async def sign_file(context, from_, cert_type, signing_formats, cert, to=None):
if to is None:
to = from_
work_dir = context.config['work_dir']
token = os.path.join(work_dir, "token")
nonce = os.path.join(work_dir, "nonce")
signtool = context.config['signtool']
if not isinstance(signtool, (list, tuple)):
signtool = [signtool]
cmd = signtool + ["-v", "-n", nonce, "-t", token, "-c", cert]
for s in get_suitable_signing_servers(context.signing_servers, cert_type, signing_formats):
cmd.extend(["-H", s.server])
for f in signing_formats:
cmd.extend(["-f", f])
cmd.extend(["-o", to, from_])
log.info("Running %s", " ".join(cmd))
proc = await asyncio.create_subprocess_exec(*cmd, stdout=PIPE, stderr=STDOUT)
log.info("COMMAND OUTPUT: ")
await log_output(proc.stdout)
exitcode = await proc.wait()
log.info("exitcode {}".format(exitcode))
abs_to = os.path.join(work_dir, to)
log.info("SHA512SUM: %s SIGNED_FILE: %s",
get_hash(abs_to, "sha512"), to)
log.info("SHA1SUM: %s SIGNED_FILE: %s",
get_hash(abs_to, "sha1"), to)
log.info("Finished signing")
async def _execute_post_signing_steps(context, to):
work_dir = context.config['work_dir']
abs_to = os.path.join(work_dir, to)
_, file_extension = os.path.splitext(abs_to)
if file_extension == '.apk':
await _zip_align_apk(context, abs_to)
log.info("SHA512SUM: %s SIGNED_FILE: %s",
utils.get_hash(abs_to, "sha512"), to)
log.info("SHA1SUM: %s SIGNED_FILE: %s",
utils.get_hash(abs_to, "sha1"), to)
log.info('Post-signing steps finished')
async def helper_archive(context, filename, create_fn, extract_fn, *args):
tmpdir = context.config["artifact_dir"]
archive = os.path.join(context.config["work_dir"], filename)
# Add a directory to tickle the tarfile isfile() call
files = [__file__, SERVER_CONFIG_PATH]
await create_fn(
context, archive, [__file__, SERVER_CONFIG_PATH], *args, tmp_dir=BASE_DIR
)
# Not relevant for zip
if is_tarfile(archive):
await assert_file_permissions(archive)
await extract_fn(context, archive, *args, tmp_dir=tmpdir)
for path in files:
target_path = os.path.join(tmpdir, os.path.relpath(path, BASE_DIR))
assert os.path.exists(target_path)
assert os.path.isfile(target_path)
hash1 = get_hash(path)
hash2 = get_hash(target_path)
assert hash1 == hash2
def test_get_hash():
assert utils.get_hash(PUB_KEY_PATH, hash_type="sha512") == ID_RSA_PUB_HASH
