-
Notifications
You must be signed in to change notification settings - Fork 1.9k
/
signing.py
executable file
·84 lines (76 loc) · 2.91 KB
/
signing.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/usr/bin/env python
# ***** BEGIN LICENSE BLOCK *****
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this file,
# You can obtain one at http://mozilla.org/MPL/2.0/.
# ***** END LICENSE BLOCK *****
"""Mozilla-specific signing methods.
"""
import os
import re
from mozharness.base.errors import BaseErrorList
from mozharness.base.log import ERROR, FATAL
from mozharness.base.signing import AndroidSigningMixin, BaseSigningMixin
AndroidSignatureVerificationErrorList = BaseErrorList + [{
"regex": re.compile(r'''^Invalid$'''),
"level": FATAL,
"explanation": "Signature is invalid!"
}, {
"substr": "filename not matched",
"level": ERROR,
}, {
"substr": "ERROR: Could not unzip",
"level": ERROR,
}, {
"regex": re.compile(r'''Are you sure this is a (nightly|release) package'''),
"level": FATAL,
"explanation": "Not signed!"
}]
# SigningMixin {{{1
class SigningMixin(BaseSigningMixin):
"""Generic signing helper methods."""
def query_moz_sign_cmd(self, formats=['gpg']):
if 'MOZ_SIGNING_SERVERS' not in os.environ:
self.fatal("MOZ_SIGNING_SERVERS not in env; no MOZ_SIGN_CMD for you!")
dirs = self.query_abs_dirs()
signing_dir = os.path.join(dirs['abs_work_dir'], 'tools', 'release', 'signing')
cache_dir = os.path.join(dirs['abs_work_dir'], 'signing_cache')
token = os.path.join(dirs['base_work_dir'], 'token')
nonce = os.path.join(dirs['base_work_dir'], 'nonce')
host_cert = os.path.join(signing_dir, 'host.cert')
python = self.query_exe('python')
cmd = [
python,
os.path.join(signing_dir, 'signtool.py'),
'--cachedir', cache_dir,
'-t', token,
'-n', nonce,
'-c', host_cert,
]
if formats:
for f in formats:
cmd += ['-f', f]
for h in os.environ['MOZ_SIGNING_SERVERS'].split(","):
cmd += ['-H', h]
return cmd
# MobileSigningMixin {{{1
class MobileSigningMixin(AndroidSigningMixin, SigningMixin):
def verify_android_signature(self, apk, script=None, key_alias="nightly",
tools_dir="tools/", env=None):
"""Runs mjessome's android signature verification script.
This currently doesn't check to see if the apk exists; you may want
to do that before calling the method.
"""
c = self.config
dirs = self.query_abs_dirs()
if script is None:
script = c.get('signature_verification_script')
if env is None:
env = self.query_env()
return self.run_command(
[script, "--tools-dir=%s" % tools_dir, "--%s" % key_alias,
"--apk=%s" % apk],
cwd=dirs['abs_work_dir'],
env=env,
error_list=AndroidSignatureVerificationErrorList
)