async def async_main(context): work_dir = context.config['work_dir'] context.task = scriptworker.client.get_task(context.config) log.info("validating task") validate_task_schema(context) context.signing_servers = load_signing_server_config(context) cert_type = task_cert_type(context.task) signing_formats = task_signing_formats(context.task) # TODO scriptworker needs to validate CoT artifact # Use standard SSL for downloading files. with aiohttp.ClientSession() as base_ssl_session: orig_session = context.session context.session = base_ssl_session file_urls = context.task["payload"]["unsignedArtifacts"] filelist = await download_artifacts(context, file_urls) context.session = orig_session log.info("getting token") await get_token(context, os.path.join(work_dir, 'token'), cert_type, signing_formats) for filepath in filelist: log.info("signing %s", filepath) source = os.path.join(work_dir, filepath) await sign_file(context, source, cert_type, signing_formats, context.config["ssl_cert"]) sigfiles = detached_sigfiles(filepath, signing_formats) copy_to_artifact_dir(context, source, target=filepath) for sigpath in sigfiles: copy_to_artifact_dir(context, os.path.join(work_dir, sigpath), target=sigpath) log.info("Done!")
def test_load_signing_server_config(): context = Context() context.config = {"signing_server_config": SERVER_CONFIG_PATH} cfg = utils.load_signing_server_config(context) assert cfg["dep"][0].server == "server1:9000" assert cfg["dep"][1].user == "user2" assert cfg["dep"][1].server_type == "signing_server" assert cfg["dep"][2].server_type == "autograph" assert cfg["notdep"][0].password == "pass1" assert cfg["notdep"][1].formats == ["f2", "f3"]
async def async_main(context): """Sign all the things. Args: context (Context): the signing context. """ connector = _craft_aiohttp_connector(context) async with aiohttp.ClientSession(connector=connector) as session: context.session = session work_dir = context.config['work_dir'] context.signing_servers = load_signing_server_config(context) all_signing_formats = task_signing_formats(context) if 'gpg' in all_signing_formats or 'autograph_gpg' in all_signing_formats: if not context.config.get('gpg_pubkey'): raise Exception( "GPG format is enabled but gpg_pubkey is not defined") if not os.path.exists(context.config['gpg_pubkey']): raise Exception("gpg_pubkey ({}) doesn't exist!".format( context.config['gpg_pubkey'])) if 'autograph_widevine' in all_signing_formats: if not context.config.get('widevine_cert'): raise Exception( "Widevine format is enabled, but widevine_cert is not defined" ) if not all( is_autograph_signing_format(format_) for format_ in all_signing_formats): log.info("getting signingserver token") await get_token(context, os.path.join(work_dir, 'token'), task_cert_type(context), all_signing_formats) filelist_dict = build_filelist_dict(context) for path, path_dict in filelist_dict.items(): copy_to_dir(path_dict['full_path'], context.config['work_dir'], target=path) log.info("signing %s", path) output_files = await sign(context, os.path.join(work_dir, path), path_dict['formats']) for source in output_files: source = os.path.relpath(source, work_dir) copy_to_dir(os.path.join(work_dir, source), context.config['artifact_dir'], target=source) if 'gpg' in path_dict['formats'] or 'autograph_gpg' in path_dict[ 'formats']: copy_to_dir(context.config['gpg_pubkey'], context.config['artifact_dir'], target="public/build/KEY") log.info("Done!")
def test_load_signing_server_config(): context = Context() context.config = { 'signing_server_config': os.path.join(os.path.dirname(__file__), "example_server_config.json") } cfg = load_signing_server_config(context) assert cfg["dep"][0].server == "server1:9000" assert cfg["dep"][1].user == "user2" assert cfg["notdep"][0].password == "pass1" assert cfg["notdep"][1].formats == ["f2", "f3"]
def context(tmpdir): context = Context() context.config = get_default_config() context.config["signing_server_config"] = SERVER_CONFIG_PATH context.config["work_dir"] = os.path.join(tmpdir, "work") context.config["artifact_dir"] = os.path.join(tmpdir, "artifact") context.config["taskcluster_scope_prefixes"] = [DEFAULT_SCOPE_PREFIX] context.signing_servers = load_signing_server_config(context) mkdir(context.config["work_dir"]) mkdir(context.config["artifact_dir"]) yield context
def context(tmpdir): context = Context() context.config = get_default_config() context.config['signing_server_config'] = SERVER_CONFIG_PATH context.config['work_dir'] = os.path.join(tmpdir, 'work') context.config['artifact_dir'] = os.path.join(tmpdir, 'artifact') context.config['taskcluster_scope_prefixes'] = [DEFAULT_SCOPE_PREFIX] context.signing_servers = load_signing_server_config(context) mkdir(context.config['work_dir']) mkdir(context.config['artifact_dir']) yield context
async def async_main(context): work_dir = context.config['work_dir'] context.task = scriptworker.client.get_task(context.config) log.info("validating task") validate_task_schema(context) context.signing_servers = load_signing_server_config(context) cert_type = task_cert_type(context.task) all_signing_formats = task_signing_formats(context.task) log.info("getting token") await get_token(context, os.path.join(work_dir, 'token'), cert_type, all_signing_formats) filelist_dict = build_filelist_dict(context, all_signing_formats) for path, path_dict in filelist_dict.items(): copy_to_dir(path_dict['full_path'], context.config['work_dir'], target=path) log.info("signing %s", path) source = os.path.join(work_dir, path) await sign_file(context, source, cert_type, path_dict['formats'], context.config["ssl_cert"]) sigfiles = detached_sigfiles(path, path_dict['formats']) copy_to_dir(source, context.config['artifact_dir'], target=path) for sigpath in sigfiles: copy_to_dir(os.path.join(work_dir, sigpath), context.config['artifact_dir'], target=sigpath) log.info("Done!")
async def async_main(context): """Sign all the things. Args: context (Context): the signing context. """ connector = _craft_aiohttp_connector(context) # Create a session for talking to the legacy signing servers in order to # generate a signing token async with aiohttp.ClientSession(connector=connector) as session: context.session = session work_dir = context.config["work_dir"] context.signing_servers = load_signing_server_config(context) all_signing_formats = task_signing_formats(context) if "gpg" in all_signing_formats or "autograph_gpg" in all_signing_formats: if not context.config.get("gpg_pubkey"): raise Exception("GPG format is enabled but gpg_pubkey is not defined") if not os.path.exists(context.config["gpg_pubkey"]): raise Exception( "gpg_pubkey ({}) doesn't exist!".format( context.config["gpg_pubkey"] ) ) if "autograph_widevine" in all_signing_formats: if not context.config.get("widevine_cert"): raise Exception( "Widevine format is enabled, but widevine_cert is not defined" ) if not all( is_autograph_signing_format(format_) for format_ in all_signing_formats ): log.info("getting signingserver token") await get_token( context, os.path.join(work_dir, "token"), task_cert_type(context), all_signing_formats, ) # Create a new session to talk to autograph async with aiohttp.ClientSession() as session: context.session = session filelist_dict = build_filelist_dict(context) for path, path_dict in filelist_dict.items(): copy_to_dir(path_dict["full_path"], context.config["work_dir"], target=path) log.info("signing %s", path) output_files = await sign( context, os.path.join(work_dir, path), path_dict["formats"] ) for source in output_files: source = os.path.relpath(source, work_dir) copy_to_dir( os.path.join(work_dir, source), context.config["artifact_dir"], target=source, ) if "gpg" in path_dict["formats"] or "autograph_gpg" in path_dict["formats"]: copy_to_dir( context.config["gpg_pubkey"], context.config["artifact_dir"], target="public/build/KEY", ) log.info("Done!")