tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

signing.py (2516B)

      1 # This Source Code Form is subject to the terms of the Mozilla Public
      2 # License, v. 2.0. If a copy of the MPL was not distributed with this
      3 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
      4 
      5 
      6 from gecko_taskgraph.util.scriptworker import get_signing_type
      7 from taskgraph.transforms.base import TransformSequence
      8 from taskgraph.util.schema import resolve_keyed_by
      9 
     10 from ..build_config import CHECKSUMS_EXTENSIONS
     11 
     12 transforms = TransformSequence()
     13 
     14 
     15 @transforms.add
     16 def resolve_keys(config, tasks):
     17    for task in tasks:
     18        for key in (
     19            "index",
     20            "worker-type",
     21            "treeherder.symbol",
     22        ):
     23            resolve_keyed_by(
     24                task,
     25                key,
     26                item_name=task["name"],
     27                **{
     28                    "build-type": task["attributes"]["build-type"],
     29                    "level": config.params["level"],
     30                },
     31            )
     32        yield task
     33 
     34 
     35 @transforms.add
     36 def set_signing_attributes(config, tasks):
     37    for task in tasks:
     38        task["attributes"]["signed"] = True
     39        yield task
     40 
     41 
     42 @transforms.add
     43 def filter_out_checksums(config, tasks):
     44    for task in tasks:
     45        task["attributes"]["artifacts"] = {
     46            extension: path
     47            for extension, path in task["attributes"]["artifacts"].items()
     48            if not any(map(path.endswith, CHECKSUMS_EXTENSIONS))
     49        }
     50 
     51        for upstream_artifact in task["worker"]["upstream-artifacts"]:
     52            upstream_artifact["paths"] = [
     53                path
     54                for path in upstream_artifact["paths"]
     55                if not any(map(path.endswith, CHECKSUMS_EXTENSIONS))
     56            ]
     57 
     58        yield task
     59 
     60 
     61 _DETACHED_SIGNATURE_EXTENSION = ".asc"
     62 
     63 
     64 @transforms.add
     65 def set_detached_signature_artifacts(config, tasks):
     66    for task in tasks:
     67        task["attributes"]["artifacts"] = {
     68            extension + _DETACHED_SIGNATURE_EXTENSION: path
     69            + _DETACHED_SIGNATURE_EXTENSION
     70            for extension, path in task["attributes"]["artifacts"].items()
     71        }
     72 
     73        yield task
     74 
     75 
     76 @transforms.add
     77 def set_signing_format(config, tasks):
     78    for task in tasks:
     79        for upstream_artifact in task["worker"]["upstream-artifacts"]:
     80            upstream_artifact["formats"] = ["gcp_prod_autograph_gpg"]
     81 
     82        yield task
     83 
     84 
     85 @transforms.add
     86 def add_signing_type(config, tasks):
     87    signing_type = get_signing_type(config)
     88    for task in tasks:
     89        task["worker"]["signing-type"] = signing_type
     90        yield task