[SERVER-66461] Run notarization earlier in the build process Created: 13/May/22 Updated: 29/Oct/23 Resolved: 13/Jul/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.0.1, 5.0.10, 4.4.16, 4.2.22, 6.1.0-rc0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Andrew Morrow (Inactive) | Assignee: | Daniel Moody |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||
| Backport Requested: |
v6.0, v5.0, v4.4, v4.2
|
||||||||||||||||||||
| Sprint: | Dev Platform 2022-06-13, Dev Platform 2022-06-27, Dev Platform 2022-07-11 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Description |
|
We currently run notarization as part of the push task, but this can't be patch built. It also means that the files on the task download page from things like the package task aren't notarized, even though they could be. We should consider moving notarization from push into package to improve its testability, and to ensure that binaries pulled from the package task are of the same quality as those we would publish to the world. |
| Comments |
| Comment by Githook User [ 22/Jul/22 ] |
|
Author: {'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}Message: (cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32) |
| Comment by Githook User [ 13/Jul/22 ] |
|
Author: {'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}Message: (cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32) |
| Comment by Aaron Morand (Inactive) [ 13/Jul/22 ] |
|
daniel.moody@mongodb.com, I fixed up the metadata, does this look correct to you? |
| Comment by Githook User [ 13/Jul/22 ] |
|
Author: {'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}Message: (cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32) |
| Comment by Githook User [ 13/Jul/22 ] |
|
Author: {'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}Message: Revert " This reverts commit fafbdd8cc4abd580bb403aaf8ea2dab15375551b. |
| Comment by Yujin Kang Park [ 13/Jul/22 ] |
|
daniel.moody@mongodb.com , I tried running a patch on v4.4 and I get the following error in all compile tasks for all variants. [2022/07/13 11:31:33.720] Running command 'subprocess.exec' (step 2 of 7) Apparently this is something that was recently added by the backport to 4.4 of this ticket. |
| Comment by Githook User [ 12/Jul/22 ] |
|
Author: {'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}Message: (cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32) |
| Comment by Githook User [ 12/Jul/22 ] |
|
Author: {'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}Message: (cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32) |
| Comment by Githook User [ 07/Jul/22 ] |
|
Author: {'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}Message: |
| Comment by Daniel Moody [ 13/May/22 ] |
|
what are the implications for this and the macos notarization? As far as I know the macos notarization reaches out to apple servers for some proprietary signing? If we have this happening in all patch builds will it be too much? are there limits? tural.farhadov@mongodb.com any insight on my questions? |