def sign(self, task_id, run_id, task, work_dir):
payload = task["payload"]
manifest_url = payload["signingManifest"]
signing_manifest = self.get_manifest(manifest_url)
# TODO: better way to extract filename
url_prefix = "/".join(manifest_url.split("/")[:-1])
cert_type = task_cert_type(task)
signing_formats = task_signing_formats(task)
for e in signing_manifest:
# Fallback to "mar" if "file_to_sign" is not specified
file_to_sign = e.get("file_to_sign", e["mar"])
file_url = "{}/{}".format(url_prefix, file_to_sign)
abs_filename, detached_signatures = self.download_and_sign_file(
task_id, run_id, file_url, e["hash"], cert_type,
signing_formats, work_dir)
# Update manifest data with new values
e["hash"] = get_hash(abs_filename)
e["size"] = os.path.getsize(abs_filename)
e["detached_signatures"] = {}
for sig_type, sig_filename in detached_signatures:
e["detached_signatures"][sig_type] = sig_filename
manifest_file = os.path.join(work_dir, "manifest.json")
with open(manifest_file, "wb") as f:
json.dump(signing_manifest, f, indent=2, sort_keys=True)
log.debug("Uploading manifest for t: %s, r: %s", task_id, run_id)
self.create_artifact(task_id, run_id, "public/env/manifest.json",
manifest_file, "application/json")
def sign(self, task_id, run_id, task, work_dir):
payload = task["payload"]
manifest_url = payload["signingManifest"]
signing_manifest = self.get_manifest(manifest_url)
# TODO: better way to extract filename
url_prefix = "/".join(manifest_url.split("/")[:-1])
cert_type = task_cert_type(task)
signing_formats = task_signing_formats(task)
for e in signing_manifest:
# Fallback to "mar" if "file_to_sign" is not specified
file_to_sign = e.get("file_to_sign", e["mar"])
file_url = "{}/{}".format(url_prefix, file_to_sign)
abs_filename, detached_signatures = self.download_and_sign_file(
task_id, run_id, file_url, e["hash"], cert_type,
signing_formats, work_dir)
# Update manifest data with new values
e["hash"] = get_hash(abs_filename)
e["size"] = os.path.getsize(abs_filename)
e["detached_signatures"] = {}
for sig_type, sig_filename in detached_signatures:
e["detached_signatures"][sig_type] = sig_filename
manifest_file = os.path.join(work_dir, "manifest.json")
with open(manifest_file, "wb") as f:
json.dump(signing_manifest, f, indent=2, sort_keys=True)
log.debug("Uploading manifest for t: %s, r: %s", task_id, run_id)
self.create_artifact(task_id, run_id, "public/env/manifest.json",
manifest_file, "application/json")
def test_task_signing_formats(self):
task = {
"scopes": [
"project:releng:signing:cert:dep",
"project:releng:signing:format:mar",
"project:releng:signing:format:gpg"
]
}
self.assertEqual(["mar", "gpg"], task_signing_formats(task))
def test_task_signing_formats(self):
task = {"scopes": ["signing:cert:dep", "signing:format:mar",
"signing:format:gpg"]}
self.assertEqual(["mar", "gpg"], task_signing_formats(task))
