def main(): allowed_formats = ("signcode", "osslsigncode", "gpg", "mar", "dmg", "dmgv2", "jar", "b2gmar") from optparse import OptionParser import random parser = OptionParser(__doc__) parser.set_defaults( hosts=[], cert=None, log_level=logging.INFO, output_dir=None, output_file=None, formats=[], includes=[], excludes=[], nsscmd=None, tokenfile=None, noncefile=None, cachedir=None, ) parser.add_option("-H", "--host", dest="hosts", action="append", help="format[:format]:hostname[:port]") parser.add_option("-c", "--server-cert", dest="cert") parser.add_option("-t", "--token-file", dest="tokenfile", help="file where token is stored") parser.add_option("-n", "--nonce-file", dest="noncefile", help="file where nonce is stored") parser.add_option( "-d", "--output-dir", dest="output_dir", help= "output directory; if not set then files are replaced with signed copies" ) parser.add_option( "-o", "--output-file", dest="output_file", help= "output file; if not set then files are replaced with signed copies. This can only be used when signing a single file" ) parser.add_option("-f", "--formats", dest="formats", action="append", help="signing formats (one or more of %s)" % ", ".join(allowed_formats)) parser.add_option("-q", "--quiet", dest="log_level", action="store_const", const=logging.WARN) parser.add_option("-v", "--verbose", dest="log_level", action="store_const", const=logging.DEBUG) parser.add_option("-i", "--include", dest="includes", action="append", help="add to include patterns") parser.add_option("-x", "--exclude", dest="excludes", action="append", help="add to exclude patterns") parser.add_option("--nsscmd", dest="nsscmd", help="command to re-sign nss libraries, if required") parser.add_option("--cachedir", dest="cachedir", help="local cache directory") # TODO: Concurrency? # TODO: Different certs per server? options, args = parser.parse_args() logging.basicConfig(level=options.log_level, format="%(asctime)s - %(message)s") if not options.hosts: parser.error("at least one host is required") if not options.cert: parser.error("certificate is required") if not os.path.exists(options.cert): parser.error("certificate not found") if not options.tokenfile: parser.error("token file is required") if not options.noncefile: parser.error("nonce file is required") # Covert nsscmd to win32 path if required if sys.platform == 'win32' and options.nsscmd: nsscmd = options.nsscmd.strip() if nsscmd.startswith("/"): drive = nsscmd[1] options.nsscmd = "%s:%s" % (drive, nsscmd[2:]) # Handle format formats = [] for fmt in options.formats: if "," in fmt: for fmt in fmt.split(","): if fmt not in allowed_formats: parser.error("invalid format: %s" % fmt) formats.append(fmt) elif fmt not in allowed_formats: parser.error("invalid format: %s" % fmt) else: formats.append(fmt) if options.output_file and (len(args) > 1 or os.path.isdir(args[0])): parser.error( "-o / --output-file can only be used when signing a single file") if options.output_dir: if os.path.exists(options.output_dir): if not os.path.isdir(options.output_dir): parser.error("output_dir (%s) must be a directory", options.output_dir) else: os.makedirs(options.output_dir) if not options.includes: # Do everything! options.includes.append("*") if not formats: parser.error("no formats specified") format_urls = defaultdict(list) for h in options.hosts: # The last two parts of a host is the actual hostname:port. Any parts # before that are formats - there could be 0..n formats so this is # tricky to split. parts = h.split(":") h = parts[-2:] fmts = parts[:-2] # If no formats are specified, the host is assumed to support all of them. if not fmts: fmts = formats for f in fmts: format_urls[f].append("https://%s" % ":".join(h)) missing_fmt_hosts = set(formats) - set(format_urls.keys()) if missing_fmt_hosts: parser.error("no hosts capable of signing formats: %s" % " ".join(missing_fmt_hosts)) log.debug("in %s", os.getcwd()) buildValidatingOpener(options.cert) token = open(options.tokenfile, 'rb').read() for fmt in formats: urls = format_urls[fmt] random.shuffle(urls) # The only difference between dmg and dmgv2 are the servers they use. # The server side code only understands "dmg" as a format, so we need # to translate this now that we've chosen our URLs if fmt == "dmgv2": fmt = "dmg" log.debug("doing %s signing", fmt) log.debug("possible hosts are %s" % urls) files = [] # We want to package the ".app" file in a tar for mac signing. if fmt == "dmg": for fd in args: packtar(fd + '.tar.gz', [fd], os.getcwd()) files.append(fd + '.tar.gz') # For other platforms we sign all of the files individually. else: files = findfiles(args, options.includes, options.excludes) for f in files: log.debug("%s", f) log.debug("checking %s for signature...", f) if fmt in ('signcode', 'osslsigncode') and is_authenticode_signed(f): log.info( "Skipping %s because it looks like it's already signed", f) continue if options.output_dir: dest = os.path.join(options.output_dir, os.path.basename(f)) else: dest = None if not remote_signfile(options, urls, f, fmt, token, dest): log.error("Failed to sign %s with %s", f, fmt) sys.exit(1) if fmt == "dmg": for fd in args: log.debug("unpacking %s", fd) unpacktar(fd + '.tar.gz', os.getcwd()) os.unlink(fd + '.tar.gz')
def main(): allowed_formats = ("sha2signcode", "signcode", "osslsigncode", "gpg", "mar", "dmg", "dmgv2", "jar", "emevoucher") from optparse import OptionParser import random parser = OptionParser(__doc__) parser.set_defaults( hosts=[], cert=None, log_level=logging.INFO, output_dir=None, output_file=None, formats=[], includes=[], excludes=[], nsscmd=None, tokenfile=None, noncefile=None, cachedir=None, ) parser.add_option( "-H", "--host", dest="hosts", action="append", help="format[:format]:hostname[:port]") parser.add_option("-c", "--server-cert", dest="cert") parser.add_option("-t", "--token-file", dest="tokenfile", help="file where token is stored") parser.add_option("-n", "--nonce-file", dest="noncefile", help="file where nonce is stored") parser.add_option("-d", "--output-dir", dest="output_dir", help="output directory; if not set then files are replaced with signed copies") parser.add_option("-o", "--output-file", dest="output_file", help="output file; if not set then files are replaced with signed copies. This can only be used when signing a single file") parser.add_option("-f", "--formats", dest="formats", action="append", help="signing formats (one or more of %s)" % ", ".join(allowed_formats)) parser.add_option("-q", "--quiet", dest="log_level", action="store_const", const=logging.WARN) parser.add_option( "-v", "--verbose", dest="log_level", action="store_const", const=logging.DEBUG) parser.add_option("-i", "--include", dest="includes", action="append", help="add to include patterns") parser.add_option("-x", "--exclude", dest="excludes", action="append", help="add to exclude patterns") parser.add_option("--nsscmd", dest="nsscmd", help="command to re-sign nss libraries, if required") parser.add_option("--cachedir", dest="cachedir", help="local cache directory") # TODO: Concurrency? # TODO: Different certs per server? options, args = parser.parse_args() logging.basicConfig( level=options.log_level, format="%(asctime)s - %(message)s") if not options.hosts: parser.error("at least one host is required") if not options.cert: parser.error("certificate is required") if not os.path.exists(options.cert): parser.error("certificate not found") if not options.tokenfile: parser.error("token file is required") if not options.noncefile: parser.error("nonce file is required") # Covert nsscmd to win32 path if required if sys.platform == 'win32' and options.nsscmd: nsscmd = options.nsscmd.strip() if nsscmd.startswith("/"): drive = nsscmd[1] options.nsscmd = "%s:%s" % (drive, nsscmd[2:]) # Handle format formats = [] for fmt in options.formats: if "," in fmt: for fmt in fmt.split(","): if fmt not in allowed_formats: parser.error("invalid format: %s" % fmt) formats.append(fmt) elif fmt not in allowed_formats: parser.error("invalid format: %s" % fmt) else: formats.append(fmt) # bug 1164456 # GPG signing must happen last because it will be invalid if done prior to # any format that modifies the file in-place. if "gpg" in formats: formats.remove("gpg") formats.append("gpg") if options.output_file and (len(args) > 1 or os.path.isdir(args[0])): parser.error( "-o / --output-file can only be used when signing a single file") if options.output_dir: if os.path.exists(options.output_dir): if not os.path.isdir(options.output_dir): parser.error( "output_dir (%s) must be a directory", options.output_dir) else: os.makedirs(options.output_dir) if not options.includes: # Do everything! options.includes.append("*") if not formats: parser.error("no formats specified") format_urls = defaultdict(list) for h in options.hosts: # The last two parts of a host is the actual hostname:port. Any parts # before that are formats - there could be 0..n formats so this is # tricky to split. parts = h.split(":") h = parts[-2:] fmts = parts[:-2] # If no formats are specified, the host is assumed to support all of them. if not fmts: fmts = formats for f in fmts: format_urls[f].append("https://%s" % ":".join(h)) missing_fmt_hosts = set(formats) - set(format_urls.keys()) if missing_fmt_hosts: parser.error("no hosts capable of signing formats: %s" % " ".join(missing_fmt_hosts)) log.debug("in %s", os.getcwd()) buildValidatingOpener(options.cert) token = open(options.tokenfile, 'rb').read() for fmt in formats: urls = format_urls[fmt] random.shuffle(urls) # The only difference between dmg and dmgv2 are the servers they use. # The server side code only understands "dmg" as a format, so we need # to translate this now that we've chosen our URLs if fmt == "dmgv2": fmt = "dmg" log.debug("doing %s signing", fmt) log.debug("possible hosts are %s" % urls) files = [] # We want to package the ".app" file in a tar for mac signing. if fmt == "dmg": for fd in args: packtar(fd + '.tar.gz', [fd], os.getcwd()) files.append(fd + '.tar.gz') # For other platforms we sign all of the files individually. else: files = findfiles(args, options.includes, options.excludes) for f in files: log.debug("%s", f) log.debug("checking %s for signature...", f) if fmt in ('sha2signcode', 'signcode', 'osslsigncode') and is_authenticode_signed(f): log.info("Skipping %s because it looks like it's already signed", f) continue if options.output_dir: dest = os.path.join(options.output_dir, os.path.basename(f)) else: dest = None if not remote_signfile(options, urls, f, fmt, token, dest): log.error("Failed to sign %s with %s", f, fmt) sys.exit(1) if fmt == "dmg": for fd in args: log.debug("unpacking %s", fd) unpacktar(fd + '.tar.gz', os.getcwd()) os.unlink(fd + '.tar.gz')
import os import site import sys my_dir = os.path.dirname(__file__) site.addsitedir(os.path.join(my_dir, '../../lib/python')) from signing.client import buildValidatingOpener, get_token if __name__ == '__main__': from optparse import OptionParser parser = OptionParser(__doc__) parser.add_option('-c', '--server-cert', dest='cert', default=os.path.join(my_dir, 'host.cert')) parser.add_option('-u', '--username', dest='username', default='cltsign') parser.add_option('-p', '--password', dest='password') parser.add_option('-H', '--host', dest='host') parser.add_option('-d', '--duration', dest='duration') parser.add_option('-i', '--ip', dest='slave_ip') options, args = parser.parse_args() buildValidatingOpener(options.cert) baseurl = 'https://%s' % options.host sys.stdout.write( get_token(baseurl, options.username, options.password, options.slave_ip, options.duration))
def main(): from optparse import OptionParser import random parser = OptionParser(__doc__) parser.set_defaults( hosts=[], cert=None, log_level=logging.INFO, output_dir=None, output_file=None, formats=[], includes=[], excludes=[], nsscmd=None, tokenfile=None, noncefile=None, cachedir=None, ) parser.add_option("-H", "--host", dest="hosts", action="append", help="hostname[:port]") parser.add_option("-c", "--server-cert", dest="cert") parser.add_option("-t", "--token-file", dest="tokenfile", help="file where token is stored") parser.add_option("-n", "--nonce-file", dest="noncefile", help="file where nonce is stored") parser.add_option( "-d", "--output-dir", dest="output_dir", help= "output directory; if not set then files are replaced with signed copies" ) parser.add_option( "-o", "--output-file", dest="output_file", help= "output file; if not set then files are replaced with signed copies. This can only be used when signing a single file" ) parser.add_option( "-f", "--formats", dest="formats", action="append", help= "signing formats (one or more of \"signcode\", \"gpg\", or \"osx\")") parser.add_option("-q", "--quiet", dest="log_level", action="store_const", const=logging.WARN) parser.add_option("-v", "--verbose", dest="log_level", action="store_const", const=logging.DEBUG) parser.add_option("-i", "--include", dest="includes", action="append", help="add to include patterns") parser.add_option("-x", "--exclude", dest="excludes", action="append", help="add to exclude patterns") parser.add_option("--nsscmd", dest="nsscmd", help="command to re-sign nss libraries, if required") parser.add_option("--cachedir", dest="cachedir", help="local cache directory") # TODO: Concurrency? # TODO: Different certs per server? options, args = parser.parse_args() logging.basicConfig(level=options.log_level, format="%(asctime)s - %(message)s") if not options.hosts: parser.error("at least one host is required") if not options.cert: parser.error("certificate is required") if not os.path.exists(options.cert): parser.error("certificate not found") if not options.tokenfile: parser.error("token file is required") if not options.noncefile: parser.error("nonce file is required") # Covert nsscmd to win32 path if required if sys.platform == 'win32' and options.nsscmd: nsscmd = options.nsscmd.strip() if nsscmd.startswith("/"): drive = nsscmd[1] options.nsscmd = "%s:%s" % (drive, nsscmd[2:]) # Handle format formats = [] allowed_formats = ("signcode", "gpg", "mar", "dmg", "jar", "b2gmar") for fmt in options.formats: if "," in fmt: for fmt in fmt.split(","): if fmt not in allowed_formats: parser.error("invalid format: %s" % fmt) formats.append(fmt) elif fmt not in allowed_formats: parser.error("invalid format: %s" % fmt) else: formats.append(fmt) if options.output_file and (len(args) > 1 or os.path.isdir(args[0])): parser.error( "-o / --output-file can only be used when signing a single file") if options.output_dir: if os.path.exists(options.output_dir): if not os.path.isdir(options.output_dir): parser.error("output_dir (%s) must be a directory", options.output_dir) else: os.makedirs(options.output_dir) if not options.includes: # Do everything! options.includes.append("*") if not formats: parser.error("no formats specified") buildValidatingOpener(options.cert) urls = ["https://%s" % host for host in options.hosts] random.shuffle(urls) log.debug("in %s", os.getcwd()) token = open(options.tokenfile, 'rb').read() for fmt in formats: log.debug("doing %s signing", fmt) files = [] # We want to package the ".app" file in a tar for mac signing. if fmt == "dmg": for fd in args: packtar(fd + '.tar.gz', [fd], os.getcwd()) files.append(fd + '.tar.gz') # For other platforms we sign all of the files individually. else: files = findfiles(args, options.includes, options.excludes) for f in files: log.debug("%s", f) log.debug("checking %s for signature...", f) if fmt == 'signcode' and is_authenticode_signed(f): log.info( "Skipping %s because it looks like it's already signed", f) continue if options.output_dir: dest = os.path.join(options.output_dir, os.path.basename(f)) else: dest = None if not remote_signfile(options, urls, f, fmt, token, dest): log.error("Failed to sign %s with %s", f, fmt) sys.exit(1) if fmt == "dmg": for fd in args: log.debug("unpacking %s", fd) unpacktar(fd + '.tar.gz', os.getcwd()) os.unlink(fd + '.tar.gz')
import os import site import sys my_dir = os.path.dirname(__file__) site.addsitedir(os.path.join(my_dir, '../../lib/python')) from signing.client import buildValidatingOpener, get_token if __name__ == '__main__': from optparse import OptionParser parser = OptionParser(__doc__) parser.add_option('-c', '--server-cert', dest='cert', default=os.path.join(my_dir, 'host.cert')) parser.add_option('-u', '--username', dest='username', default='cltsign') parser.add_option('-p', '--password', dest='password') parser.add_option('-H', '--host', dest='host') parser.add_option('-d', '--duration', dest='duration') parser.add_option('-i', '--ip', dest='slave_ip') options, args = parser.parse_args() buildValidatingOpener(options.cert) baseurl = 'https://%s' % options.host sys.stdout.write(get_token(baseurl, options.username, options.password, options.slave_ip, options.duration))
def main(): from optparse import OptionParser import random parser = OptionParser(__doc__) parser.set_defaults( hosts=[], cert=None, log_level=logging.INFO, output_dir=None, output_file=None, formats=[], includes=[], excludes=[], nsscmd=None, tokenfile=None, noncefile=None, cachedir=None, ) parser.add_option( "-H", "--host", dest="hosts", action="append", help="hostname[:port]") parser.add_option("-c", "--server-cert", dest="cert") parser.add_option("-t", "--token-file", dest="tokenfile", help="file where token is stored") parser.add_option("-n", "--nonce-file", dest="noncefile", help="file where nonce is stored") parser.add_option("-d", "--output-dir", dest="output_dir", help="output directory; if not set then files are replaced with signed copies") parser.add_option("-o", "--output-file", dest="output_file", help="output file; if not set then files are replaced with signed copies. This can only be used when signing a single file") parser.add_option("-f", "--formats", dest="formats", action="append", help="signing formats (one or more of \"signcode\", \"gpg\", or \"osx\")") parser.add_option("-q", "--quiet", dest="log_level", action="store_const", const=logging.WARN) parser.add_option( "-v", "--verbose", dest="log_level", action="store_const", const=logging.DEBUG) parser.add_option("-i", "--include", dest="includes", action="append", help="add to include patterns") parser.add_option("-x", "--exclude", dest="excludes", action="append", help="add to exclude patterns") parser.add_option("--nsscmd", dest="nsscmd", help="command to re-sign nss libraries, if required") parser.add_option("--cachedir", dest="cachedir", help="local cache directory") # TODO: Concurrency? # TODO: Different certs per server? options, args = parser.parse_args() logging.basicConfig( level=options.log_level, format="%(asctime)s - %(message)s") if not options.hosts: parser.error("at least one host is required") if not options.cert: parser.error("certificate is required") if not os.path.exists(options.cert): parser.error("certificate not found") if not options.tokenfile: parser.error("token file is required") if not options.noncefile: parser.error("nonce file is required") # Covert nsscmd to win32 path if required if sys.platform == 'win32' and options.nsscmd: nsscmd = options.nsscmd.strip() if nsscmd.startswith("/"): drive = nsscmd[1] options.nsscmd = "%s:%s" % (drive, nsscmd[2:]) # Handle format formats = [] allowed_formats = ("signcode", "gpg", "mar", "dmg", "jar", "b2gmar") for fmt in options.formats: if "," in fmt: for fmt in fmt.split(","): if fmt not in allowed_formats: parser.error("invalid format: %s" % fmt) formats.append(fmt) elif fmt not in allowed_formats: parser.error("invalid format: %s" % fmt) else: formats.append(fmt) if options.output_file and (len(args) > 1 or os.path.isdir(args[0])): parser.error( "-o / --output-file can only be used when signing a single file") if options.output_dir: if os.path.exists(options.output_dir): if not os.path.isdir(options.output_dir): parser.error( "output_dir (%s) must be a directory", options.output_dir) else: os.makedirs(options.output_dir) if not options.includes: # Do everything! options.includes.append("*") if not formats: parser.error("no formats specified") buildValidatingOpener(options.cert) urls = ["https://%s" % host for host in options.hosts] random.shuffle(urls) log.debug("in %s", os.getcwd()) token = open(options.tokenfile, 'rb').read() for fmt in formats: log.debug("doing %s signing", fmt) files = [] # We want to package the ".app" file in a tar for mac signing. if fmt == "dmg": for fd in args: packtar(fd + '.tar.gz', [fd], os.getcwd()) files.append(fd + '.tar.gz') # For other platforms we sign all of the files individually. else: files = findfiles(args, options.includes, options.excludes) for f in files: log.debug("%s", f) log.debug("checking %s for signature...", f) if fmt == 'signcode' and is_authenticode_signed(f): log.info("Skipping %s because it looks like it's already signed", f) continue if options.output_dir: dest = os.path.join(options.output_dir, os.path.basename(f)) else: dest = None if not remote_signfile(options, urls, f, fmt, token, dest): log.error("Failed to sign %s with %s", f, fmt) sys.exit(1) if fmt == "dmg": for fd in args: log.debug("unpacking %s", fd) unpacktar(fd + '.tar.gz', os.getcwd()) os.unlink(fd + '.tar.gz')