async def geckodriver_behavior(config, task):
"""Create and sign the geckodriver file for this task.
Args:
config (dict): the running configuration
task (dict): the running task
Raises:
IScriptError: on fatal error.
"""
key_config = get_key_config(config, task, base_key="mac_config")
all_paths = get_app_paths(config, task)
langpack_apps = filter_apps(all_paths, fmt="autograph_langpack")
if langpack_apps:
await sign_langpacks(config, key_config, langpack_apps)
all_paths = filter_apps(all_paths,
fmt="autograph_langpack",
inverted=True)
await extract_all_apps(config, all_paths)
await unlock_keychain(key_config["signing_keychain"],
key_config["keychain_password"])
await update_keychain_search_path(config, key_config["signing_keychain"])
await sign_geckodriver(config, key_config, all_paths)
log.info("Done signing geckodriver.")
async def sign_behavior(config, task):
"""Sign all mac apps for this task.
Args:
config (dict): the running configuration
task (dict): the running task
Raises:
IScriptError: on fatal error.
"""
key_config = get_key_config(config, task, base_key="mac_config")
entitlements_path = await download_entitlements_file(
config, key_config, task)
all_paths = get_app_paths(config, task)
all_paths = get_app_paths(config, task)
langpack_apps = filter_apps(all_paths, fmt="autograph_langpack")
if langpack_apps:
await sign_langpacks(config, key_config, langpack_apps)
all_paths = filter_apps(all_paths,
fmt="autograph_langpack",
inverted=True)
await extract_all_apps(config, all_paths)
await unlock_keychain(key_config["signing_keychain"],
key_config["keychain_password"])
await update_keychain_search_path(config, key_config["signing_keychain"])
await sign_all_apps(config, key_config, entitlements_path, all_paths)
await tar_apps(config, all_paths)
log.info("Done signing apps.")
async def async_main(config, task):
"""Sign all the things.
Args:
config (dict): the running config.
task (dict): the running task.
"""
await run_command(["hostname"])
base_key = "mac_config" # We may support ios_config someday
key_config = get_key_config(config, task, base_key=base_key)
behavior = task["payload"].get("behavior", "mac_sign")
if behavior == "mac_notarize" and "mac_notarize" not in key_config[
"supported_behaviors"] and "mac_sign_and_pkg" in key_config[
"supported_behaviors"]:
behavior = "mac_sign_and_pkg"
if behavior not in key_config["supported_behaviors"]:
raise IScriptError("Unsupported behavior {} given scopes {}!".format(
behavior, task["scopes"]))
if behavior == "mac_geckodriver":
await geckodriver_behavior(config, task)
return
elif behavior == "mac_notarize":
await notarize_behavior(config, task)
return
elif behavior == "mac_sign":
await sign_behavior(config, task)
return
elif behavior == "mac_sign_and_pkg":
# For staging releases; or should we mac_notarize but skip notarization
# for dep?
await sign_and_pkg_behavior(config, task)
return
raise IScriptError("Unknown iscript behavior {}!".format(behavior))
async def notarize_1_behavior(config, task):
"""Sign and submit all mac apps for notarization.
This task will not wait for the notarization to finish. Instead, it
will upload all signed apps and a uuid manifest.
Args:
config (dict): the running configuration
task (dict): the running task
Raises:
IScriptError: on fatal error.
"""
work_dir = config["work_dir"]
key_config = get_key_config(config, task, base_key="mac_config")
entitlements_path = await download_entitlements_file(config, key_config, task)
all_paths = get_app_paths(config, task)
langpack_apps = filter_apps(all_paths, fmt="autograph_langpack")
if langpack_apps:
await sign_langpacks(config, key_config, langpack_apps)
all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True)
# app
await extract_all_apps(config, all_paths)
await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"])
await update_keychain_search_path(config, key_config["signing_keychain"])
await sign_all_apps(config, key_config, entitlements_path, all_paths)
# pkg
# Unlock keychain again in case it's locked since previous unlock
await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"])
await update_keychain_search_path(config, key_config["signing_keychain"])
await create_pkg_files(config, key_config, all_paths)
log.info("Submitting for notarization.")
if key_config["notarize_type"] == "multi_account":
await create_all_notarization_zipfiles(all_paths, path_attrs=["app_path", "pkg_path"])
poll_uuids = await wrap_notarization_with_sudo(config, key_config, all_paths, path_attr="zip_path")
else:
zip_path = await create_one_notarization_zipfile(work_dir, all_paths, path_attr="app_path")
poll_uuids = await notarize_no_sudo(work_dir, key_config, zip_path)
# create uuid_manifest.json
uuids_path = "{}/public/uuid_manifest.json".format(config["artifact_dir"])
makedirs(os.path.dirname(uuids_path))
with open(uuids_path, "w") as fh:
json.dump(sorted(poll_uuids.keys()), fh)
await tar_apps(config, all_paths)
await copy_pkgs_to_artifact_dir(config, all_paths)
log.info("Done signing apps and submitting them for notarization.")
async def notarize_behavior(config, task):
"""Sign and notarize all mac apps for this task.
Args:
config (dict): the running configuration
task (dict): the running task
Raises:
IScriptError: on fatal error.
"""
work_dir = config["work_dir"]
key_config = get_key_config(config, task, base_key="mac_config")
entitlements_path = await download_entitlements_file(config, key_config, task)
all_paths = get_app_paths(config, task)
langpack_apps = filter_apps(all_paths, fmt="autograph_langpack")
if langpack_apps:
await sign_langpacks(config, key_config, langpack_apps)
all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True)
# app
await extract_all_apps(config, all_paths)
await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"])
await update_keychain_search_path(config, key_config["signing_keychain"])
await sign_all_apps(config, key_config, entitlements_path, all_paths)
# pkg
# Unlock keychain again in case it's locked since previous unlock
await unlock_keychain(key_config["signing_keychain"], key_config["keychain_password"])
await update_keychain_search_path(config, key_config["signing_keychain"])
await create_pkg_files(config, key_config, all_paths)
log.info("Notarizing")
if key_config["notarize_type"] == "multi_account":
await create_all_notarization_zipfiles(all_paths, path_attrs=["app_path", "pkg_path"])
poll_uuids = await wrap_notarization_with_sudo(config, key_config, all_paths, path_attr="zip_path")
else:
zip_path = await create_one_notarization_zipfile(work_dir, all_paths, path_attr="app_path")
poll_uuids = await notarize_no_sudo(work_dir, key_config, zip_path)
await poll_all_notarization_status(key_config, poll_uuids)
# app
await staple_notarization(all_paths, path_attr="app_path")
await tar_apps(config, all_paths)
# pkg
await staple_notarization(all_paths, path_attr="pkg_path")
await copy_pkgs_to_artifact_dir(config, all_paths)
log.info("Done signing and notarizing apps.")
def test_get_config_key(scopes, base_key, key, raises):
"""``get_config_key`` returns the correct subconfig.
"""
config = {
"taskcluster_scope_prefix": "scope:prefix:",
"mac_config": {
"dep": {
"key": "dep"
},
"nightly": {
"key": "nightly"
}
},
}
task = {"scopes": scopes}
if raises:
with pytest.raises(IScriptError):
util.get_key_config(config, task, base_key=base_key)
else:
assert (util.get_key_config(
config, task, base_key=base_key) == config[base_key][key])
