def generate_cot(context, parent_path=None):
"""Format and sign the cot body, and write to disk.
Args:
context (scriptworker.context.Context): the scriptworker context.
parent_path (str, optional): The directory to write the chain of trust
artifacts to. If None, this is ``artifact_dir/public/``.
Defaults to None.
Returns:
str: the contents of the chain of trust artifact.
Raises:
ScriptWorkerException: on schema error.
"""
body = generate_cot_body(context)
schema = load_json_or_yaml(
context.config['cot_schema_path'], is_path=True,
exception=ScriptWorkerException,
message="Can't read schema file {}: %(exc)s".format(context.config['cot_schema_path'])
)
validate_json_schema(body, schema, name="chain of trust")
body = format_json(body)
parent_path = parent_path or os.path.join(context.config['artifact_dir'], 'public')
unsigned_path = os.path.join(parent_path, 'chain-of-trust.json')
write_to_file(unsigned_path, body)
if context.config['sign_chain_of_trust']:
ed25519_signature_path = '{}.sig'.format(unsigned_path)
ed25519_private_key = ed25519_private_key_from_file(context.config['ed25519_private_key_path'])
ed25519_signature = ed25519_private_key.sign(body.encode('utf-8'))
write_to_file(ed25519_signature_path, ed25519_signature, file_type='binary')
return body
def test_write_to_file(tmpdir, file_type, contents_or_path, expected, is_path):
path = os.path.join(tmpdir, "foo")
if is_path:
with open(contents_or_path, "rb") as fh:
contents_or_path = fh.read()
expected = contents_or_path
utils.write_to_file(path, contents_or_path, file_type=file_type)
with open(path, "rb") as fh:
assert fh.read() == expected
def test_write_to_file(tmpdir, file_type, contents_or_path, expected, is_path):
path = os.path.join(tmpdir, 'foo')
if is_path:
with open(contents_or_path, 'rb') as fh:
contents_or_path = fh.read()
expected = contents_or_path
utils.write_to_file(path, contents_or_path, file_type=file_type)
with open(path, 'rb') as fh:
assert fh.read() == expected
def generate_cot(context, parent_path=None):
"""Format and sign the cot body, and write to disk.
Args:
context (scriptworker.context.Context): the scriptworker context.
parent_path (str, optional): The directory to write the chain of trust
artifacts to. If None, this is ``artifact_dir/public/``.
Defaults to None.
Returns:
str: the contents of the chain of trust artifact.
Raises:
ScriptWorkerException: on schema error.
"""
body = generate_cot_body(context)
schema = load_json_or_yaml(
context.config["cot_schema_path"],
is_path=True,
exception=ScriptWorkerException,
message="Can't read schema file {}: %(exc)s".format(
context.config["cot_schema_path"]),
)
validate_json_schema(body, schema, name="chain of trust")
body = format_json(body)
parent_path = parent_path or os.path.join(context.config["artifact_dir"],
"public")
unsigned_path = os.path.join(parent_path, "chain-of-trust.json")
write_to_file(unsigned_path, body)
if context.config["sign_chain_of_trust"]:
ed25519_signature_path = "{}.sig".format(unsigned_path)
ed25519_private_key = ed25519_private_key_from_file(
context.config["ed25519_private_key_path"])
ed25519_signature = ed25519_private_key.sign(body.encode("utf-8"))
write_to_file(ed25519_signature_path,
ed25519_signature,
file_type="binary")
return body
def test_write_to_file_bad_file_type(tmpdir):
path = os.path.join(tmpdir, "foo")
with pytest.raises(ScriptWorkerException):
utils.write_to_file(path, "foo", file_type="illegal file type")
def test_write_to_file_bad_file_type(tmpdir):
path = os.path.join(tmpdir, 'foo')
with pytest.raises(ScriptWorkerException):
utils.write_to_file(path, 'foo', file_type='illegal file type')
