NSS > + if options.nsscmd and filehash != newhash and os.path.exists(os.path.splitext(filename)[0] + ".chk"): > + cmd = "%s %s" % (options.nsscmd, dest) How about this? cmd = '%s "%s"' % (options.nsscmd, dest) It shouldn't be a problem, but...
Attachment #586177 - Flags: review?(rail) → review+
same as before, now with quotes in both places for nsscmd
Attachment #586177 - Attachment is obsolete: true
Attachment #586466 - Flags: review?(rail)
Attachment #586466 - Flags: review?(rail) → review+
Attachment #586181 - Flags: checked-in+
Attachment #586466 - Flags: checked-in+
Chris, should this be assigned to you?
Assignee: nobody → catlee
Rail turned on load balancing in secrets.pp; waiting for the next reconfig.
Assignee: catlee → rail
it works great!
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: