From de7439a192dc87c90d4e7eb7a688ff2d12992e19 Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Tue, 3 Mar 2020 10:29:26 +1100 Subject: [PATCH 1/3] jenkins: osx10.15 --- jenkins/scripts/VersionSelectorScript.groovy | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jenkins/scripts/VersionSelectorScript.groovy b/jenkins/scripts/VersionSelectorScript.groovy index 3c30e633f..f24085dce 100644 --- a/jenkins/scripts/VersionSelectorScript.groovy +++ b/jenkins/scripts/VersionSelectorScript.groovy @@ -103,7 +103,9 @@ def buildExclusions = [ // OSX --------------------------------------------------- [ /^osx1010/, anyType, gte(11) ], [ /^osx1011/, releaseType, lt(11) ], - + [ /^osx1011/, releaseType, gte(14) ], + [ /^osx1015/, releaseType, lt(14) ], + // FreeBSD ----------------------------------------------- [ /^freebsd10/, anyType, gte(11) ], From 11a446c36f140ed34026de8269df2a80b612831e Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Tue, 3 Mar 2020 19:30:33 +1100 Subject: [PATCH 2/3] doc: add macos release builder setup notes Closes: #2199 --- doc/non-ansible-configuration-notes.md | 43 ++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/doc/non-ansible-configuration-notes.md b/doc/non-ansible-configuration-notes.md index 9dee2898e..016e25ea4 100644 --- a/doc/non-ansible-configuration-notes.md +++ b/doc/non-ansible-configuration-notes.md @@ -16,3 +16,46 @@ certbot --nginx run -d iojs.org -m build@iojs.org --agree-tos --no-redirect certbot --nginx run -d www.iojs.org -m build@iojs.org --agree-tos --no-redirect certbot --nginx run -d roadmap.iojs.org -m build@iojs.org --agree-tos --no-redirect ``` + +## macOS release servers + +Previous notes: [#1393](https://github.com/nodejs/build/issues/1393) + +### Full Xcode + +Xcode Command-line tools are not enough to perform a full notarization cycle, full Xcode must be installed manually. + +As root: + +* Download Xcode: https://developer.apple.com/download/more/ - find non-beta version, open Developer Tools in browser, Networking tab, start download (then cancel), in Networking tab "Copy as cURL" (available in Chrome & FF) +* Download onto release machine using the copied curl command (may need `-o xcode.xip` appended to curl command) to `/tmp` +* Extract: `xip --extract xcode.xip` +* Move `Xcode.app` directory to `/Applications` +* `xcode-select --switch /Applications/Xcode.app` +* `xcode-select -r` - accept license + +### Signing certificates + +* Extract from secrets/build/release: `dotgpg cat Apple\ Developer\ ID\ Node.js\ Foundation.p12.base64 | base64 -d > /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12` +* Transfer to release machine (scp to /tmp) +* `sudo security import /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12 -k /Library/Keychains/System.keychain -T /usr/bin/codesign -T /usr/bin/productsign -P 'XXXX'` (where XXXX is found in secrets/build/release/apple.md) (`security unlock-keychain -u /Library/Keychains/System.keychain` _may_ be required prior to running this command). + +### SSH + +(This step is identical for all release machines.) + +As iojs: + +* `mkdir .ssh` +* Add `.ssh/config`: + +``` +Host node-www + HostName direct.nodejs.org + User staging + IdentityFile ~/.ssh/id_rsa +``` + +* Add `.ssh/id_rsa` with release SSH key. +* `chown 700 .ssh && chmod 600 .ssh/*` +* `ssh node-www` to set up known_hosts entry and check that it works From 9b7550e6b3deaf210f4ab96cac1a531ba8aed1a8 Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Tue, 10 Mar 2020 20:22:29 +1100 Subject: [PATCH 3/3] fixup! doc: add macos release builder setup notes --- ansible/MANUAL_STEPS.md | 67 ++++++++++++++++++-------- doc/non-ansible-configuration-notes.md | 43 ----------------- 2 files changed, 47 insertions(+), 63 deletions(-) diff --git a/ansible/MANUAL_STEPS.md b/ansible/MANUAL_STEPS.md index 2f4ce008a..97423b194 100644 --- a/ansible/MANUAL_STEPS.md +++ b/ansible/MANUAL_STEPS.md @@ -1,26 +1,29 @@ # Manual steps required to setup machines -* [Firewall Config](#adding-firewall-entries-for-jenkins-workers) -* [Release machines](#release--machines) -* [RHEL7-s390x](#RHEL7-s390x) - * [V8 Build Tools](#V8-build-tools) - * [Devtoolset-6](#devtoolset-6-install) +* [Adding firewall entries for Jenkins workers](#adding-firewall-entries-for-jenkins-workers) +* [`release-*` machines](#release--machines) + * [macOS release machines](#macos-release-machines) + * [Full Xcode](#full-xcode) + * [Signing certificates](#signing-certificates) +* [RHEL7-S390X](#rhel7-s390x) + * [V8 build-tools](#v8-build-tools) + * [devtoolset-6 install](#devtoolset-6-install) * [macOS](#macos) -* [AIX 72](#aix-72-install) - * [ccache on AIX 72](#ccache-374-on-aix-72) - * [AHA filesystem](#Enable-the-AHA-fs) - * [XL Compilers](#Install-XL-compilers) - * [Missing shared objects](#fix-missing-shared-objects) - * [Preparing GCC](#Preparing-gcc-distributables) - * [Preparing ccache](#Preparing-ccache-distributables) -* [Windows](#windows-azurerackspace) - * [Control Machine](#control-machine-where-ansible-is-run) - * [Target machines](#Target-machines) -* [Jenkins Workspace](#jenkins-workspace) -* [Docker hosts](#Docker-hosts) -* [SmartOS](#SmartOS) -* [Raspberry Pi](#Raspberry-Pi) - * [NFS boot](#NFS-boot) +* [AIX 7.2 Install](#aix-72-install) + * [ccache 3.7.4 on AIX 7.2](#ccache-374-on-aix-72) + * [Enable the AHA fs](#enable-the-aha-fs) + * [Install XL compilers](#install-xl-compilers) + * [Fix "Missing" shared objects](#fix-missing-shared-objects) + * [Preparing gcc distributables](#preparing-gcc-distributables) + * [Preparing ccache distributables](#preparing-ccache-distributables) +* [Windows (Azure/Rackspace)](#windows-azurerackspace) + * [Control machine (where Ansible is run)](#control-machine-where-ansible-is-run) + * [Target machines](#target-machines) +* [jenkins-workspace](#jenkins-workspace) +* [Docker hosts](#docker-hosts) +* [SmartOS](#smartos) +* [Raspberry Pi](#raspberry-pi) + * [NFS boot](#nfs-boot) ## Adding firewall entries for Jenkins workers @@ -57,11 +60,35 @@ Host node-www Its necessary to accept the `known_hosts` keys interactively on first ssh or the release builds will fail. After setting up .ssh, do something like this: + ``` ssh node-www date // ... accept the host keys ``` +### macOS release machines + +Previous notes: [#1393](https://github.com/nodejs/build/issues/1393) + +#### Full Xcode + +Xcode Command-line tools are not enough to perform a full notarization cycle, full Xcode must be installed manually. + +As root: + +* Download Xcode: https://developer.apple.com/download/more/ - find non-beta version, open Developer Tools in browser, Networking tab, start download (then cancel), in Networking tab "Copy as cURL" (available in Chrome & FF) +* Download onto release machine using the copied curl command (may need `-o xcode.xip` appended to curl command) to `/tmp` +* Extract: `xip --extract xcode.xip` +* Move `Xcode.app` directory to `/Applications` +* `xcode-select --switch /Applications/Xcode.app` +* `xcode-select -r` - accept license + +#### Signing certificates + +* Extract from secrets/build/release: `dotgpg cat Apple\ Developer\ ID\ Node.js\ Foundation.p12.base64 | base64 -d > /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12` +* Transfer to release machine (scp to /tmp) +* `sudo security import /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12 -k /Library/Keychains/System.keychain -T /usr/bin/codesign -T /usr/bin/productsign -P 'XXXX'` (where XXXX is found in secrets/build/release/apple.md) (`security unlock-keychain -u /Library/Keychains/System.keychain` _may_ be required prior to running this command). + ## RHEL7-S390X ### V8 build-tools diff --git a/doc/non-ansible-configuration-notes.md b/doc/non-ansible-configuration-notes.md index 016e25ea4..9dee2898e 100644 --- a/doc/non-ansible-configuration-notes.md +++ b/doc/non-ansible-configuration-notes.md @@ -16,46 +16,3 @@ certbot --nginx run -d iojs.org -m build@iojs.org --agree-tos --no-redirect certbot --nginx run -d www.iojs.org -m build@iojs.org --agree-tos --no-redirect certbot --nginx run -d roadmap.iojs.org -m build@iojs.org --agree-tos --no-redirect ``` - -## macOS release servers - -Previous notes: [#1393](https://github.com/nodejs/build/issues/1393) - -### Full Xcode - -Xcode Command-line tools are not enough to perform a full notarization cycle, full Xcode must be installed manually. - -As root: - -* Download Xcode: https://developer.apple.com/download/more/ - find non-beta version, open Developer Tools in browser, Networking tab, start download (then cancel), in Networking tab "Copy as cURL" (available in Chrome & FF) -* Download onto release machine using the copied curl command (may need `-o xcode.xip` appended to curl command) to `/tmp` -* Extract: `xip --extract xcode.xip` -* Move `Xcode.app` directory to `/Applications` -* `xcode-select --switch /Applications/Xcode.app` -* `xcode-select -r` - accept license - -### Signing certificates - -* Extract from secrets/build/release: `dotgpg cat Apple\ Developer\ ID\ Node.js\ Foundation.p12.base64 | base64 -d > /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12` -* Transfer to release machine (scp to /tmp) -* `sudo security import /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12 -k /Library/Keychains/System.keychain -T /usr/bin/codesign -T /usr/bin/productsign -P 'XXXX'` (where XXXX is found in secrets/build/release/apple.md) (`security unlock-keychain -u /Library/Keychains/System.keychain` _may_ be required prior to running this command). - -### SSH - -(This step is identical for all release machines.) - -As iojs: - -* `mkdir .ssh` -* Add `.ssh/config`: - -``` -Host node-www - HostName direct.nodejs.org - User staging - IdentityFile ~/.ssh/id_rsa -``` - -* Add `.ssh/id_rsa` with release SSH key. -* `chown 700 .ssh && chmod 600 .ssh/*` -* `ssh node-www` to set up known_hosts entry and check that it works