[SERVER-66461] Run notarization earlier in the build process Created: 13/May/22  Updated: 29/Oct/23  Resolved: 13/Jul/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 6.0.1, 5.0.10, 4.4.16, 4.2.22, 6.1.0-rc0

Type: Improvement Priority: Major - P3
Reporter: Andrew Morrow (Inactive) Assignee: Daniel Moody
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Duplicate
is duplicated by SERVER-64332 Notarize MongoDB builds for macos Closed
Gantt Dependency
Backwards Compatibility: Fully Compatible
Backport Requested:
v6.0, v5.0, v4.4, v4.2
Sprint: Dev Platform 2022-06-13, Dev Platform 2022-06-27, Dev Platform 2022-07-11
Participants:

 Description   

We currently run notarization as part of the push task, but this can't be patch built. It also means that the files on the task download page from things like the package task aren't notarized, even though they could be. We should consider moving notarization from push into package to improve its testability, and to ensure that binaries pulled from the package task are of the same quality as those we would publish to the world.



 Comments   
Comment by Githook User [ 22/Jul/22 ]

Author:

{'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}

Message: SERVER-66461 added macos signing at evergreen archive step

(cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32)
Branch: v6.0
https://github.com/mongodb/mongo/commit/8acfafff8eb0106476823c812de16522f0e1d4fb

Comment by Githook User [ 13/Jul/22 ]

Author:

{'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}

Message: SERVER-66461 added macos signing at evergreen archive step

(cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32)
(cherry picked from commit 6fa7f012f27fe05940223d257f7cccf4c3729a32)
(cherry picked from commit 42dee378c0dca21d822ccf11cd8d510d9189aeb8)
Branch: v4.2
https://github.com/mongodb/mongo/commit/16acd82faa5c42a8447619b1cb18e5da341185c8

Comment by Aaron Morand (Inactive) [ 13/Jul/22 ]

daniel.moody@mongodb.com, I fixed up the metadata, does this look correct to you?

Comment by Githook User [ 13/Jul/22 ]

Author:

{'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}

Message: SERVER-66461 added macos signing at evergreen archive step

(cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32)
(cherry picked from commit 6fa7f012f27fe05940223d257f7cccf4c3729a32)
Branch: v4.4
https://github.com/mongodb/mongo/commit/42dee378c0dca21d822ccf11cd8d510d9189aeb8

Comment by Githook User [ 13/Jul/22 ]

Author:

{'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}

Message: Revert "SERVER-66461 added macos signing at evergreen archive step"

This reverts commit fafbdd8cc4abd580bb403aaf8ea2dab15375551b.
Branch: v4.4
https://github.com/mongodb/mongo/commit/e2c6bf59b4983f936f387e6f6e1cb4cfd91b8f90

Comment by Yujin Kang Park [ 13/Jul/22 ]

daniel.moody@mongodb.com , I tried running a patch on v4.4 and I get the following error in all compile tasks for all variants.

[2022/07/13 11:31:33.720] Running command 'subprocess.exec' (step 2 of 7)
[2022/07/13 11:31:33.734] src/evergreen/run_python_script.sh: line 3: /data/mci/4b19e3c5e55ef1192ba6be16094a7400/src/evergreen/prelude.sh: No such file or directory
[2022/07/13 11:31:33.735] cd src
[2022/07/13 11:31:33.735] activate_venv
[2022/07/13 11:31:33.735] src/evergreen/run_python_script.sh: line 10: activate_venv: command not found
[2022/07/13 11:31:33.744] Command failed: process encountered problem: exit code 127
[2022/07/13 11:31:33.745] Task completed - FAILURE.

Apparently this is something that was recently added by the backport to 4.4 of this ticket.

Comment by Githook User [ 12/Jul/22 ]

Author:

{'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}

Message: SERVER-66461 added macos signing at evergreen archive step

(cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32)
Branch: v5.0
https://github.com/mongodb/mongo/commit/183ba4147987960428f705d88592de82d40c257b

Comment by Githook User [ 12/Jul/22 ]

Author:

{'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}

Message: SERVER-66461 added macos signing at evergreen archive step

(cherry picked from commit 362dbbd4c3c71a9604a085fbcf2636a961b5ff32)
(cherry picked from commit 6fa7f012f27fe05940223d257f7cccf4c3729a32)
Branch: v4.4
https://github.com/mongodb/mongo/commit/fafbdd8cc4abd580bb403aaf8ea2dab15375551b

Comment by Githook User [ 07/Jul/22 ]

Author:

{'name': 'Daniel Moody', 'email': 'daniel.moody@mongodb.com', 'username': 'dmoody256'}

Message: SERVER-66461 added macos signing at evergreen archive step
Branch: master
https://github.com/mongodb/mongo/commit/362dbbd4c3c71a9604a085fbcf2636a961b5ff32

Comment by Daniel Moody [ 13/May/22 ]

what are the implications for this and the macos notarization? As far as I know the macos notarization reaches out to apple servers for some proprietary signing? If we have this happening in all patch builds will it be too much? are there limits? tural.farhadov@mongodb.com any insight on my questions?

Generated at Thu Feb 08 06:05:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.