def test_get_config_key(scopes, base_key, key, product, raises):
    """``get_config_key`` returns the correct subconfig."""
    config = {"taskcluster_scope_prefix": "scope:prefix:", "mac_config": {"dep": {"key": "dep"}, "nightly": {"key": "nightly"}}}
    task = {"scopes": scopes, "payload": {"product": product}}
    if raises:
        with pytest.raises(IScriptError):
            util.get_sign_config(config, task, base_key=base_key)
    else:
        sign_config = util.get_sign_config(config, task, base_key=base_key)
        expected = deepcopy(PRODUCT_CONFIG[base_key][product])
        expected.update(config[base_key][key])
        assert sign_config == expected
Exemplo n.º 2
0
async def sign_and_pkg_behavior(config, task):
    """Sign all mac apps for this task.

    Args:
        config (dict): the running configuration
        task (dict): the running task

    Raises:
        IScriptError: on fatal error.

    """
    sign_config = get_sign_config(config, task, base_key="mac_config")
    entitlements_path = await download_entitlements_file(config, sign_config, task)

    all_paths = get_app_paths(config, task)
    langpack_apps = filter_apps(all_paths, fmt="autograph_langpack")
    if langpack_apps:
        await sign_langpacks(config, sign_config, langpack_apps)
        all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True)
    await extract_all_apps(config, all_paths)
    await unlock_keychain(sign_config["signing_keychain"], sign_config["keychain_password"])
    await update_keychain_search_path(config, sign_config["signing_keychain"])
    await sign_all_apps(config, sign_config, entitlements_path, all_paths)
    await tar_apps(config, all_paths)

    # pkg
    await unlock_keychain(sign_config["signing_keychain"], sign_config["keychain_password"])
    await update_keychain_search_path(config, sign_config["signing_keychain"])
    await create_pkg_files(config, sign_config, all_paths)
    await copy_pkgs_to_artifact_dir(config, all_paths)

    log.info("Done signing apps and creating pkgs.")
Exemplo n.º 3
0
async def notarize_1_behavior(config, task):
    """Sign and submit all mac apps for notarization.

    This task will not wait for the notarization to finish. Instead, it
    will upload all signed apps and a uuid manifest.

    Args:
        config (dict): the running configuration
        task (dict): the running task

    Raises:
        IScriptError: on fatal error.

    """
    work_dir = config["work_dir"]

    sign_config = get_sign_config(config, task, base_key="mac_config")
    entitlements_path = await download_entitlements_file(config, sign_config, task)
    path_attrs = ["app_path"]

    all_paths = get_app_paths(config, task)
    langpack_apps = filter_apps(all_paths, fmt="autograph_langpack")
    if langpack_apps:
        await sign_langpacks(config, sign_config, langpack_apps)
        all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True)

    # app
    await extract_all_apps(config, all_paths)
    await unlock_keychain(sign_config["signing_keychain"], sign_config["keychain_password"])
    await update_keychain_search_path(config, sign_config["signing_keychain"])
    await sign_all_apps(config, sign_config, entitlements_path, all_paths)

    # pkg
    if sign_config["create_pkg"]:
        path_attrs.append("pkg_path")
        # Unlock keychain again in case it's locked since previous unlock
        await unlock_keychain(sign_config["signing_keychain"], sign_config["keychain_password"])
        await update_keychain_search_path(config, sign_config["signing_keychain"])
        await create_pkg_files(config, sign_config, all_paths)

    log.info("Submitting for notarization.")
    if sign_config["notarize_type"] == "multi_account":
        await create_all_notarization_zipfiles(all_paths, path_attrs=path_attrs)
        poll_uuids = await wrap_notarization_with_sudo(config, sign_config, all_paths, path_attr="zip_path")
    else:
        zip_path = await create_one_notarization_zipfile(work_dir, all_paths, sign_config, path_attrs)
        poll_uuids = await notarize_no_sudo(work_dir, sign_config, zip_path)

    # create uuid_manifest.json
    uuids_path = "{}/public/uuid_manifest.json".format(config["artifact_dir"])
    makedirs(os.path.dirname(uuids_path))
    with open(uuids_path, "w") as fh:
        json.dump(sorted(poll_uuids.keys()), fh)

    await tar_apps(config, all_paths)
    await copy_pkgs_to_artifact_dir(config, all_paths)

    log.info("Done signing apps and submitting them for notarization.")
Exemplo n.º 4
0
async def notarize_behavior(config, task):
    """Sign and notarize all mac apps for this task.

    Args:
        config (dict): the running configuration
        task (dict): the running task

    Raises:
        IScriptError: on fatal error.

    """
    work_dir = config["work_dir"]

    sign_config = get_sign_config(config, task, base_key="mac_config")
    entitlements_path = await download_entitlements_file(config, sign_config, task)
    path_attrs = ["app_path"]

    all_paths = get_app_paths(config, task)
    langpack_apps = filter_apps(all_paths, fmt="autograph_langpack")
    if langpack_apps:
        await sign_langpacks(config, sign_config, langpack_apps)
        all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True)

    # app
    await extract_all_apps(config, all_paths)
    await unlock_keychain(sign_config["signing_keychain"], sign_config["keychain_password"])
    await update_keychain_search_path(config, sign_config["signing_keychain"])
    await sign_all_apps(config, sign_config, entitlements_path, all_paths)

    # pkg
    if sign_config["create_pkg"]:
        path_attrs.append("pkg_path")
        # Unlock keychain again in case it's locked since previous unlock
        await unlock_keychain(sign_config["signing_keychain"], sign_config["keychain_password"])
        await update_keychain_search_path(config, sign_config["signing_keychain"])
        await create_pkg_files(config, sign_config, all_paths)

    log.info("Notarizing")
    if sign_config["notarize_type"] == "multi_account":
        await create_all_notarization_zipfiles(all_paths, path_attrs=path_attrs)
        poll_uuids = await wrap_notarization_with_sudo(config, sign_config, all_paths, path_attr="zip_path")
    else:
        zip_path = await create_one_notarization_zipfile(work_dir, all_paths, sign_config, path_attrs=path_attrs)
        poll_uuids = await notarize_no_sudo(work_dir, sign_config, zip_path)

    await poll_all_notarization_status(sign_config, poll_uuids)

    # app
    await staple_notarization(all_paths, path_attr="app_path")
    await tar_apps(config, all_paths)

    # pkg
    if sign_config["create_pkg"]:
        await staple_notarization(all_paths, path_attr="pkg_path")
        await copy_pkgs_to_artifact_dir(config, all_paths)

    log.info("Done signing and notarizing apps.")
Exemplo n.º 5
0
async def async_main(config, task):
    """Sign all the things.

    Args:
        config (dict): the running config.
        task (dict): the running task.

    """
    await run_command(["hostname"])
    base_key = "mac_config"  # We may support ios_config someday
    sign_config = get_sign_config(config, task, base_key=base_key)
    behavior = task["payload"].get("behavior", "mac_sign")
    if behavior == "mac_notarize" and "mac_notarize" not in sign_config[
            "supported_behaviors"] and "mac_sign_and_pkg" in sign_config[
                "supported_behaviors"]:
        behavior = "mac_sign_and_pkg"
    if behavior not in sign_config["supported_behaviors"]:
        raise IScriptError("Unsupported behavior {} given scopes {}!".format(
            behavior, task["scopes"]))
    if behavior == "mac_geckodriver":
        await geckodriver_behavior(config, task)
        return
    elif behavior == "mac_notarize":
        await notarize_behavior(config, task)
        return
    elif behavior == "mac_notarize_part_1":
        await notarize_1_behavior(config, task)
        return
    elif behavior == "mac_notarize_part_3":
        await notarize_3_behavior(config, task)
        return
    elif behavior == "mac_sign":
        await sign_behavior(config, task)
        return
    elif behavior == "mac_sign_and_pkg":
        # For staging releases; or should we mac_notarize but skip notarization
        # for dep?
        await sign_and_pkg_behavior(config, task)
        return
    raise IScriptError("Unknown iscript behavior {}!".format(behavior))
Exemplo n.º 6
0
async def notarize_3_behavior(config, task):
    """Staple notarization to all mac apps for this task.

    Args:
        config (dict): the running configuration
        task (dict): the running task

    Raises:
        IScriptError: on fatal error.

    """
    sign_config = get_sign_config(config, task, base_key="mac_config")

    # In notarize_3_behavior, `all_paths` will have separate "apps" for each
    # artifact (one for a pkg, one for an app, one for a langpack xpi)
    all_paths = get_app_paths(config, task)
    all_xpi_paths = list(filter(lambda app: app.orig_path.endswith(".xpi"), all_paths))
    all_pkg_paths = list(filter(lambda app: app.orig_path.endswith(".pkg"), all_paths))
    all_app_paths = list(filterfalse(lambda app: app.orig_path.endswith((".pkg", ".xpi")), all_paths))

    await extract_all_apps(config, all_app_paths)
    for app in all_app_paths:
        set_app_path_and_name(app)

    for app in all_pkg_paths:
        app.pkg_path = app.orig_path
        app.pkg_name = os.path.basename(app.pkg_path)

    await staple_notarization(all_app_paths, path_attr="app_path")
    await tar_apps(config, all_app_paths)

    if sign_config["create_pkg"]:
        await staple_notarization(all_pkg_paths, path_attr="pkg_path")
        await copy_pkgs_to_artifact_dir(config, all_pkg_paths)

    await copy_xpis_to_artifact_dir(config, all_xpi_paths)

    log.info("Done stapling notarization.")
Exemplo n.º 7
0
async def geckodriver_behavior(config, task):
    """Create and sign the geckodriver file for this task.

    Args:
        config (dict): the running configuration
        task (dict): the running task

    Raises:
        IScriptError: on fatal error.

    """
    sign_config = get_sign_config(config, task, base_key="mac_config")

    all_paths = get_app_paths(config, task)
    langpack_apps = filter_apps(all_paths, fmt="autograph_langpack")
    if langpack_apps:
        await sign_langpacks(config, sign_config, langpack_apps)
        all_paths = filter_apps(all_paths, fmt="autograph_langpack", inverted=True)
    await extract_all_apps(config, all_paths)
    await unlock_keychain(sign_config["signing_keychain"], sign_config["keychain_password"])
    await update_keychain_search_path(config, sign_config["signing_keychain"])
    await sign_geckodriver(config, sign_config, all_paths)

    log.info("Done signing geckodriver.")