async def async_main(context):
work_dir = context.config['work_dir']
context.task = scriptworker.client.get_task(context.config)
log.info("validating task")
validate_task_schema(context)
context.signing_servers = load_signing_server_config(context)
cert_type = task_cert_type(context.task)
signing_formats = task_signing_formats(context.task)
# TODO scriptworker needs to validate CoT artifact
# Use standard SSL for downloading files.
with aiohttp.ClientSession() as base_ssl_session:
orig_session = context.session
context.session = base_ssl_session
file_urls = context.task["payload"]["unsignedArtifacts"]
filelist = await download_artifacts(context, file_urls)
context.session = orig_session
log.info("getting token")
await get_token(context, os.path.join(work_dir, 'token'), cert_type, signing_formats)
for filepath in filelist:
log.info("signing %s", filepath)
source = os.path.join(work_dir, filepath)
await sign_file(context, source, cert_type, signing_formats,
context.config["ssl_cert"])
sigfiles = detached_sigfiles(filepath, signing_formats)
copy_to_artifact_dir(context, source, target=filepath)
for sigpath in sigfiles:
copy_to_artifact_dir(context, os.path.join(work_dir, sigpath), target=sigpath)
log.info("Done!")
def test_load_signing_server_config():
context = Context()
context.config = {"signing_server_config": SERVER_CONFIG_PATH}
cfg = utils.load_signing_server_config(context)
assert cfg["dep"][0].server == "server1:9000"
assert cfg["dep"][1].user == "user2"
assert cfg["dep"][1].server_type == "signing_server"
assert cfg["dep"][2].server_type == "autograph"
assert cfg["notdep"][0].password == "pass1"
assert cfg["notdep"][1].formats == ["f2", "f3"]
async def async_main(context):
"""Sign all the things.
Args:
context (Context): the signing context.
"""
connector = _craft_aiohttp_connector(context)
async with aiohttp.ClientSession(connector=connector) as session:
context.session = session
work_dir = context.config['work_dir']
context.signing_servers = load_signing_server_config(context)
all_signing_formats = task_signing_formats(context)
if 'gpg' in all_signing_formats or 'autograph_gpg' in all_signing_formats:
if not context.config.get('gpg_pubkey'):
raise Exception(
"GPG format is enabled but gpg_pubkey is not defined")
if not os.path.exists(context.config['gpg_pubkey']):
raise Exception("gpg_pubkey ({}) doesn't exist!".format(
context.config['gpg_pubkey']))
if 'autograph_widevine' in all_signing_formats:
if not context.config.get('widevine_cert'):
raise Exception(
"Widevine format is enabled, but widevine_cert is not defined"
)
if not all(
is_autograph_signing_format(format_)
for format_ in all_signing_formats):
log.info("getting signingserver token")
await get_token(context, os.path.join(work_dir, 'token'),
task_cert_type(context), all_signing_formats)
filelist_dict = build_filelist_dict(context)
for path, path_dict in filelist_dict.items():
copy_to_dir(path_dict['full_path'],
context.config['work_dir'],
target=path)
log.info("signing %s", path)
output_files = await sign(context, os.path.join(work_dir, path),
path_dict['formats'])
for source in output_files:
source = os.path.relpath(source, work_dir)
copy_to_dir(os.path.join(work_dir, source),
context.config['artifact_dir'],
target=source)
if 'gpg' in path_dict['formats'] or 'autograph_gpg' in path_dict[
'formats']:
copy_to_dir(context.config['gpg_pubkey'],
context.config['artifact_dir'],
target="public/build/KEY")
log.info("Done!")
def test_load_signing_server_config():
context = Context()
context.config = {
'signing_server_config': os.path.join(os.path.dirname(__file__),
"example_server_config.json")
}
cfg = load_signing_server_config(context)
assert cfg["dep"][0].server == "server1:9000"
assert cfg["dep"][1].user == "user2"
assert cfg["notdep"][0].password == "pass1"
assert cfg["notdep"][1].formats == ["f2", "f3"]
def context(tmpdir):
context = Context()
context.config = get_default_config()
context.config["signing_server_config"] = SERVER_CONFIG_PATH
context.config["work_dir"] = os.path.join(tmpdir, "work")
context.config["artifact_dir"] = os.path.join(tmpdir, "artifact")
context.config["taskcluster_scope_prefixes"] = [DEFAULT_SCOPE_PREFIX]
context.signing_servers = load_signing_server_config(context)
mkdir(context.config["work_dir"])
mkdir(context.config["artifact_dir"])
yield context
def context(tmpdir):
context = Context()
context.config = get_default_config()
context.config['signing_server_config'] = SERVER_CONFIG_PATH
context.config['work_dir'] = os.path.join(tmpdir, 'work')
context.config['artifact_dir'] = os.path.join(tmpdir, 'artifact')
context.config['taskcluster_scope_prefixes'] = [DEFAULT_SCOPE_PREFIX]
context.signing_servers = load_signing_server_config(context)
mkdir(context.config['work_dir'])
mkdir(context.config['artifact_dir'])
yield context
async def async_main(context):
work_dir = context.config['work_dir']
context.task = scriptworker.client.get_task(context.config)
log.info("validating task")
validate_task_schema(context)
context.signing_servers = load_signing_server_config(context)
cert_type = task_cert_type(context.task)
all_signing_formats = task_signing_formats(context.task)
log.info("getting token")
await get_token(context, os.path.join(work_dir, 'token'), cert_type, all_signing_formats)
filelist_dict = build_filelist_dict(context, all_signing_formats)
for path, path_dict in filelist_dict.items():
copy_to_dir(path_dict['full_path'], context.config['work_dir'], target=path)
log.info("signing %s", path)
source = os.path.join(work_dir, path)
await sign_file(context, source, cert_type, path_dict['formats'], context.config["ssl_cert"])
sigfiles = detached_sigfiles(path, path_dict['formats'])
copy_to_dir(source, context.config['artifact_dir'], target=path)
for sigpath in sigfiles:
copy_to_dir(os.path.join(work_dir, sigpath), context.config['artifact_dir'], target=sigpath)
log.info("Done!")
async def async_main(context):
"""Sign all the things.
Args:
context (Context): the signing context.
"""
connector = _craft_aiohttp_connector(context)
# Create a session for talking to the legacy signing servers in order to
# generate a signing token
async with aiohttp.ClientSession(connector=connector) as session:
context.session = session
work_dir = context.config["work_dir"]
context.signing_servers = load_signing_server_config(context)
all_signing_formats = task_signing_formats(context)
if "gpg" in all_signing_formats or "autograph_gpg" in all_signing_formats:
if not context.config.get("gpg_pubkey"):
raise Exception("GPG format is enabled but gpg_pubkey is not defined")
if not os.path.exists(context.config["gpg_pubkey"]):
raise Exception(
"gpg_pubkey ({}) doesn't exist!".format(
context.config["gpg_pubkey"]
)
)
if "autograph_widevine" in all_signing_formats:
if not context.config.get("widevine_cert"):
raise Exception(
"Widevine format is enabled, but widevine_cert is not defined"
)
if not all(
is_autograph_signing_format(format_) for format_ in all_signing_formats
):
log.info("getting signingserver token")
await get_token(
context,
os.path.join(work_dir, "token"),
task_cert_type(context),
all_signing_formats,
)
# Create a new session to talk to autograph
async with aiohttp.ClientSession() as session:
context.session = session
filelist_dict = build_filelist_dict(context)
for path, path_dict in filelist_dict.items():
copy_to_dir(path_dict["full_path"], context.config["work_dir"], target=path)
log.info("signing %s", path)
output_files = await sign(
context, os.path.join(work_dir, path), path_dict["formats"]
)
for source in output_files:
source = os.path.relpath(source, work_dir)
copy_to_dir(
os.path.join(work_dir, source),
context.config["artifact_dir"],
target=source,
)
if "gpg" in path_dict["formats"] or "autograph_gpg" in path_dict["formats"]:
copy_to_dir(
context.config["gpg_pubkey"],
context.config["artifact_dir"],
target="public/build/KEY",
)
log.info("Done!")
