async def geckodriver_behavior(config, task): """Create and sign the geckodriver file for this task. Args: config (dict): the running configuration task (dict): the running task Raises: IScriptError: on fatal error. """ key_config = get_key_config(config, task, base_key="mac_config") all_paths = get_app_paths(config, task) langpack_apps = filter_apps(all_paths, fmt="autograph_langpack") if langpack_apps: await sign_langpacks(config, key_config, langpack_apps) all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True) await extract_all_apps(config, all_paths) await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"]) await update_keychain_search_path(config, key_config["signing_keychain"]) await sign_geckodriver(config, key_config, all_paths) log.info("Done signing geckodriver.")
async def sign_behavior(config, task): """Sign all mac apps for this task. Args: config (dict): the running configuration task (dict): the running task Raises: IScriptError: on fatal error. """ key_config = get_key_config(config, task, base_key="mac_config") entitlements_path = await download_entitlements_file( config, key_config, task) all_paths = get_app_paths(config, task) all_paths = get_app_paths(config, task) langpack_apps = filter_apps(all_paths, fmt="autograph_langpack") if langpack_apps: await sign_langpacks(config, key_config, langpack_apps) all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True) await extract_all_apps(config, all_paths) await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"]) await update_keychain_search_path(config, key_config["signing_keychain"]) await sign_all_apps(config, key_config, entitlements_path, all_paths) await tar_apps(config, all_paths) log.info("Done signing apps.")
async def async_main(config, task): """Sign all the things. Args: config (dict): the running config. task (dict): the running task. """ await run_command(["hostname"]) base_key = "mac_config" # We may support ios_config someday key_config = get_key_config(config, task, base_key=base_key) behavior = task["payload"].get("behavior", "mac_sign") if behavior == "mac_notarize" and "mac_notarize" not in key_config[ "supported_behaviors"] and "mac_sign_and_pkg" in key_config[ "supported_behaviors"]: behavior = "mac_sign_and_pkg" if behavior not in key_config["supported_behaviors"]: raise IScriptError("Unsupported behavior {} given scopes {}!".format( behavior, task["scopes"])) if behavior == "mac_geckodriver": await geckodriver_behavior(config, task) return elif behavior == "mac_notarize": await notarize_behavior(config, task) return elif behavior == "mac_sign": await sign_behavior(config, task) return elif behavior == "mac_sign_and_pkg": # For staging releases; or should we mac_notarize but skip notarization # for dep? await sign_and_pkg_behavior(config, task) return raise IScriptError("Unknown iscript behavior {}!".format(behavior))
async def notarize_1_behavior(config, task): """Sign and submit all mac apps for notarization. This task will not wait for the notarization to finish. Instead, it will upload all signed apps and a uuid manifest. Args: config (dict): the running configuration task (dict): the running task Raises: IScriptError: on fatal error. """ work_dir = config["work_dir"] key_config = get_key_config(config, task, base_key="mac_config") entitlements_path = await download_entitlements_file(config, key_config, task) all_paths = get_app_paths(config, task) langpack_apps = filter_apps(all_paths, fmt="autograph_langpack") if langpack_apps: await sign_langpacks(config, key_config, langpack_apps) all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True) # app await extract_all_apps(config, all_paths) await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"]) await update_keychain_search_path(config, key_config["signing_keychain"]) await sign_all_apps(config, key_config, entitlements_path, all_paths) # pkg # Unlock keychain again in case it's locked since previous unlock await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"]) await update_keychain_search_path(config, key_config["signing_keychain"]) await create_pkg_files(config, key_config, all_paths) log.info("Submitting for notarization.") if key_config["notarize_type"] == "multi_account": await create_all_notarization_zipfiles(all_paths, path_attrs=["app_path", "pkg_path"]) poll_uuids = await wrap_notarization_with_sudo(config, key_config, all_paths, path_attr="zip_path") else: zip_path = await create_one_notarization_zipfile(work_dir, all_paths, path_attr="app_path") poll_uuids = await notarize_no_sudo(work_dir, key_config, zip_path) # create uuid_manifest.json uuids_path = "{}/public/uuid_manifest.json".format(config["artifact_dir"]) makedirs(os.path.dirname(uuids_path)) with open(uuids_path, "w") as fh: json.dump(sorted(poll_uuids.keys()), fh) await tar_apps(config, all_paths) await copy_pkgs_to_artifact_dir(config, all_paths) log.info("Done signing apps and submitting them for notarization.")
async def notarize_behavior(config, task): """Sign and notarize all mac apps for this task. Args: config (dict): the running configuration task (dict): the running task Raises: IScriptError: on fatal error. """ work_dir = config["work_dir"] key_config = get_key_config(config, task, base_key="mac_config") entitlements_path = await download_entitlements_file(config, key_config, task) all_paths = get_app_paths(config, task) langpack_apps = filter_apps(all_paths, fmt="autograph_langpack") if langpack_apps: await sign_langpacks(config, key_config, langpack_apps) all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True) # app await extract_all_apps(config, all_paths) await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"]) await update_keychain_search_path(config, key_config["signing_keychain"]) await sign_all_apps(config, key_config, entitlements_path, all_paths) # pkg # Unlock keychain again in case it's locked since previous unlock await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"]) await update_keychain_search_path(config, key_config["signing_keychain"]) await create_pkg_files(config, key_config, all_paths) log.info("Notarizing") if key_config["notarize_type"] == "multi_account": await create_all_notarization_zipfiles(all_paths, path_attrs=["app_path", "pkg_path"]) poll_uuids = await wrap_notarization_with_sudo(config, key_config, all_paths, path_attr="zip_path") else: zip_path = await create_one_notarization_zipfile(work_dir, all_paths, path_attr="app_path") poll_uuids = await notarize_no_sudo(work_dir, key_config, zip_path) await poll_all_notarization_status(key_config, poll_uuids) # app await staple_notarization(all_paths, path_attr="app_path") await tar_apps(config, all_paths) # pkg await staple_notarization(all_paths, path_attr="pkg_path") await copy_pkgs_to_artifact_dir(config, all_paths) log.info("Done signing and notarizing apps.")
def test_get_config_key(scopes, base_key, key, raises): """``get_config_key`` returns the correct subconfig. """ config = { "taskcluster_scope_prefix": "scope:prefix:", "mac_config": { "dep": { "key": "dep" }, "nightly": { "key": "nightly" } }, } task = {"scopes": scopes} if raises: with pytest.raises(IScriptError): util.get_key_config(config, task, base_key=base_key) else: assert (util.get_key_config( config, task, base_key=base_key) == config[base_key][key])