-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: change nosign flag to sign and flip the logic #10156
Conversation
@nodejs/platform-windows @nodejs/build |
Oh, yes, finally. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but need input from someone more familiar with batch scripts.
Makes sense. Is this major seeing how it changes default behavior? This is usually when @bnoordhuis joins and sets me straight. |
Perhaps |
I don't think so, contributors need to build release for tests. |
I specifically meant the |
Ah, sorry about it. I don't see where |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you also update BUILDING.md?
Regarding semver-major: grey area. This change would break third-party build farms but we don't make any real commitments w.r.t. the stability of our build tools.
If I had to make the call, I'd play it safe and make it semver-major as it's not a critical bug fix.
It looks like the pull request template needs to be updated too. +1 to semver major to be safe. |
@@ -98,13 +98,13 @@ Prerequisites: | |||
and tools which can be included in the global `PATH`. | |||
|
|||
```console | |||
> .\vcbuild nosign | |||
> vcbuild |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removing .\
is undoing part of #8704 -- Is this intentional?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From memory I think the .\
was added for compatibility with PowerShell.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PowerShell... yup, unintentional,reverted.
@seishun if defined build_release (
set config=Release
set package=1
set msi=1
set licensertf=1
set download_arg="--download=all"
set i18n_arg=small-icu
) (Note this block is only executed for |
@richardlau Yes, I think I missed adding it there. Updated. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with the final nit that the status line of the commit log is just over the 50 character limit.
Sorry about that. I tried to trim it up to be under 50. I guess I could have dropped the last |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As already mentioned by @cjihrig https://github.com/nodejs/node/blob/master/.github/PULL_REQUEST_TEMPLATE.md should be updated to.
Other than that LGTM! Can't wait for this to land!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I guess it'd be good to get a review from someone in @nodejs/release , particularly for #10156 (comment) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but this needs to be rebased. Could you squash the commits while you're at it?
@cjihrig Done! |
@JoeDoyle23 sorry for joining the party so late. Your change to set sign by default in build-release looks good, it should not break our release process this way. I would still like diff --git a/vcbuild.bat b/vcbuild.bat
index 3a6827c..bc578c8 100644
--- a/vcbuild.bat
+++ b/vcbuild.bat
@@ -51,7 +51,7 @@ if /i "%1"=="x64" set target_arch=x64&goto arg-ok
if /i "%1"=="vc2015" set target_env=vc2015&goto arg-ok
if /i "%1"=="noprojgen" set noprojgen=1&goto arg-ok
if /i "%1"=="nobuild" set nobuild=1&goto arg-ok
-if /i "%1"=="nosign" goto arg-ok
+if /i "%1"=="nosign" set "sign="&goto arg-ok
if /i "%1"=="sign" set sign=1&goto arg-ok
if /i "%1"=="nosnapshot" set nosnapshot=1&goto arg-ok
if /i "%1"=="noetw" set noetw=1&goto arg-ok
@@ -73,7 +73,7 @@ if /i "%1"=="jslint" set jslint=1&goto arg-ok
if /i "%1"=="jslint-ci" set jslint_ci=1&goto arg-ok
if /i "%1"=="package" set package=1&goto arg-ok
if /i "%1"=="msi" set msi=1&set licensertf=1&set download_arg="--download=all"&set i18n_arg=small-icu&goto arg-ok
-if /i "%1"=="build-release" set build_release=1&goto arg-ok
+if /i "%1"=="build-release" set build_release=1&set sign=1&goto arg-ok
if /i "%1"=="upload" set upload=1&goto arg-ok
if /i "%1"=="small-icu" set i18n_arg=%1&goto arg-ok
if /i "%1"=="full-icu" set i18n_arg=%1&goto arg-ok
@@ -97,7 +97,6 @@ goto next-arg
if defined build_release (
set config=Release
set package=1
- set sign=1
set msi=1
set licensertf=1
set download_arg="--download=all" That requires To be careful, I'd like to make a test build before this lands. I'll start it when my comment above is included or rejected if that's the case. Thanks! |
@joaocgreis I didn't have much insight into all the ways |
Test build: https://nodejs.org/download/test/v8.0.0-test201612141edf886649/ (should be exactly the same as without the changes here, it just proves that there is no problem with the release scripts). LGTM @JoeDoyle23 Looks like there are still conflicts, can you please rebase again so we can start a CI run? |
Makes the default build on Windows not try to sign the node.exe binary after a build. Instead the 'sign' flag now indicates that the binary should be signed. The 'nosign' flag is left as a noop.
CI: https://ci.nodejs.org/job/node-test-pull-request/5407/ (freebsd failure unrelated to this) Regarding semver, an ill configured 3rd party release farm could indeed start releasing unsigned binaries because of this. It pains me, but I'll add the label. Why did the @nodejs-github-bot add the I can land this tomorrow if there are no objections. |
😭 , but agreed |
Makes the default build on Windows not try to sign the node.exe binary after a build. Instead the 'sign' flag now indicates that the binary should be signed. The 'nosign' flag is left as a noop. Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: João Reis <reis@janeasystems.com> PR-URL: #10156
Landed in 92ed1ab @JoeDoyle23 thanks! |
Makes the default build on Windows not try to sign the node.exe binary after a build. Instead the 'sign' flag now indicates that the binary should be signed. The 'nosign' flag is left as a noop. Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: João Reis <reis@janeasystems.com> PR-URL: nodejs#10156
Checklist
make -j8 test
(UNIX), orvcbuild test nosign
(Windows) passesAffected core subsystem(s)
build
Description of change
Makes the default build on Windows not try to sign the node.exe
binary after a build. Instead the 'sign' flag now indicates that the
binary should be signed. The 'nosign' flag is left as a noop.
This is a common stumbling block for new users compiling Node on Windows. If the
nosign
flag is left off anyvcbuild.bat
command, they see what appears to be an error with the build. Seeing as the only time node.exe gets signed is for official builds, it makes more sense to default to not trying to sign the binary and to flip the flag to indicate when it should be attempted.If accepted, this change will require the Windows build process to be adjusted to include the
sign
flag when callingvcbuild.bat
.