Commit ca765c63 authored by shindli's avatar shindli
Browse files

Backed out changeset 632f66ae2b39 (bug 1520591) for causing linting failures...

Backed out changeset 632f66ae2b39 (bug 1520591) for causing linting failures in /builds/worker/checkouts/gecko/taskcluster/taskgraph/transforms/checksums_signing.py CLOSED TREE
parent d26fd46f
......@@ -33,7 +33,7 @@ An example signing task payload:
"taskType": "build"
}, {
"paths": ["public/build/target.tar.gz"],
"formats": ["autograph_gpg"],
"formats": ["gpg"],
"taskId": "12345",
"taskType": "build"
}]
......@@ -46,7 +46,7 @@ task definitions via `chain of trust`_ verification. Then it will launch
`signingscript`_, which requests a signing token from the signing server pool.
Signingscript determines it wants to sign ``target.dmg`` with the ``macapp``
format, and ``target.tar.gz`` with the ``autograph_gpg`` format. Each of the
format, and ``target.tar.gz`` with the ``gpg`` format. Each of the
`signing formats`_ has their own behavior. After performing any format-specific
checks or optimizations, it calls `signtool`_ to submit the file to the signing
servers and poll them for signed output. Once it downloads all of the signed
......@@ -90,8 +90,13 @@ Signing formats
The known signingscript formats are listed in the fourth column of the
`signing password files`_.
The formats are specified in the ``upstreamArtifacts`` list-of-dicts.
``autograph_gpg`` signing results in a detached ``.asc`` signature file. Because of its
The formats are specified in the ``upstreamArtifacts`` list-of-dicts. The task
must have a superset of scopes to match. For example, a Firefox signing task
with an ``upstreamArtifacts`` that lists both ``gpg`` and ``macapp`` formats must
have both ``project:releng:signing:format:gpg`` and
``project:releng:signing:format:macapp`` in its scopes.
``gpg`` signing results in a detached ``.asc`` signature file. Because of its
nature, we gpg-sign at the end if given multiple formats for a given set of
files.
......
......@@ -75,7 +75,7 @@ def make_checksums_signing_description(config, jobs):
"paths": [
"public/target.checksums",
],
"formats": ["autograph_gpg"]
"formats": ["gpg"]
}]
signing_cert_scope = get_signing_cert_scope(config)
......@@ -88,6 +88,7 @@ def make_checksums_signing_description(config, jobs):
'max-run-time': 3600},
'scopes': [
signing_cert_scope,
add_scope_prefix(config, 'signing:format:gpg'),
],
'dependencies': dependencies,
'attributes': attributes,
......
......@@ -95,7 +95,7 @@ def _craft_upstream_artifacts(dependency_kind, build_platform):
signing_format = 'sha2signcode'
extension = 'zip'
elif build_platform.startswith('linux'):
signing_format = 'autograph_gpg'
signing_format = 'gpg'
extension = 'tar.gz'
else:
raise ValueError('Unsupported build platform "{}"'.format(build_platform))
......
......@@ -64,7 +64,8 @@ def make_signing_description(config, jobs):
scopes.append(add_scope_prefix(config, "signing:format:sha2signcode"))
formats = ['sha2signcode']
else:
formats = ['autograph_gpg']
scopes.append(add_scope_prefix(config, 'signing:format:gpg'))
formats = ['gpg']
rev = attributes['openh264_rev']
upstream_artifacts = [{
......
......@@ -61,7 +61,7 @@ def make_release_generate_checksums_signing_description(config, jobs):
get_artifact_path(dep_job, "SHA256SUMS"),
get_artifact_path(dep_job, "SHA512SUMS"),
],
"formats": ["autograph_gpg"]
"formats": ["gpg"]
}]
signing_cert_scope = get_signing_cert_scope(config)
......@@ -75,6 +75,7 @@ def make_release_generate_checksums_signing_description(config, jobs):
'max-run-time': 3600},
'scopes': [
signing_cert_scope,
add_scope_prefix(config, 'signing:format:gpg'),
],
'dependencies': dependencies,
'attributes': attributes,
......
......@@ -72,7 +72,7 @@ def make_repackage_signing_description(config, jobs):
signing_cert_scope = get_signing_cert_scope_per_platform(
build_platform, is_nightly, config
)
scopes = [signing_cert_scope]
scopes = [signing_cert_scope, add_scope_prefix(config, 'signing:format:gpg')]
if 'win' in build_platform:
upstream_artifacts = [{
......@@ -81,7 +81,7 @@ def make_repackage_signing_description(config, jobs):
"paths": [
get_artifact_path(dep_job, "{}/target.installer.exe".format(repack_id)),
],
"formats": ["sha2signcode", "autograph_gpg"]
"formats": ["sha2signcode", "gpg"]
}]
scopes.append(add_scope_prefix(config, "signing:format:sha2signcode"))
elif 'mac' in build_platform:
......@@ -91,7 +91,7 @@ def make_repackage_signing_description(config, jobs):
"paths": [
get_artifact_path(dep_job, "{}/target.dmg".format(repack_id)),
],
"formats": ["autograph_gpg"]
"formats": ["gpg"]
}]
elif 'linux' in build_platform:
upstream_artifacts = [{
......@@ -100,7 +100,7 @@ def make_repackage_signing_description(config, jobs):
"paths": [
get_artifact_path(dep_job, "{}/target.tar.bz2".format(repack_id)),
],
"formats": ["autograph_gpg"]
"formats": ["gpg"]
}]
task = {
......
......@@ -57,7 +57,7 @@ def make_checksums_signing_description(config, jobs):
"paths": [
"public/target-source.checksums",
],
"formats": ["autograph_gpg"]
"formats": ["gpg"]
}]
signing_cert_scope = get_signing_cert_scope(config)
......@@ -71,6 +71,7 @@ def make_checksums_signing_description(config, jobs):
'max-run-time': 3600},
'scopes': [
signing_cert_scope,
add_scope_prefix(config, 'signing:format:gpg'),
],
'dependencies': dependencies,
'attributes': attributes,
......
......@@ -24,7 +24,7 @@ def generate_specifications_of_artifacts_to_sign(
'artifacts': [
get_artifact_path(task, 'source.tar.xz')
],
'formats': ['autograph_gpg'],
'formats': ['gpg'],
}]
elif 'android' in build_platform:
artifacts_specifications = [{
......@@ -64,7 +64,7 @@ def generate_specifications_of_artifacts_to_sign(
elif 'linux' in build_platform:
artifacts_specifications = [{
'artifacts': [get_artifact_path(task, '{locale}/target.tar.bz2')],
'formats': ['autograph_gpg', 'widevine'],
'formats': ['gpg', 'widevine'],
}]
else:
raise Exception("Platform not implemented for signing")
......@@ -108,7 +108,7 @@ def get_signed_artifacts(input, formats):
artifacts.add(input.replace('.dmg', '.tar.gz'))
else:
artifacts.add(input)
if 'autograph_gpg' in formats:
if 'gpg' in formats:
artifacts.add('{}.asc'.format(input))
return artifacts
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment