def sign(self, task_id, run_id, task, work_dir): payload = task["payload"] manifest_url = payload["signingManifest"] signing_manifest = self.get_manifest(manifest_url) # TODO: better way to extract filename url_prefix = "/".join(manifest_url.split("/")[:-1]) cert_type = task_cert_type(task) signing_formats = task_signing_formats(task) for e in signing_manifest: # Fallback to "mar" if "file_to_sign" is not specified file_to_sign = e.get("file_to_sign", e["mar"]) file_url = "{}/{}".format(url_prefix, file_to_sign) abs_filename, detached_signatures = self.download_and_sign_file( task_id, run_id, file_url, e["hash"], cert_type, signing_formats, work_dir) # Update manifest data with new values e["hash"] = get_hash(abs_filename) e["size"] = os.path.getsize(abs_filename) e["detached_signatures"] = {} for sig_type, sig_filename in detached_signatures: e["detached_signatures"][sig_type] = sig_filename manifest_file = os.path.join(work_dir, "manifest.json") with open(manifest_file, "wb") as f: json.dump(signing_manifest, f, indent=2, sort_keys=True) log.debug("Uploading manifest for t: %s, r: %s", task_id, run_id) self.create_artifact(task_id, run_id, "public/env/manifest.json", manifest_file, "application/json")
def test_task_signing_formats(self): task = { "scopes": [ "project:releng:signing:cert:dep", "project:releng:signing:format:mar", "project:releng:signing:format:gpg" ] } self.assertEqual(["mar", "gpg"], task_signing_formats(task))
def test_task_signing_formats(self): task = {"scopes": ["signing:cert:dep", "signing:format:mar", "signing:format:gpg"]} self.assertEqual(["mar", "gpg"], task_signing_formats(task))