Add support for macapp format #23
Conversation
Right. We'll need to manually switch over the worker to level 1 if we want to test, or spin up a 2nd scriptworker daemon for dep. I'm ok with either. |
| @@ -59,6 +62,12 @@ def build_signing_task(config, tasks): | |||
| "formats": manifest["signing-formats"], | |||
| } | |||
| ] | |||
| if "mac-behavior" in manifest: | |||
There was a problem hiding this comment.
I think these work, but ideally we'd have some sort of warning that if we're running macapp, we need to define some of these. And if we're not running macapp signing, none of these are valid. We could do this in a number of ways:
- define a schema for macapp vs non-macapp
- put these options in a format-specific dictionary that we define schemas for for each signing format
- put these three
ifstatements under anif format_ == "macapp":block, or similar
We don't necessarily need to block on this but we may want to track the issue at least.
|
Oops, I thought I requested changes. |
I think this is pretty straightforward. The only thing I really want to call out is that I'm pretty sure we can use the same worker for level 1 & level 3 signing. RelEng are the only people who can initiate these requests, so I don't see any security benefit to having separate workers for dep vs release. If I'm wrong or missing something, just let me know.
Unrelated to the work here, the first commits removes what appears to be an unused part of the config (we tried to put manifests elsewhere at one point it looks like? but never used them?)