def main():
allowed_formats = ("signcode", "osslsigncode", "gpg", "mar", "dmg",
"dmgv2", "jar", "b2gmar")
from optparse import OptionParser
import random
parser = OptionParser(__doc__)
parser.set_defaults(
hosts=[],
cert=None,
log_level=logging.INFO,
output_dir=None,
output_file=None,
formats=[],
includes=[],
excludes=[],
nsscmd=None,
tokenfile=None,
noncefile=None,
cachedir=None,
)
parser.add_option("-H",
"--host",
dest="hosts",
action="append",
help="format[:format]:hostname[:port]")
parser.add_option("-c", "--server-cert", dest="cert")
parser.add_option("-t",
"--token-file",
dest="tokenfile",
help="file where token is stored")
parser.add_option("-n",
"--nonce-file",
dest="noncefile",
help="file where nonce is stored")
parser.add_option(
"-d",
"--output-dir",
dest="output_dir",
help=
"output directory; if not set then files are replaced with signed copies"
)
parser.add_option(
"-o",
"--output-file",
dest="output_file",
help=
"output file; if not set then files are replaced with signed copies. This can only be used when signing a single file"
)
parser.add_option("-f",
"--formats",
dest="formats",
action="append",
help="signing formats (one or more of %s)" %
", ".join(allowed_formats))
parser.add_option("-q",
"--quiet",
dest="log_level",
action="store_const",
const=logging.WARN)
parser.add_option("-v",
"--verbose",
dest="log_level",
action="store_const",
const=logging.DEBUG)
parser.add_option("-i",
"--include",
dest="includes",
action="append",
help="add to include patterns")
parser.add_option("-x",
"--exclude",
dest="excludes",
action="append",
help="add to exclude patterns")
parser.add_option("--nsscmd",
dest="nsscmd",
help="command to re-sign nss libraries, if required")
parser.add_option("--cachedir",
dest="cachedir",
help="local cache directory")
# TODO: Concurrency?
# TODO: Different certs per server?
options, args = parser.parse_args()
logging.basicConfig(level=options.log_level,
format="%(asctime)s - %(message)s")
if not options.hosts:
parser.error("at least one host is required")
if not options.cert:
parser.error("certificate is required")
if not os.path.exists(options.cert):
parser.error("certificate not found")
if not options.tokenfile:
parser.error("token file is required")
if not options.noncefile:
parser.error("nonce file is required")
# Covert nsscmd to win32 path if required
if sys.platform == 'win32' and options.nsscmd:
nsscmd = options.nsscmd.strip()
if nsscmd.startswith("/"):
drive = nsscmd[1]
options.nsscmd = "%s:%s" % (drive, nsscmd[2:])
# Handle format
formats = []
for fmt in options.formats:
if "," in fmt:
for fmt in fmt.split(","):
if fmt not in allowed_formats:
parser.error("invalid format: %s" % fmt)
formats.append(fmt)
elif fmt not in allowed_formats:
parser.error("invalid format: %s" % fmt)
else:
formats.append(fmt)
if options.output_file and (len(args) > 1 or os.path.isdir(args[0])):
parser.error(
"-o / --output-file can only be used when signing a single file")
if options.output_dir:
if os.path.exists(options.output_dir):
if not os.path.isdir(options.output_dir):
parser.error("output_dir (%s) must be a directory",
options.output_dir)
else:
os.makedirs(options.output_dir)
if not options.includes:
# Do everything!
options.includes.append("*")
if not formats:
parser.error("no formats specified")
format_urls = defaultdict(list)
for h in options.hosts:
# The last two parts of a host is the actual hostname:port. Any parts
# before that are formats - there could be 0..n formats so this is
# tricky to split.
parts = h.split(":")
h = parts[-2:]
fmts = parts[:-2]
# If no formats are specified, the host is assumed to support all of them.
if not fmts:
fmts = formats
for f in fmts:
format_urls[f].append("https://%s" % ":".join(h))
missing_fmt_hosts = set(formats) - set(format_urls.keys())
if missing_fmt_hosts:
parser.error("no hosts capable of signing formats: %s" %
" ".join(missing_fmt_hosts))
log.debug("in %s", os.getcwd())
buildValidatingOpener(options.cert)
token = open(options.tokenfile, 'rb').read()
for fmt in formats:
urls = format_urls[fmt]
random.shuffle(urls)
# The only difference between dmg and dmgv2 are the servers they use.
# The server side code only understands "dmg" as a format, so we need
# to translate this now that we've chosen our URLs
if fmt == "dmgv2":
fmt = "dmg"
log.debug("doing %s signing", fmt)
log.debug("possible hosts are %s" % urls)
files = []
# We want to package the ".app" file in a tar for mac signing.
if fmt == "dmg":
for fd in args:
packtar(fd + '.tar.gz', [fd], os.getcwd())
files.append(fd + '.tar.gz')
# For other platforms we sign all of the files individually.
else:
files = findfiles(args, options.includes, options.excludes)
for f in files:
log.debug("%s", f)
log.debug("checking %s for signature...", f)
if fmt in ('signcode',
'osslsigncode') and is_authenticode_signed(f):
log.info(
"Skipping %s because it looks like it's already signed", f)
continue
if options.output_dir:
dest = os.path.join(options.output_dir, os.path.basename(f))
else:
dest = None
if not remote_signfile(options, urls, f, fmt, token, dest):
log.error("Failed to sign %s with %s", f, fmt)
sys.exit(1)
if fmt == "dmg":
for fd in args:
log.debug("unpacking %s", fd)
unpacktar(fd + '.tar.gz', os.getcwd())
os.unlink(fd + '.tar.gz')
def main():
allowed_formats = ("sha2signcode", "signcode", "osslsigncode", "gpg", "mar", "dmg",
"dmgv2", "jar", "emevoucher")
from optparse import OptionParser
import random
parser = OptionParser(__doc__)
parser.set_defaults(
hosts=[],
cert=None,
log_level=logging.INFO,
output_dir=None,
output_file=None,
formats=[],
includes=[],
excludes=[],
nsscmd=None,
tokenfile=None,
noncefile=None,
cachedir=None,
)
parser.add_option(
"-H", "--host", dest="hosts", action="append", help="format[:format]:hostname[:port]")
parser.add_option("-c", "--server-cert", dest="cert")
parser.add_option("-t", "--token-file", dest="tokenfile",
help="file where token is stored")
parser.add_option("-n", "--nonce-file", dest="noncefile",
help="file where nonce is stored")
parser.add_option("-d", "--output-dir", dest="output_dir",
help="output directory; if not set then files are replaced with signed copies")
parser.add_option("-o", "--output-file", dest="output_file",
help="output file; if not set then files are replaced with signed copies. This can only be used when signing a single file")
parser.add_option("-f", "--formats", dest="formats", action="append",
help="signing formats (one or more of %s)" % ", ".join(allowed_formats))
parser.add_option("-q", "--quiet", dest="log_level", action="store_const",
const=logging.WARN)
parser.add_option(
"-v", "--verbose", dest="log_level", action="store_const",
const=logging.DEBUG)
parser.add_option("-i", "--include", dest="includes", action="append",
help="add to include patterns")
parser.add_option("-x", "--exclude", dest="excludes", action="append",
help="add to exclude patterns")
parser.add_option("--nsscmd", dest="nsscmd",
help="command to re-sign nss libraries, if required")
parser.add_option("--cachedir", dest="cachedir",
help="local cache directory")
# TODO: Concurrency?
# TODO: Different certs per server?
options, args = parser.parse_args()
logging.basicConfig(
level=options.log_level, format="%(asctime)s - %(message)s")
if not options.hosts:
parser.error("at least one host is required")
if not options.cert:
parser.error("certificate is required")
if not os.path.exists(options.cert):
parser.error("certificate not found")
if not options.tokenfile:
parser.error("token file is required")
if not options.noncefile:
parser.error("nonce file is required")
# Covert nsscmd to win32 path if required
if sys.platform == 'win32' and options.nsscmd:
nsscmd = options.nsscmd.strip()
if nsscmd.startswith("/"):
drive = nsscmd[1]
options.nsscmd = "%s:%s" % (drive, nsscmd[2:])
# Handle format
formats = []
for fmt in options.formats:
if "," in fmt:
for fmt in fmt.split(","):
if fmt not in allowed_formats:
parser.error("invalid format: %s" % fmt)
formats.append(fmt)
elif fmt not in allowed_formats:
parser.error("invalid format: %s" % fmt)
else:
formats.append(fmt)
# bug 1164456
# GPG signing must happen last because it will be invalid if done prior to
# any format that modifies the file in-place.
if "gpg" in formats:
formats.remove("gpg")
formats.append("gpg")
if options.output_file and (len(args) > 1 or os.path.isdir(args[0])):
parser.error(
"-o / --output-file can only be used when signing a single file")
if options.output_dir:
if os.path.exists(options.output_dir):
if not os.path.isdir(options.output_dir):
parser.error(
"output_dir (%s) must be a directory", options.output_dir)
else:
os.makedirs(options.output_dir)
if not options.includes:
# Do everything!
options.includes.append("*")
if not formats:
parser.error("no formats specified")
format_urls = defaultdict(list)
for h in options.hosts:
# The last two parts of a host is the actual hostname:port. Any parts
# before that are formats - there could be 0..n formats so this is
# tricky to split.
parts = h.split(":")
h = parts[-2:]
fmts = parts[:-2]
# If no formats are specified, the host is assumed to support all of them.
if not fmts:
fmts = formats
for f in fmts:
format_urls[f].append("https://%s" % ":".join(h))
missing_fmt_hosts = set(formats) - set(format_urls.keys())
if missing_fmt_hosts:
parser.error("no hosts capable of signing formats: %s" % " ".join(missing_fmt_hosts))
log.debug("in %s", os.getcwd())
buildValidatingOpener(options.cert)
token = open(options.tokenfile, 'rb').read()
for fmt in formats:
urls = format_urls[fmt]
random.shuffle(urls)
# The only difference between dmg and dmgv2 are the servers they use.
# The server side code only understands "dmg" as a format, so we need
# to translate this now that we've chosen our URLs
if fmt == "dmgv2":
fmt = "dmg"
log.debug("doing %s signing", fmt)
log.debug("possible hosts are %s" % urls)
files = []
# We want to package the ".app" file in a tar for mac signing.
if fmt == "dmg":
for fd in args:
packtar(fd + '.tar.gz', [fd], os.getcwd())
files.append(fd + '.tar.gz')
# For other platforms we sign all of the files individually.
else:
files = findfiles(args, options.includes, options.excludes)
for f in files:
log.debug("%s", f)
log.debug("checking %s for signature...", f)
if fmt in ('sha2signcode', 'signcode', 'osslsigncode') and is_authenticode_signed(f):
log.info("Skipping %s because it looks like it's already signed", f)
continue
if options.output_dir:
dest = os.path.join(options.output_dir, os.path.basename(f))
else:
dest = None
if not remote_signfile(options, urls, f, fmt, token, dest):
log.error("Failed to sign %s with %s", f, fmt)
sys.exit(1)
if fmt == "dmg":
for fd in args:
log.debug("unpacking %s", fd)
unpacktar(fd + '.tar.gz', os.getcwd())
os.unlink(fd + '.tar.gz')
import os
import site
import sys
my_dir = os.path.dirname(__file__)
site.addsitedir(os.path.join(my_dir, '../../lib/python'))
from signing.client import buildValidatingOpener, get_token
if __name__ == '__main__':
from optparse import OptionParser
parser = OptionParser(__doc__)
parser.add_option('-c',
'--server-cert',
dest='cert',
default=os.path.join(my_dir, 'host.cert'))
parser.add_option('-u', '--username', dest='username', default='cltsign')
parser.add_option('-p', '--password', dest='password')
parser.add_option('-H', '--host', dest='host')
parser.add_option('-d', '--duration', dest='duration')
parser.add_option('-i', '--ip', dest='slave_ip')
options, args = parser.parse_args()
buildValidatingOpener(options.cert)
baseurl = 'https://%s' % options.host
sys.stdout.write(
get_token(baseurl, options.username, options.password,
options.slave_ip, options.duration))
def main():
from optparse import OptionParser
import random
parser = OptionParser(__doc__)
parser.set_defaults(
hosts=[],
cert=None,
log_level=logging.INFO,
output_dir=None,
output_file=None,
formats=[],
includes=[],
excludes=[],
nsscmd=None,
tokenfile=None,
noncefile=None,
cachedir=None,
)
parser.add_option("-H",
"--host",
dest="hosts",
action="append",
help="hostname[:port]")
parser.add_option("-c", "--server-cert", dest="cert")
parser.add_option("-t",
"--token-file",
dest="tokenfile",
help="file where token is stored")
parser.add_option("-n",
"--nonce-file",
dest="noncefile",
help="file where nonce is stored")
parser.add_option(
"-d",
"--output-dir",
dest="output_dir",
help=
"output directory; if not set then files are replaced with signed copies"
)
parser.add_option(
"-o",
"--output-file",
dest="output_file",
help=
"output file; if not set then files are replaced with signed copies. This can only be used when signing a single file"
)
parser.add_option(
"-f",
"--formats",
dest="formats",
action="append",
help=
"signing formats (one or more of \"signcode\", \"gpg\", or \"osx\")")
parser.add_option("-q",
"--quiet",
dest="log_level",
action="store_const",
const=logging.WARN)
parser.add_option("-v",
"--verbose",
dest="log_level",
action="store_const",
const=logging.DEBUG)
parser.add_option("-i",
"--include",
dest="includes",
action="append",
help="add to include patterns")
parser.add_option("-x",
"--exclude",
dest="excludes",
action="append",
help="add to exclude patterns")
parser.add_option("--nsscmd",
dest="nsscmd",
help="command to re-sign nss libraries, if required")
parser.add_option("--cachedir",
dest="cachedir",
help="local cache directory")
# TODO: Concurrency?
# TODO: Different certs per server?
options, args = parser.parse_args()
logging.basicConfig(level=options.log_level,
format="%(asctime)s - %(message)s")
if not options.hosts:
parser.error("at least one host is required")
if not options.cert:
parser.error("certificate is required")
if not os.path.exists(options.cert):
parser.error("certificate not found")
if not options.tokenfile:
parser.error("token file is required")
if not options.noncefile:
parser.error("nonce file is required")
# Covert nsscmd to win32 path if required
if sys.platform == 'win32' and options.nsscmd:
nsscmd = options.nsscmd.strip()
if nsscmd.startswith("/"):
drive = nsscmd[1]
options.nsscmd = "%s:%s" % (drive, nsscmd[2:])
# Handle format
formats = []
allowed_formats = ("signcode", "gpg", "mar", "dmg", "jar", "b2gmar")
for fmt in options.formats:
if "," in fmt:
for fmt in fmt.split(","):
if fmt not in allowed_formats:
parser.error("invalid format: %s" % fmt)
formats.append(fmt)
elif fmt not in allowed_formats:
parser.error("invalid format: %s" % fmt)
else:
formats.append(fmt)
if options.output_file and (len(args) > 1 or os.path.isdir(args[0])):
parser.error(
"-o / --output-file can only be used when signing a single file")
if options.output_dir:
if os.path.exists(options.output_dir):
if not os.path.isdir(options.output_dir):
parser.error("output_dir (%s) must be a directory",
options.output_dir)
else:
os.makedirs(options.output_dir)
if not options.includes:
# Do everything!
options.includes.append("*")
if not formats:
parser.error("no formats specified")
buildValidatingOpener(options.cert)
urls = ["https://%s" % host for host in options.hosts]
random.shuffle(urls)
log.debug("in %s", os.getcwd())
token = open(options.tokenfile, 'rb').read()
for fmt in formats:
log.debug("doing %s signing", fmt)
files = []
# We want to package the ".app" file in a tar for mac signing.
if fmt == "dmg":
for fd in args:
packtar(fd + '.tar.gz', [fd], os.getcwd())
files.append(fd + '.tar.gz')
# For other platforms we sign all of the files individually.
else:
files = findfiles(args, options.includes, options.excludes)
for f in files:
log.debug("%s", f)
log.debug("checking %s for signature...", f)
if fmt == 'signcode' and is_authenticode_signed(f):
log.info(
"Skipping %s because it looks like it's already signed", f)
continue
if options.output_dir:
dest = os.path.join(options.output_dir, os.path.basename(f))
else:
dest = None
if not remote_signfile(options, urls, f, fmt, token, dest):
log.error("Failed to sign %s with %s", f, fmt)
sys.exit(1)
if fmt == "dmg":
for fd in args:
log.debug("unpacking %s", fd)
unpacktar(fd + '.tar.gz', os.getcwd())
os.unlink(fd + '.tar.gz')
import os
import site
import sys
my_dir = os.path.dirname(__file__)
site.addsitedir(os.path.join(my_dir, '../../lib/python'))
from signing.client import buildValidatingOpener, get_token
if __name__ == '__main__':
from optparse import OptionParser
parser = OptionParser(__doc__)
parser.add_option('-c', '--server-cert', dest='cert',
default=os.path.join(my_dir, 'host.cert'))
parser.add_option('-u', '--username', dest='username', default='cltsign')
parser.add_option('-p', '--password', dest='password')
parser.add_option('-H', '--host', dest='host')
parser.add_option('-d', '--duration', dest='duration')
parser.add_option('-i', '--ip', dest='slave_ip')
options, args = parser.parse_args()
buildValidatingOpener(options.cert)
baseurl = 'https://%s' % options.host
sys.stdout.write(get_token(baseurl, options.username,
options.password, options.slave_ip, options.duration))
def main():
from optparse import OptionParser
import random
parser = OptionParser(__doc__)
parser.set_defaults(
hosts=[],
cert=None,
log_level=logging.INFO,
output_dir=None,
output_file=None,
formats=[],
includes=[],
excludes=[],
nsscmd=None,
tokenfile=None,
noncefile=None,
cachedir=None,
)
parser.add_option(
"-H", "--host", dest="hosts", action="append", help="hostname[:port]")
parser.add_option("-c", "--server-cert", dest="cert")
parser.add_option("-t", "--token-file", dest="tokenfile",
help="file where token is stored")
parser.add_option("-n", "--nonce-file", dest="noncefile",
help="file where nonce is stored")
parser.add_option("-d", "--output-dir", dest="output_dir",
help="output directory; if not set then files are replaced with signed copies")
parser.add_option("-o", "--output-file", dest="output_file",
help="output file; if not set then files are replaced with signed copies. This can only be used when signing a single file")
parser.add_option("-f", "--formats", dest="formats", action="append",
help="signing formats (one or more of \"signcode\", \"gpg\", or \"osx\")")
parser.add_option("-q", "--quiet", dest="log_level", action="store_const",
const=logging.WARN)
parser.add_option(
"-v", "--verbose", dest="log_level", action="store_const",
const=logging.DEBUG)
parser.add_option("-i", "--include", dest="includes", action="append",
help="add to include patterns")
parser.add_option("-x", "--exclude", dest="excludes", action="append",
help="add to exclude patterns")
parser.add_option("--nsscmd", dest="nsscmd",
help="command to re-sign nss libraries, if required")
parser.add_option("--cachedir", dest="cachedir",
help="local cache directory")
# TODO: Concurrency?
# TODO: Different certs per server?
options, args = parser.parse_args()
logging.basicConfig(
level=options.log_level, format="%(asctime)s - %(message)s")
if not options.hosts:
parser.error("at least one host is required")
if not options.cert:
parser.error("certificate is required")
if not os.path.exists(options.cert):
parser.error("certificate not found")
if not options.tokenfile:
parser.error("token file is required")
if not options.noncefile:
parser.error("nonce file is required")
# Covert nsscmd to win32 path if required
if sys.platform == 'win32' and options.nsscmd:
nsscmd = options.nsscmd.strip()
if nsscmd.startswith("/"):
drive = nsscmd[1]
options.nsscmd = "%s:%s" % (drive, nsscmd[2:])
# Handle format
formats = []
allowed_formats = ("signcode", "gpg", "mar", "dmg", "jar", "b2gmar")
for fmt in options.formats:
if "," in fmt:
for fmt in fmt.split(","):
if fmt not in allowed_formats:
parser.error("invalid format: %s" % fmt)
formats.append(fmt)
elif fmt not in allowed_formats:
parser.error("invalid format: %s" % fmt)
else:
formats.append(fmt)
if options.output_file and (len(args) > 1 or os.path.isdir(args[0])):
parser.error(
"-o / --output-file can only be used when signing a single file")
if options.output_dir:
if os.path.exists(options.output_dir):
if not os.path.isdir(options.output_dir):
parser.error(
"output_dir (%s) must be a directory", options.output_dir)
else:
os.makedirs(options.output_dir)
if not options.includes:
# Do everything!
options.includes.append("*")
if not formats:
parser.error("no formats specified")
buildValidatingOpener(options.cert)
urls = ["https://%s" % host for host in options.hosts]
random.shuffle(urls)
log.debug("in %s", os.getcwd())
token = open(options.tokenfile, 'rb').read()
for fmt in formats:
log.debug("doing %s signing", fmt)
files = []
# We want to package the ".app" file in a tar for mac signing.
if fmt == "dmg":
for fd in args:
packtar(fd + '.tar.gz', [fd], os.getcwd())
files.append(fd + '.tar.gz')
# For other platforms we sign all of the files individually.
else:
files = findfiles(args, options.includes, options.excludes)
for f in files:
log.debug("%s", f)
log.debug("checking %s for signature...", f)
if fmt == 'signcode' and is_authenticode_signed(f):
log.info("Skipping %s because it looks like it's already signed", f)
continue
if options.output_dir:
dest = os.path.join(options.output_dir, os.path.basename(f))
else:
dest = None
if not remote_signfile(options, urls, f, fmt, token, dest):
log.error("Failed to sign %s with %s", f, fmt)
sys.exit(1)
if fmt == "dmg":
for fd in args:
log.debug("unpacking %s", fd)
unpacktar(fd + '.tar.gz', os.getcwd())
os.unlink(fd + '.tar.gz')
