Google Git
Sign in
cobalt / cobalt / 71840339e1109efe930df5c60712d91cdcc962a8 / . / src / third_party / mozjs-45 / js / src / devtools / rootAnalysis / ra.away / tools / release / signing / signscript.py
blob: 7a4ece60b81d07079af444ce55a60ae49aa62a29 [file] [log] [blame]
#!/usr/bin/python
"""%prog [options] format inputfile outputfile inputfilename"""
import os
import os.path
import site
# Modify our search path to find our modules
site.addsitedir(os.path.join(os.path.dirname(__file__), "../../lib/python"))
import logging
import sys
from util.file import copyfile, safe_unlink
from signing.utils import shouldSign, signfile, osslsigncode_signfile
from signing.utils import gpg_signfile, mar_signfile, dmg_signpackage
from signing.utils import jar_signfile, emevoucher_signfile
if __name__ == '__main__':
from optparse import OptionParser
from ConfigParser import RawConfigParser
parser = OptionParser(__doc__)
parser.set_defaults(
fake=False,
signcode_keydir=None,
gpg_homedir=None,
loglevel=logging.INFO,
configfile=None,
mar_cmd=None,
b2gmar_cmd=None,
signcode_timestamp=None,
jar_keystore=None,
jar_keyname=None,
emevoucher_key=None,
emevoucher_chain=None,
)
parser.add_option("--keydir", dest="signcode_keydir",
help="where MozAuthenticode.spc, MozAuthenticode.spk can be found")
parser.add_option("--gpgdir", dest="gpg_homedir",
help="where the gpg keyrings are")
parser.add_option("--mac_id", dest="mac_id",
help="the mac signing identity")
parser.add_option("--dmgkeychain", dest="dmg_keychain",
help="the mac signing keydir")
parser.add_option("--fake", dest="fake", action="store_true",
help="do fake signing")
parser.add_option("-c", "--config", dest="configfile",
help="config file to use")
parser.add_option("--signcode_disable_timestamp",
dest="signcode_timestamp", action="store_false")
parser.add_option("--jar_keystore", dest="jar_keystore",
help="keystore for signing jar_")
parser.add_option("--jar_keyname", dest="jar_keyname",
help="which key to use from jar_keystore")
parser.add_option("--emevoucher_key", dest="emevoucher_key",
help="The certificate to use for signing the eme voucher")
parser.add_option("--emevoucher_chain", dest="emevoucher_chain",
help="Certificate chain to include in EME voucher signatures")
parser.add_option(
"-v", action="store_const", dest="loglevel", const=logging.DEBUG)
options, args = parser.parse_args()
if options.configfile:
config = RawConfigParser()
config.read(options.configfile)
for option, value in config.items('signscript'):
if option == "signcode_timestamp":
value = config.getboolean('signscript', option)
options.ensure_value(option, value)
# Reset to default if this wasn't set in the config file
if options.signcode_timestamp is None:
options.signcode_timestamp = True
logging.basicConfig(
level=options.loglevel, format="%(asctime)s - %(message)s")
if len(args) != 4:
parser.error("Incorrect number of arguments")
format_, inputfile, destfile, filename = args
tmpfile = destfile + ".tmp"
passphrase = sys.stdin.read().strip()
if passphrase == '':
passphrase = None
if format_ == "signcode":
if not options.signcode_keydir:
parser.error("keydir required when format is signcode")
copyfile(inputfile, tmpfile)
if shouldSign(filename):
signfile(tmpfile, options.signcode_keydir, options.fake,
passphrase, timestamp=options.signcode_timestamp)
else:
parser.error("Invalid file for signing: %s" % filename)
sys.exit(1)
elif format_ == "osslsigncode":
safe_unlink(tmpfile)
if not options.signcode_keydir:
parser.error("keydir required when format is osslsigncode")
if shouldSign(filename):
osslsigncode_signfile(inputfile, tmpfile, options.signcode_keydir, options.fake,
passphrase, timestamp=options.signcode_timestamp)
else:
parser.error("Invalid file for signing: %s" % filename)
sys.exit(1)
elif format_ == "sha2signcode":
safe_unlink(tmpfile)
if not options.sha2signcode_keydir:
parser.error("sha2signcode_keydir required when format is sha2signcode")
if shouldSign(filename):
# osslsigncode_signfile is used here because "sha2 signing" isn't
# a different signing process, it's just signing using the same
# tools/process with a different cert.
osslsigncode_signfile(inputfile, tmpfile, options.sha2signcode_keydir, options.fake,
passphrase, timestamp=options.signcode_timestamp)
else:
parser.error("Invalid file for signing: %s" % filename)
sys.exit(1)
elif format_ == "gpg":
if not options.gpg_homedir:
parser.error("gpgdir required when format is gpg")
safe_unlink(tmpfile)
gpg_signfile(
inputfile, tmpfile, options.gpg_homedir, options.fake, passphrase)
elif format_ == "emevoucher":
safe_unlink(tmpfile)
emevoucher_signfile(
inputfile, tmpfile, options.emevoucher_key,
options.emevoucher_chain, options.fake, passphrase)
elif format_ == "mar":
if not options.mar_cmd:
parser.error("mar_cmd is required when format is mar")
safe_unlink(tmpfile)
mar_signfile(
inputfile, tmpfile, options.mar_cmd, options.fake, passphrase)
elif format_ == "b2gmar":
if not options.b2gmar_cmd:
parser.error("b2gmar_cmd is required when format is b2gmar")
safe_unlink(tmpfile)
mar_signfile(
inputfile, tmpfile, options.b2gmar_cmd, options.fake, passphrase)
elif format_ == "dmg":
if not options.dmg_keychain:
parser.error("dmg_keychain required when format is dmg")
if not options.mac_id:
parser.error("mac_id required when format is dmg")
safe_unlink(tmpfile)
dmg_signpackage(inputfile, tmpfile, options.dmg_keychain, options.mac_id, options.mac_cert_subject_ou, options.fake, passphrase)
elif format_ == "jar":
if not options.jar_keystore:
parser.error("jar_keystore required when format is jar")
if not options.jar_keyname:
parser.error("jar_keyname required when format is jar")
copyfile(inputfile, tmpfile)
jar_signfile(tmpfile, options.jar_keystore,
options.jar_keyname, options.fake, passphrase)
os.rename(tmpfile, destfile)