Adhoc Worker
I'll keep track of the changes being done to mac-v3-signing20.srv.releng.mdc1.mozilla.com here, so when we decide to automate/puppetize it, there's a reference to the changes made there.
- Reset the client token
- Updated values in
/builds/scriptworker/taskcluster.yaml (backup in taskcluster.bkp.yaml)
script_config.yaml Removed all supported_behaviors and added only mac_notarize_vpn
Dep worker
Following aki's steps to create dep signer:
- Created
depbld user with random throwaway password
/usr/sbin/sysadminctl -addUser depbld -admin -password -
- Added user to
visudo restricted to package build binary only
depbld ALL=(root) NOPASSWD: /usr/bin/pkgbuild
- Create build folder
sudo mkdir /builds/dep && sudo chown cltbld:staff /builds/dep
- Switch to user and cd to folder
sudo -u depbld -i
cd /builds/dep
- Created python virtual environment
python3 -m venv virtualenv
- Activate venv
source virtualenv/bin/activate
- Copy over
requirements.txt from prod
cp /builds/scriptworker/requirements.txt ./requirements.txt
- Install python packages
pip install -r requirements.txt
- Install iscript, scriptworker, scriptworker_client, mozbuild
pip install \
git+https://github.com/mozilla-releng/scriptworker.git@main \
git+https://github.com/mozilla-releng/scriptworker-scripts.git@master#subdirectory=scriptworker_client \
git+https://github.com/mozilla-releng/scriptworker-scripts.git@master#subdirectory=vendored/mozbuild \
git+https://github.com/mozilla-releng/scriptworker-scripts.git@master#subdirectory=iscript
-
Manually copied /certs/, /scriptworker.yaml and /script_config.yaml from dep-mac-v3-signing3.srv.releng.mdc1.mozilla.com:/builds/dep1
❗Note: Make sure to verify ownership and access
❗Note: Double check taskcluster_scope_prefix -> "project:adhoc:signing:"
-
Updated script_config.yaml paths and supported_behaviors
-
Created new client in TC project/releng/scriptworker/v2/mac-signing/prod/firefoxci-adhoc-t
-
Updated ci-config with new client
-
(as my user) Copied daemon plist file /Library/LaunchDaemons/org.mozilla.scriptworker.depbld.plist, updated paths and user, and loaded the service
sudo launchctl load /Library/LaunchDaemons/org.mozilla.scriptworker.depbld.plist
Adhoc Worker
I'll keep track of the changes being done to
mac-v3-signing20.srv.releng.mdc1.mozilla.comhere, so when we decide to automate/puppetize it, there's a reference to the changes made there./builds/scriptworker/taskcluster.yaml(backup intaskcluster.bkp.yaml)script_config.yamlRemoved allsupported_behaviorsand added onlymac_notarize_vpnDep worker
Following aki's steps to create dep signer:
depblduser with random throwaway password/usr/sbin/sysadminctl -addUser depbld -admin -password -visudorestricted to package build binary onlydepbld ALL=(root) NOPASSWD: /usr/bin/pkgbuildsudo mkdir /builds/dep && sudo chown cltbld:staff /builds/depsudo -u depbld -icd /builds/deppython3 -m venv virtualenvsource virtualenv/bin/activaterequirements.txtfrom prodcp /builds/scriptworker/requirements.txt ./requirements.txtpip install -r requirements.txtManually copied
/certs/,/scriptworker.yamland/script_config.yamlfromdep-mac-v3-signing3.srv.releng.mdc1.mozilla.com:/builds/dep1❗Note: Make sure to verify ownership and access
❗Note: Double check
taskcluster_scope_prefix->"project:adhoc:signing:"Updated
script_config.yamlpaths and supported_behaviorsCreated new client in TC project/releng/scriptworker/v2/mac-signing/prod/firefoxci-adhoc-t
Updated ci-config with new client
(as my user) Copied daemon plist file
/Library/LaunchDaemons/org.mozilla.scriptworker.depbld.plist, updated paths and user, and loaded the servicesudo launchctl load /Library/LaunchDaemons/org.mozilla.scriptworker.depbld.plist