Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Bug 793709: Sign B2G updates when MOZ_SIGNING_SERVERS is set. r=aki

--HG--
extra : rebase_source : 1a1764eb1b86290abe1d1a7027869bf763f87541
  • Loading branch information...
commit 3ff8e328ae8be72fc647e7a1f83abe1c78f637f3 1 parent a10e5fb
@catlee catlee authored
Showing with 50 additions and 0 deletions.
  1. +1 −0  mozharness/base/script.py
  2. +49 −0 scripts/b2g_build.py
View
1  mozharness/base/script.py
@@ -750,6 +750,7 @@ def query_abs_dirs(self):
return self.abs_dirs
c = self.config
dirs = {}
+ dirs['base_work_dir'] = c['base_work_dir']
dirs['abs_work_dir'] = os.path.join(c['base_work_dir'], c['work_dir'])
dirs['abs_upload_dir'] = os.path.join(dirs['abs_work_dir'], 'upload')
dirs['abs_log_dir'] = os.path.join(c['base_work_dir'], c.get('log_dir', 'logs'))
View
49 scripts/b2g_build.py
@@ -96,6 +96,7 @@ def __init__(self, require_config_file=False):
'upload_remote_host': None,
'upload_remote_basepath': None,
'enable_try_uploads': False,
+ 'tools_repo': 'http://hg.mozilla.org/build/tools',
},
)
@@ -368,6 +369,54 @@ def make_updates(self):
if retval != 0:
self.fatal("failed to create complete update", exit_code=2)
+ # Sign the updates
+ self.sign_updates()
+
+ def sign_updates(self):
+ if 'MOZ_SIGNING_SERVERS' not in os.environ:
+ self.info("Skipping signing since no MOZ_SIGNING_SERVERS set")
+ return
+
+ dirs = self.query_abs_dirs()
+
+ # We need hg.m.o/build/tools checked out
+ self.info("Checking out tools")
+ repos = [{
+ 'repo': self.config['tools_repo'],
+ 'vcs': "hgtool",
+ 'dest': os.path.join(dirs['abs_work_dir'], "tools")
+ }]
+ #num_retries = self.config.get("global_retries", 10)
+ rev = self.vcs_checkout(**repos[0])
+ self.set_buildbot_property("tools_revision", rev, write_to_file=True)
+
+ objdir = os.path.join(dirs['work_dir'], 'objdir-gecko')
+ marfile = "%s/dist/b2g-update/b2g-gecko-update.mar" % objdir
+ signing_dir = os.path.join(dirs['abs_work_dir'], 'tools', 'release', 'signing')
+ cache_dir = os.path.join(dirs['abs_work_dir'], 'signing_cache')
+ token = os.path.join(dirs['base_work_dir'], 'token')
+ nonce = os.path.join(dirs['base_work_dir'], 'nonce')
+ host_cert = os.path.join(signing_dir, 'host.cert')
+ python = self.query_exe('python')
+ cmd = [
+ python,
+ os.path.join(signing_dir, 'signtool.py'),
+ '--cachedir', cache_dir,
+ '-t', token,
+ '-n', nonce,
+ '-c', host_cert,
+ '-f', 'b2gmar',
+ ]
+
+ for h in os.environ['MOZ_SIGNING_SERVERS'].split(","):
+ cmd += ['-H', h]
+
+ cmd.append(marfile)
+
+ retval = self.run_command(cmd)
+ if retval != 0:
+ self.fatal("failed to sign complete update", exit_code=2)
+
def prep_upload(self):
dirs = self.query_abs_dirs()
# Delete the upload dir so we don't upload previous stuff by accident
Please sign in to comment.
Something went wrong with that request. Please try again.