Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade xcode version to 11.1 #9172

Merged
merged 1 commit into from
Oct 15, 2019
Merged

Upgrade xcode version to 11.1 #9172

merged 1 commit into from
Oct 15, 2019

Conversation

pedropombeiro
Copy link
Contributor

@pedropombeiro pedropombeiro commented Oct 11, 2019
edited by StatusWrike
Loading

status: ready

@pedropombeiro pedropombeiro requested a review from jakubgs October 11, 2019 04:52
@pedropombeiro pedropombeiro self-assigned this Oct 11, 2019
@ghost
Copy link

ghost commented Oct 11, 2019
edited by pedropombeiro
Loading

Pull Request Checklist

  • Docs: Updated the documentation, if affected
  • Docs: Added or updated inline comments explaining intention of the code
  • Tests: Ensured that all new UI elements have been assigned accessibility IDs
  • Tests: Signaled need for E2E tests with label, if applicable
  • Tests: Briefly described what was tested and what platforms were used
  • UI: In case of UI changes, ensured that UI matches Figma
  • UI: In case of UI changes, requested review from a Core UI designer
  • UI: In case of UI changes, included screenshots of implementation

@pedropombeiro pedropombeiro requested a review from a team as a code owner October 11, 2019 04:52
@status-im-auto
Copy link
Member

status-im-auto commented Oct 11, 2019
edited
Loading

Jenkins Builds

Click to see older builds (36)
Commit #️⃣ Finished (UTC) Duration Platform Result
912ce4d #2 2019-10-11 04:52:59 ~35 sec macos 📄log
912ce4d #2 2019-10-11 04:53:01 ~39 sec ios 📄log
✔️ 912ce4d #2 2019-10-11 05:04:46 ~12 min linux 📦App
✔️ 912ce4d #2 2019-10-11 05:05:06 ~12 min android-e2e 📦apk 📲
✔️ 912ce4d #2 2019-10-11 05:05:10 ~12 min android 📦apk 📲
✔️ 912ce4d #1 2019-10-11 05:06:50 ~14 min windows 📦exe
✔️ bc6b374 #3 2019-10-11 08:36:59 ~10 min ios 📦ipa 📲
bc6b374 #3 2019-10-11 08:40:09 ~13 min android 📄log
✔️ bc6b374 #3 2019-10-11 08:40:44 ~13 min android-e2e 📦apk 📲
✔️ bc6b374 #3 2019-10-11 08:42:59 ~16 min linux 📦App
✔️ bc6b374 #2 2019-10-11 08:43:10 ~16 min windows 📦exe
bc6b374 #3 2019-10-11 08:43:28 ~16 min macos 📄log
bc6b374 #4 2019-10-11 11:30:06 ~10 min macos 📄log
✔️ bc6b374 #4 2019-10-11 11:31:07 ~12 min android 📦apk 📲
bc6b374 #5 2019-10-14 07:11:10 ~11 min macos 📄log
8689063 #4 2019-10-14 08:11:54 ~8 min ios 📄log
8689063 #5 2019-10-14 08:16:02 ~12 min android 📄log
✔️ 8689063 #4 2019-10-14 08:16:09 ~13 min android-e2e 📦apk 📲
8689063 #6 2019-10-14 08:21:31 ~18 min macos 📄log
✔️ 8689063 #4 2019-10-14 08:22:47 ~19 min linux 📦App
✔️ 8689063 #3 2019-10-14 08:23:29 ~20 min windows 📦exe
8689063 #5 2019-10-14 09:17:58 ~8 min ios 📄log
8689063 #6 2019-10-14 09:28:04 ~8 min ios 📄log
✔️ 8689063 #7 2019-10-14 09:55:06 ~8 min ios 📦ipa 📲
✔️ 6d1653a #8 2019-10-14 10:05:42 ~8 min ios 📦ipa 📲
6d1653a #7 2019-10-14 10:09:00 ~12 min macos 📄log
✔️ 6d1653a #5 2019-10-14 10:09:56 ~13 min android-e2e 📦apk 📲
✔️ 6d1653a #6 2019-10-14 10:09:56 ~13 min android 📦apk 📲
✔️ 6d1653a #5 2019-10-14 10:14:37 ~17 min linux 📦App
✔️ 6d1653a #4 2019-10-14 10:15:14 ~18 min windows 📦exe
✔️ 628acf1 #9 2019-10-14 10:55:55 ~9 min ios 📦ipa 📲
628acf1 #6 2019-10-14 10:57:05 ~10 min android-e2e 📄log
✔️ 628acf1 #7 2019-10-14 10:57:31 ~11 min android 📦apk 📲
628acf1 #8 2019-10-14 10:58:01 ~11 min macos 📄log
✔️ 628acf1 #6 2019-10-14 11:05:43 ~19 min linux 📦App
✔️ 628acf1 #5 2019-10-14 11:06:33 ~20 min windows 📦exe
Commit #️⃣ Finished (UTC) Duration Platform Result
✔️ 2469ccb #10 2019-10-14 11:54:08 ~8 min ios 📦ipa 📲
✔️ 2469ccb #8 2019-10-14 11:55:55 ~10 min android 📦apk 📲
2469ccb #9 2019-10-14 11:57:10 ~11 min macos 📄log
✔️ 2469ccb #7 2019-10-14 11:59:31 ~14 min linux 📦App
✔️ 2469ccb #6 2019-10-14 12:00:11 ~14 min windows 📦exe
✔️ 2469ccb #7 2019-10-14 12:02:07 ~17 min android-e2e 📦apk 📲
✔️ 8488660 #11 2019-10-15 09:30:58 ~9 min ios 📦ipa 📲
✔️ 8488660 #9 2019-10-15 09:32:47 ~11 min android 📦apk 📲
✔️ 8488660 #10 2019-10-15 09:33:13 ~11 min macos 📦dmg
✔️ 8488660 #8 2019-10-15 09:33:50 ~12 min android-e2e 📦apk 📲
✔️ 8488660 #8 2019-10-15 09:35:39 ~14 min linux 📦App
✔️ 8488660 #7 2019-10-15 09:38:16 ~16 min windows 📦exe

@weekly-digest weekly-digest bot mentioned this pull request Oct 13, 2019
Closed
@jakubgs jakubgs force-pushed the upgrade-xcode-version branch from bc6b374 to 8689063 Compare October 14, 2019 08:02
@jakubgs
Copy link
Member

jakubgs commented Oct 14, 2019

The android tests seem broken:

[nix-shell:~/workspace/status-react_prs_android_PR-9172]$ lein test-cljs

;; ======================================================================
;; Testing with Node:

internal/modules/cjs/loader.js:583
    throw err;
    ^

Error: Cannot find module 'react'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:581:15)
    at Module._load (internal/modules/cjs/loader.js:507:25)
    at Function.hookedLoader [as _load] (/home/jenkins/workspace/status-react_prs_android_PR-9172/target/test/test.js:14:10)
    at Module.require (internal/modules/cjs/loader.js:637:17)
    at require (internal/modules/cjs/helpers.js:22:18)
    at /home/jenkins/workspace/status-react_prs_android_PR-9172/target/test/reagent/impl/util.js:11:139
    at Object.<anonymous> (/home/jenkins/workspace/status-react_prs_android_PR-9172/target/test/reagent/impl/util.js:17:3)
    at Module._compile (internal/modules/cjs/loader.js:689:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
    at Module.load (internal/modules/cjs/loader.js:599:32)
Error encountered performing task 'doo' with profile(s): 'test'
Subprocess failed

Not sure how XCode change could have caused that, must be something unrelated.

@jakubgs
Copy link
Member

jakubgs commented Oct 14, 2019
edited
Loading

I tested exactly the same thing on my local machine and it works fine:

 $ IN_CI_ENVIRONMENT=1 nix-shell --run 'lein test-cljs' --pure --no-out-link --keep LOCALE_ARCHIVE_2_27 --keep IN_CI_ENVIRONMENT --argstr target-os android --attr targets.leiningen.shell default.nix                
Checking for modifications in node_modules...
...(omitted)...
Ran 219 tests containing 981 assertions.
0 failures, 0 errors.

@jakubgs jakubgs force-pushed the upgrade-xcode-version branch from 8689063 to 6d1653a Compare October 14, 2019 09:56
@jakubgs
Copy link
Member

jakubgs commented Oct 14, 2019
edited
Loading

Okay, the only remaining failing build is MacOS one:

[2019-10-14T10:08:55.951Z] ### Assessing Gatekeeper validation...
[2019-10-14T10:08:56.631Z] StatusIm-191014-095652-6d1653-pr-universal.dmg: rejected
[2019-10-14T10:08:56.631Z] source=Unnotarized Developer ID

Seems like XCode upgrade changed something about the signing.
This is the step that failed:
https://github.com/status-im/status-react/blob/9ff21348f3827debc252e963f4609ec8347a6641/scripts/sign-macos-pkg.sh#L112-L117

@jakubgs jakubgs force-pushed the upgrade-xcode-version branch from 6d1653a to 628acf1 Compare October 14, 2019 10:46
@jakubgs
Copy link
Member

jakubgs commented Oct 14, 2019

The MacOS signing issue seems to be clearly related to XCode upgrade based on this issue:
electron-userland/electron-builder#3828

Unfortunately, I also updated to OSX 10.14.5 and have the same problem.
electron-userland/electron-builder#3828 (comment)

And this link seems to indicate it's a matter of adjusting options when running codesign:
https://stackoverflow.com/questions/53112078/how-to-upload-dmg-file-for-notarization-in-xcode

codesign -s "Developer ID Application: Name (ID)" MyApp.dmg --options runtime

@jakubgs
Copy link
Member

jakubgs commented Oct 14, 2019

This thread on Apple developer portal might shed some more light on the issue:
https://forums.developer.apple.com/thread/123480

More specifically, if you want to sign using a Developer ID certificate, whatever you're signing has to be notarized. You might have used Mac Development certificates or some other when it worked.

  • kumowoon1025

And:

Notarization is not something done to your developer ID. It is a process specifically applied to your application, after it is code-signed.

  • jerryfrit

It appears something called notarization is required for our Developer ID to sign the MacOS app.

@jakubgs
Copy link
Member

jakubgs commented Oct 14, 2019

This article seems to explain it:
https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution

Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components.

Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. If there are no issues, the notary service generates a ticket for you to staple to your software; the notary service also publishes that ticket online where Gatekeeper can find it.

The requirements are as follows:

Notarization requires Xcode 10 or later. Building a new app for notarization requires macOS 10.13.6 or later. Stapling an app requires macOS 10.12 or later.

Apple's notary service requires you to adopt the following protections:

  • Enable code-signing for all of the executables you distribute.
  • Enable the Hardened Runtime capability for your app and command line targets, as described in Enable hardened runtime.
  • Use a “Developer ID” application, kernel extension, or installer certificate for your code-signing signature. (Don't use a Mac Distribution or local development certificate.) For more information, see Create, export, and delete signing certificates.
  • Include a secure timestamp with your code-signing signature. (The Xcode distribution workflow includes a secure timestamp by default. For custom workflows, include the --timestamp option when running the codesign tool.)
  • Don’t include the com.apple.security.get-task-allow entitlement with the value set to any variation of true. If your software hosts third-party plug-ins and needs this entitlement to debug the plug-in in the context of a host executable, see Avoid the Get-Task-Allow Entitlement.
  • Link against the macOS 10.9 or later SDK.

This looks like a decent amount of work.

@jakubgs
Copy link
Member

jakubgs commented Oct 14, 2019

I tested the two types of assessments that are done with spctl and execute one is accepted:

jenkins@macos:StatusImPackage % spctl --assess --type execute --verbose=2 Status.app 
Status.app: accepted
source=Developer ID

But the open type is rejected:

jenkins@macos-02:StatusImPackage % spctl --assess --type open --context context:primary-signature --verbose=2 Status.app
Status.app: rejected
source=Unnotarized Developer ID

Which is weird, because it's the execute one that should be called on the Status.app directory:
https://github.com/status-im/status-react/blob/9ff21348f3827debc252e963f4609ec8347a6641/scripts/sign-macos-pkg.sh#L112-L117

@jakubgs
Copy link
Member

jakubgs commented Oct 14, 2019

Right, so it appears the DMG check fails, as I expected:

### Assessing Gatekeeper validation...
+ '[' -d StatusIm-191014-114512-2469cc-pr-universal.dmg ']'
+ spctl --assess --type open --context context:primary-signature --verbose=2 StatusIm-191014-114512-2469cc-pr-universal.dmg
StatusIm-191014-114512-2469cc-pr-universal.dmg: rejected
source=Unnotarized Developer ID

@jakubgs
Copy link
Member

jakubgs commented Oct 14, 2019

The --raw flag provides a bit more info, but not very helpful:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>assessment:authority</key>
	<dict>
		<key>assessment:authority:flags</key>
		<integer>0</integer>
		<key>assessment:authority:row</key>
		<integer>15</integer>
		<key>assessment:authority:source</key>
		<string>Unnotarized Developer ID</string>
	</dict>
	<key>assessment:remote</key>
	<true/>
	<key>assessment:verdict</key>
	<false/>
</dict>
</plist>

@jakubgs jakubgs mentioned this pull request Oct 15, 2019
Merged
@jakubgs
Copy link
Member

jakubgs commented Oct 15, 2019

According to Apple article:

Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components.
https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
The key word here being "more". I don't think this is mandatory, it's just nice to have, since otherwise the user installing the .dmg will probably see some red flags.

My first idea was to run the spctl command with some flags to let it pass despite lack of "notarization" but there might be no such flag.

@jakubgs
Copy link
Member

jakubgs commented Oct 15, 2019

Based on my comment above which lists how many stars have to align to gain this mysterious "Notarization" status I think it would be prudent to just disable the dmg check we do for now, and fix it in a separate PR.

Considering that the MacOS app doesn't even start, it just crashes, if you just ignore the security warning, then fixing the signing verification seems pointless. I'm going to push a change that just disables this check temporarily.

@jakubgs jakubgs force-pushed the upgrade-xcode-version branch from 2469ccb to 8488660 Compare October 15, 2019 09:21
@jakubgs jakubgs mentioned this pull request Oct 15, 2019
Closed
@jakubgs
Copy link
Member

jakubgs commented Oct 15, 2019

I've submitted a separate issue about this "notarization": #9212

Would you be fine with this PR in order to tackle the MacOS issues separately?
@vkjr @flexsurfer @yenda @churik @Serhy

I don't want to block the XCode 11.1 upgrade (already 2/3 CI hosts are upgraded) just due to this, especially since people report that MacOS build crashes anyway.

@Serhy
Copy link
Contributor

Serhy commented Oct 15, 2019

I've submitted a separate issue about this "notarization": #9212

Would you be fine with this PR in order to tackle the MacOS issues separately?
@vkjr @flexsurfer @yenda @churik @Serhy

I don't want to block the XCode 11.1 upgrade (already 2/3 CI hosts are upgraded) just due to this, especially since people report that MacOS build crashes anyway.

I'm OK with that since Desktop is not in V1 list. Plus, it seems this behavior of #9212 I had with previous builds.

@statustestbot
Copy link

100% of end-end tests have passed

Total executed tests: 98
Failed tests: 0
Passed tests: 98

Passed tests (98)

Click to expand
1. test_user_can_switch_network
Device sessions

2. test_block_user_from_public_chat
Device sessions

3. test_filters_from_daap
Device sessions

4. test_copy_and_paste_messages
Device sessions

5. test_send_transaction_from_daap
Device sessions

6. test_onboarding_screen_when_requesting_tokens_for_recovered_account
Device sessions

7. test_connection_is_secure
Device sessions

8. test_deploy_contract_from_daap
Device sessions

9. test_redirect_to_public_chat_tapping_tag_message
Device sessions

10. test_remove_member_from_group_chat
Device sessions

11. test_delete_one_to_one_chat_via_delete_button
Device sessions

12. test_mobile_data_usage_popup_continue_syncing
Device sessions

13. test_clear_history_of_group_chat_via_group_view
Device sessions

14. test_decline_invitation_to_group_chat
Device sessions

15. test_open_transaction_on_etherscan
Device sessions

16. test_pass_phrase_validation
Device sessions

17. test_open_blocked_site
Device sessions

18. test_public_chat_messaging
Device sessions

19. test_open_chat_by_pasting_public_key
Device sessions

20. test_add_custom_token
Device sessions

21. test_long_press_to_delete_1_1_chat
Device sessions

22. test_password_in_logcat_sign_in
Device sessions

23. test_set_profile_picture
Device sessions

24. test_text_message_1_1_chat
Device sessions

25. test_add_to_contacts
Device sessions

26. test_sign_typed_message
Device sessions

27. test_home_view
Device sessions

28. test_send_and_open_links
Device sessions

29. test_unread_messages_counter_1_1_chat
Device sessions

30. test_can_use_purchased_stickers_on_recovered_account
Device sessions

31. test_ens_in_public_chat
Device sessions

32. test_logcat_send_transaction_from_daap
Device sessions

33. test_copy_contact_code_and_wallet_address
Device sessions

34. test_collectible_from_wallet_opens_in_browser_view
Device sessions

35. test_send_message_in_group_chat
Device sessions

36. test_logcat_send_transaction_from_wallet
Device sessions

37. test_account_recovery_with_uppercase_recovery_phrase
Device sessions

38. test_send_token_with_7_decimals
Device sessions

39. test_offline_messaging_1_1_chat
Device sessions

40. test_fetch_more_history_in_empty_chat
Device sessions

41. test_modify_transaction_fee_values
Device sessions

42. test_delete_group_chat_via_delete_button
Device sessions

43. test_token_with_more_than_allowed_decimals (TestRail link is not found)
Device sessions

44. test_send_eth_from_wallet_to_address
Device sessions

45. test_contact_profile_view
Device sessions

46. test_add_account_to_multiaccount_instance
Device sessions

47. test_send_funds_between_accounts_in_multiaccount_instance
Device sessions

48. test_request_eth_in_status_test_dapp
Device sessions

49. test_manage_assets
Device sessions

50. test_create_new_group_chat
Device sessions

51. test_wallet_set_up
Device sessions

52. test_long_press_to_delete_public_chat
Device sessions

53. test_send_emoji
Device sessions

54. test_search_chat_on_home
Device sessions

55. test_block_user_from_one_to_one_header
Device sessions

56. test_logcat_recovering_account
Device sessions

57. test_mobile_data_usage_popup_stop_syncing
Device sessions

58. test_can_add_existing_ens
Device sessions

59. test_transaction_wrong_password_wallet
Device sessions

60. test_pair_devices_sync_name_photo_public_group_chats
Device sessions

61. test_install_pack_and_send_sticker
Device sessions

62. test_pair_devices_sync_one_to_one_contacts
Device sessions

63. test_delete_public_chat_via_delete_button
Device sessions

64. test_messaging_in_different_networks
Device sessions

65. test_logcat_backup_recovery_phrase
Device sessions

66. test_add_new_group_chat_member
Device sessions

67. test_logcat_sign_message_from_daap
Device sessions

68. test_switch_users_and_add_new_account
Device sessions

69. test_mobile_data_usage_settings
Device sessions

70. test_make_admin_member_of_group_chat
Device sessions

71. test_long_press_delete_clear_all_dapps
Device sessions

72. test_send_stt_from_wallet
Device sessions

73. test_login_with_new_account
Device sessions

74. test_insufficient_funds_wallet_positive_balance
Device sessions

75. test_request_public_key_status_test_daap
Device sessions

76. test_start_chat_with_ens
Device sessions

77. test_add_contact_from_public_chat
Device sessions

78. test_user_can_see_all_own_assets_after_account_recovering
Device sessions

79. test_send_two_transactions_one_after_another_in_dapp
Device sessions

80. test_send_message_to_newly_added_contact
Device sessions

81. test_password_in_logcat_creating_account
Device sessions

82. test_user_can_complete_tx_to_dapp_when_onboarding_via_dapp_completed
Device sessions

83. test_backup_recovery_phrase
Device sessions

84. test_public_chat_clear_history
Device sessions

85. test_offline_status
Device sessions

86. test_open_google_com_via_open_dapp
Device sessions

87. test_unread_messages_counter_public_chat
Device sessions

88. test_sign_message_from_daap
Device sessions

89. test_user_can_remove_profile_picture
Device sessions

90. test_send_two_transactions_in_batch_in_dapp
Device sessions

91. test_share_contact_code_and_wallet_address
Device sessions

92. test_message_marked_as_sent_in_1_1_chat
Device sessions

93. test_need_help_section
Device sessions

94. test_refresh_button_browsing_app_webview
Device sessions

95. test_backup_recovery_phrase_warning_from_wallet
Device sessions

96. test_log_level_and_fleet
Device sessions

97. test_group_chat_system_messages
Device sessions

98. test_open_public_chat_using_deep_link
Device sessions

@jakubgs
nix: Upgrade expected Xcode version to 11.1
8e90103 
Also:
- nix: Disable symlink store check
- Add comments to dependabot config file

Signed-off-by: Jakub Sokołowski <jakub@status.im>
@jakubgs jakubgs force-pushed the upgrade-xcode-version branch from 8488660 to 8e90103 Compare October 15, 2019 16:40
@jakubgs jakubgs merged commit 8e90103 into develop Oct 15, 2019
@delete-merged-branch delete-merged-branch bot deleted the upgrade-xcode-version branch October 15, 2019 16:40
@jakubgs jakubgs mentioned this pull request Oct 15, 2019
Merged
@weekly-digest weekly-digest bot mentioned this pull request Oct 20, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andremedeiros andremedeiros andremedeiros approved these changes

@jakubgs jakubgs jakubgs approved these changes

@flexsurfer flexsurfer flexsurfer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
Legacy QA Automation Project
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@pedropombeiro @status-im-auto @jakubgs @Serhy @statustestbot @andremedeiros @flexsurfer