def test_build_filelist_dict(context, task_defn, formats, raises):
full_path = os.path.join(
context.config['work_dir'], 'cot', 'VALID_TASK_ID',
'public/build/firefox-52.0a1.en-US.win64.installer.exe',
)
expected = {
'public/build/firefox-52.0a1.en-US.win64.installer.exe': {
'full_path': full_path,
'formats': ['gpg'],
}
}
context.task = task_defn
# first, the file is missing...
with pytest.raises(TaskVerificationError):
stask.build_filelist_dict(context, formats)
mkdir(os.path.dirname(full_path))
with open(full_path, "w") as fh:
fh.write("foo")
if raises:
# illegal format
with pytest.raises(TaskVerificationError):
stask.build_filelist_dict(context, formats)
else:
assert stask.build_filelist_dict(context, formats) == expected
def test_build_filelist_dict(context, task_defn):
full_path = os.path.join(context.config["work_dir"], "cot", "VALID_TASK_ID", "public/build/firefox-52.0a1.en-US.win64.installer.exe")
expected = {"public/build/firefox-52.0a1.en-US.win64.installer.exe": {"full_path": full_path, "formats": ["gpg"]}}
context.task = task_defn
# first, the file is missing...
with pytest.raises(TaskVerificationError):
stask.build_filelist_dict(context)
mkdir(os.path.dirname(full_path))
with open(full_path, "w") as fh:
fh.write("foo")
assert stask.build_filelist_dict(context) == expected
async def async_main(context):
"""Sign all the things.
Args:
context (Context): the signing context.
"""
connector = _craft_aiohttp_connector(context)
async with aiohttp.ClientSession(connector=connector) as session:
context.session = session
work_dir = context.config['work_dir']
context.signing_servers = load_signing_server_config(context)
all_signing_formats = task_signing_formats(context)
if 'gpg' in all_signing_formats or 'autograph_gpg' in all_signing_formats:
if not context.config.get('gpg_pubkey'):
raise Exception(
"GPG format is enabled but gpg_pubkey is not defined")
if not os.path.exists(context.config['gpg_pubkey']):
raise Exception("gpg_pubkey ({}) doesn't exist!".format(
context.config['gpg_pubkey']))
if 'autograph_widevine' in all_signing_formats:
if not context.config.get('widevine_cert'):
raise Exception(
"Widevine format is enabled, but widevine_cert is not defined"
)
if not all(
is_autograph_signing_format(format_)
for format_ in all_signing_formats):
log.info("getting signingserver token")
await get_token(context, os.path.join(work_dir, 'token'),
task_cert_type(context), all_signing_formats)
filelist_dict = build_filelist_dict(context)
for path, path_dict in filelist_dict.items():
copy_to_dir(path_dict['full_path'],
context.config['work_dir'],
target=path)
log.info("signing %s", path)
output_files = await sign(context, os.path.join(work_dir, path),
path_dict['formats'])
for source in output_files:
source = os.path.relpath(source, work_dir)
copy_to_dir(os.path.join(work_dir, source),
context.config['artifact_dir'],
target=source)
if 'gpg' in path_dict['formats'] or 'autograph_gpg' in path_dict[
'formats']:
copy_to_dir(context.config['gpg_pubkey'],
context.config['artifact_dir'],
target="public/build/KEY")
log.info("Done!")
async def async_main(context):
"""Sign all the things.
Args:
context (Context): the signing context.
"""
async with aiohttp.ClientSession() as session:
all_signing_formats = task_signing_formats(context)
if "gpg" in all_signing_formats or "autograph_gpg" in all_signing_formats:
if not context.config.get("gpg_pubkey"):
raise Exception(
"GPG format is enabled but gpg_pubkey is not defined")
if not os.path.exists(context.config["gpg_pubkey"]):
raise Exception("gpg_pubkey ({}) doesn't exist!".format(
context.config["gpg_pubkey"]))
if "autograph_widevine" in all_signing_formats:
if not context.config.get("widevine_cert"):
raise Exception(
"Widevine format is enabled, but widevine_cert is not defined"
)
context.session = session
context.autograph_configs = load_autograph_configs(
context.config["autograph_configs"])
work_dir = context.config["work_dir"]
filelist_dict = build_filelist_dict(context)
for path, path_dict in filelist_dict.items():
copy_to_dir(path_dict["full_path"],
context.config["work_dir"],
target=path)
log.info("signing %s", path)
output_files = await sign(
context,
os.path.join(work_dir, path),
path_dict["formats"],
authenticode_comment=path_dict.get("comment"))
for source in output_files:
source = os.path.relpath(source, work_dir)
copy_to_dir(os.path.join(work_dir, source),
context.config["artifact_dir"],
target=source)
if "gpg" in path_dict["formats"] or "autograph_gpg" in path_dict[
"formats"]:
copy_to_dir(context.config["gpg_pubkey"],
context.config["artifact_dir"],
target="public/build/KEY")
log.info("Done!")
def test_build_filelist_dict_comment(context, task_defn_authenticode_comment):
full_path = os.path.join(
context.config["work_dir"],
"cot",
"VALID_TASK_ID",
"public/build/firefox-52.0a1.en-US.win64.installer.msi",
)
expected = {
"public/build/firefox-52.0a1.en-US.win64.installer.msi": {
"full_path": full_path,
"formats": ["autograph_authenticode"],
"comment": "Foo Installer"
}
}
context.task = task_defn_authenticode_comment
# first, format is wrong...
with pytest.raises(TaskVerificationError) as error:
stask.build_filelist_dict(context)
assert "without an authenticode" in str(error.value)
# coerce to authenticode
context.task["payload"]["upstreamArtifacts"][0]["formats"] = [
"autograph_authenticode"
]
# Still raises due to no msi
with pytest.raises(TaskVerificationError) as error:
stask.build_filelist_dict(context)
assert "outside of msi" in str(error.value)
# coerce to msi
context.task["payload"]["upstreamArtifacts"][0]["paths"] = [
"public/build/firefox-52.0a1.en-US.win64.installer.msi",
]
# the file is missing...
with pytest.raises(TaskVerificationError):
stask.build_filelist_dict(context)
mkdir(os.path.dirname(full_path))
with open(full_path, "w") as fh:
fh.write("foo")
# Now ok
assert stask.build_filelist_dict(context) == expected
async def async_main(context):
work_dir = context.config['work_dir']
context.task = scriptworker.client.get_task(context.config)
log.info("validating task")
validate_task_schema(context)
context.signing_servers = load_signing_server_config(context)
cert_type = task_cert_type(context.task)
all_signing_formats = task_signing_formats(context.task)
log.info("getting token")
await get_token(context, os.path.join(work_dir, 'token'), cert_type, all_signing_formats)
filelist_dict = build_filelist_dict(context, all_signing_formats)
for path, path_dict in filelist_dict.items():
copy_to_dir(path_dict['full_path'], context.config['work_dir'], target=path)
log.info("signing %s", path)
source = os.path.join(work_dir, path)
await sign_file(context, source, cert_type, path_dict['formats'], context.config["ssl_cert"])
sigfiles = detached_sigfiles(path, path_dict['formats'])
copy_to_dir(source, context.config['artifact_dir'], target=path)
for sigpath in sigfiles:
copy_to_dir(os.path.join(work_dir, sigpath), context.config['artifact_dir'], target=sigpath)
log.info("Done!")
async def async_main(context):
"""Sign all the things.
Args:
context (Context): the signing context.
"""
connector = _craft_aiohttp_connector(context)
# Create a session for talking to the legacy signing servers in order to
# generate a signing token
async with aiohttp.ClientSession(connector=connector) as session:
context.session = session
work_dir = context.config["work_dir"]
context.signing_servers = load_signing_server_config(context)
all_signing_formats = task_signing_formats(context)
if "gpg" in all_signing_formats or "autograph_gpg" in all_signing_formats:
if not context.config.get("gpg_pubkey"):
raise Exception("GPG format is enabled but gpg_pubkey is not defined")
if not os.path.exists(context.config["gpg_pubkey"]):
raise Exception(
"gpg_pubkey ({}) doesn't exist!".format(
context.config["gpg_pubkey"]
)
)
if "autograph_widevine" in all_signing_formats:
if not context.config.get("widevine_cert"):
raise Exception(
"Widevine format is enabled, but widevine_cert is not defined"
)
if not all(
is_autograph_signing_format(format_) for format_ in all_signing_formats
):
log.info("getting signingserver token")
await get_token(
context,
os.path.join(work_dir, "token"),
task_cert_type(context),
all_signing_formats,
)
# Create a new session to talk to autograph
async with aiohttp.ClientSession() as session:
context.session = session
filelist_dict = build_filelist_dict(context)
for path, path_dict in filelist_dict.items():
copy_to_dir(path_dict["full_path"], context.config["work_dir"], target=path)
log.info("signing %s", path)
output_files = await sign(
context, os.path.join(work_dir, path), path_dict["formats"]
)
for source in output_files:
source = os.path.relpath(source, work_dir)
copy_to_dir(
os.path.join(work_dir, source),
context.config["artifact_dir"],
target=source,
)
if "gpg" in path_dict["formats"] or "autograph_gpg" in path_dict["formats"]:
copy_to_dir(
context.config["gpg_pubkey"],
context.config["artifact_dir"],
target="public/build/KEY",
)
log.info("Done!")