mirrors/mongodb
mirrors/mongodb
0
0
Fork 0
mirror of https://github.com/mongodb/mongo.git synced 2024-11-21 12:39:08 +01:00
Code Issues Releases Activity
master
mongodb/evergreen/macos_notary.py
Tural Farhadov 2d9fb6b7c9 SERVER-96000: increase macnotary timeout to 30 minutes (#28193) 
GitOrigin-RevId: ab5a660466a51899289338dad3b5f7968aaff377
2024-10-18 23:17:11 +00:00

96 lines
2.6 KiB
Python
Raw Permalink Blame History

import os
import platform
import shutil
import stat
import subprocess
import sys
import urllib.request
import zipfile
if platform.system().lower() != "darwin":
print("Not a macos system, skipping macos signing.")
sys.exit(0)
if len(sys.argv) < 2:
print("Must provide at least 1 archive to sign.")
sys.exit(1)
supported_archs = {"arm64": "arm64", "x86_64": "amd64"}
arch = platform.uname().machine.lower()
if arch not in supported_archs:
print(f"Unsupported platform uname arch: {arch}, must be {supported_archs.keys()}")
sys.exit(1)
macnotary_name = f"darwin_{supported_archs[arch]}"
if os.environ["project"] in ["mongodb-mongo-master-nightly", "mongo-release"]:
signing_type = "notarizeAndSign"
else:
signing_type = "sign"
macnotary_url = (
f"https://macos-notary-1628249594.s3.amazonaws.com/releases/client/latest/{macnotary_name}.zip"
)
print(f"Fetching macnotary tool from: {macnotary_url}")
local_filename, headers = urllib.request.urlretrieve(macnotary_url, f"{macnotary_name}.zip")
with zipfile.ZipFile(f"{macnotary_name}.zip") as zipf:
zipf.extractall()
st = os.stat(f"{macnotary_name}/macnotary")
os.chmod(f"{macnotary_name}/macnotary", st.st_mode | stat.S_IEXEC)
failed = False
archives = sys.argv[1:]
for archive in archives:
archive_base, archive_ext = os.path.splitext(archive)
unsigned_archive = f"{archive_base}_unsigned{archive_ext}"
shutil.move(archive, unsigned_archive)
signing_cmd = [
f"./{macnotary_name}/macnotary",
"-f",
f"{unsigned_archive}",
"-m",
f"{signing_type}",
"-u",
"https://dev.macos-notary.build.10gen.cc/api",
"-k",
"server",
"--entitlements",
"etc/macos_entitlements.xml",
"--verify",
"--timeout",
"30",
"-b",
"server.mongodb.com",
"-i",
f'{os.environ["task_id"]}',
"-c",
f'{os.environ["project"]}',
"-o",
f"{archive}",
]
signing_env = os.environ.copy()
signing_env["MACOS_NOTARY_SECRET"] = os.environ["macos_notarization_secret"]
print(" ".join(signing_cmd))
p = subprocess.Popen(
signing_cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, env=signing_env
)
print(f"Signing tool completed with exitcode: {p.returncode}")
for line in iter(p.stdout.readline, b""):
print(f'macnotary: {line.decode("utf-8").strip()}')
p.wait()
if p.returncode != 0:
failed = True
shutil.move(unsigned_archive, archive)
else:
os.unlink(unsigned_archive)
if failed:
exit(1)
View Git Blame Copy Permalink