Skip to content

Commit

Permalink
fixup! doc: add macos release builder setup notes
Browse files Browse the repository at this point in the history
  • Loading branch information
rvagg committed Mar 10, 2020
1 parent 11a446c commit 9b7550e
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 63 deletions.
67 changes: 47 additions & 20 deletions ansible/MANUAL_STEPS.md
Original file line number Diff line number Diff line change
@@ -1,26 +1,29 @@
# Manual steps required to setup machines

* [Firewall Config](#adding-firewall-entries-for-jenkins-workers)
* [Release machines](#release--machines)
* [RHEL7-s390x](#RHEL7-s390x)
* [V8 Build Tools](#V8-build-tools)
* [Devtoolset-6](#devtoolset-6-install)
* [Adding firewall entries for Jenkins workers](#adding-firewall-entries-for-jenkins-workers)
* [`release-*` machines](#release--machines)
* [macOS release machines](#macos-release-machines)
* [Full Xcode](#full-xcode)
* [Signing certificates](#signing-certificates)
* [RHEL7-S390X](#rhel7-s390x)
* [V8 build-tools](#v8-build-tools)
* [devtoolset-6 install](#devtoolset-6-install)
* [macOS](#macos)
* [AIX 72](#aix-72-install)
* [ccache on AIX 72](#ccache-374-on-aix-72)
* [AHA filesystem](#Enable-the-AHA-fs)
* [XL Compilers](#Install-XL-compilers)
* [Missing shared objects](#fix-missing-shared-objects)
* [Preparing GCC](#Preparing-gcc-distributables)
* [Preparing ccache](#Preparing-ccache-distributables)
* [Windows](#windows-azurerackspace)
* [Control Machine](#control-machine-where-ansible-is-run)
* [Target machines](#Target-machines)
* [Jenkins Workspace](#jenkins-workspace)
* [Docker hosts](#Docker-hosts)
* [SmartOS](#SmartOS)
* [Raspberry Pi](#Raspberry-Pi)
* [NFS boot](#NFS-boot)
* [AIX 7.2 Install](#aix-72-install)
* [ccache 3.7.4 on AIX 7.2](#ccache-374-on-aix-72)
* [Enable the AHA fs](#enable-the-aha-fs)
* [Install XL compilers](#install-xl-compilers)
* [Fix "Missing" shared objects](#fix-missing-shared-objects)
* [Preparing gcc distributables](#preparing-gcc-distributables)
* [Preparing ccache distributables](#preparing-ccache-distributables)
* [Windows (Azure/Rackspace)](#windows-azurerackspace)
* [Control machine (where Ansible is run)](#control-machine-where-ansible-is-run)
* [Target machines](#target-machines)
* [jenkins-workspace](#jenkins-workspace)
* [Docker hosts](#docker-hosts)
* [SmartOS](#smartos)
* [Raspberry Pi](#raspberry-pi)
* [NFS boot](#nfs-boot)


## Adding firewall entries for Jenkins workers
Expand Down Expand Up @@ -57,11 +60,35 @@ Host node-www

Its necessary to accept the `known_hosts` keys interactively on first ssh or
the release builds will fail. After setting up .ssh, do something like this:

```
ssh node-www date
// ... accept the host keys
```

### macOS release machines

Previous notes: [#1393](https://github.com/nodejs/build/issues/1393)

#### Full Xcode

Xcode Command-line tools are not enough to perform a full notarization cycle, full Xcode must be installed manually.

As root:

* Download Xcode: https://developer.apple.com/download/more/ - find non-beta version, open Developer Tools in browser, Networking tab, start download (then cancel), in Networking tab "Copy as cURL" (available in Chrome & FF)
* Download onto release machine using the copied curl command (may need `-o xcode.xip` appended to curl command) to `/tmp`
* Extract: `xip --extract xcode.xip`
* Move `Xcode.app` directory to `/Applications`
* `xcode-select --switch /Applications/Xcode.app`
* `xcode-select -r` - accept license

#### Signing certificates

* Extract from secrets/build/release: `dotgpg cat Apple\ Developer\ ID\ Node.js\ Foundation.p12.base64 | base64 -d > /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12`
* Transfer to release machine (scp to /tmp)
* `sudo security import /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12 -k /Library/Keychains/System.keychain -T /usr/bin/codesign -T /usr/bin/productsign -P 'XXXX'` (where XXXX is found in secrets/build/release/apple.md) (`security unlock-keychain -u /Library/Keychains/System.keychain` _may_ be required prior to running this command).

## RHEL7-S390X

### V8 build-tools
Expand Down
43 changes: 0 additions & 43 deletions doc/non-ansible-configuration-notes.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,46 +16,3 @@ certbot --nginx run -d iojs.org -m build@iojs.org --agree-tos --no-redirect
certbot --nginx run -d www.iojs.org -m build@iojs.org --agree-tos --no-redirect
certbot --nginx run -d roadmap.iojs.org -m build@iojs.org --agree-tos --no-redirect
```

## macOS release servers

Previous notes: [#1393](https://github.com/nodejs/build/issues/1393)

### Full Xcode

Xcode Command-line tools are not enough to perform a full notarization cycle, full Xcode must be installed manually.

As root:

* Download Xcode: https://developer.apple.com/download/more/ - find non-beta version, open Developer Tools in browser, Networking tab, start download (then cancel), in Networking tab "Copy as cURL" (available in Chrome & FF)
* Download onto release machine using the copied curl command (may need `-o xcode.xip` appended to curl command) to `/tmp`
* Extract: `xip --extract xcode.xip`
* Move `Xcode.app` directory to `/Applications`
* `xcode-select --switch /Applications/Xcode.app`
* `xcode-select -r` - accept license

### Signing certificates

* Extract from secrets/build/release: `dotgpg cat Apple\ Developer\ ID\ Node.js\ Foundation.p12.base64 | base64 -d > /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12`
* Transfer to release machine (scp to /tmp)
* `sudo security import /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12 -k /Library/Keychains/System.keychain -T /usr/bin/codesign -T /usr/bin/productsign -P 'XXXX'` (where XXXX is found in secrets/build/release/apple.md) (`security unlock-keychain -u /Library/Keychains/System.keychain` _may_ be required prior to running this command).

### SSH

(This step is identical for all release machines.)

As iojs:

* `mkdir .ssh`
* Add `.ssh/config`:

```
Host node-www
HostName direct.nodejs.org
User staging
IdentityFile ~/.ssh/id_rsa
```

* Add `.ssh/id_rsa` with release SSH key.
* `chown 700 .ssh && chmod 600 .ssh/*`
* `ssh node-www` to set up known_hosts entry and check that it works

0 comments on commit 9b7550e

Please sign in to comment.