Bug 1441495 - Removed signing support from mozharness. r?catlee
MozReview-Commit-ID: BNv6NUrE7gn
--- a/testing/mozharness/mozharness/base/script.py
+++ b/testing/mozharness/mozharness/base/script.py
@@ -145,16 +145,33 @@ class ScriptMixin(PlatformMixin):
Attributes:
env (dict): a mapping object representing the string environment.
script_obj (ScriptMixin): reference to a ScriptMixin instance.
"""
env = None
script_obj = None
+ def query_filesize(self, file_path):
+ self.info("Determining filesize for %s" % file_path)
+ length = os.path.getsize(file_path)
+ self.info(" %s" % str(length))
+ return length
+
+ # TODO this should be parallelized with the to-be-written BaseHelper!
+ def query_sha512sum(self, file_path):
+ self.info("Determining sha512sum for %s" % file_path)
+ m = hashlib.sha512()
+ contents = self.read_from_file(file_path, verbose=False,
+ open_mode='rb')
+ m.update(contents)
+ sha512 = m.hexdigest()
+ self.info(" %s" % sha512)
+ return sha512
+
def platform_name(self):
""" Return the platform name on which the script is running on.
Returns:
None: for failure to determine the platform.
str: The name of the platform (e.g. linux64)
"""
return platform_name()
--- a/testing/mozharness/mozharness/mozilla/building/buildbase.py
+++ b/testing/mozharness/mozharness/mozilla/building/buildbase.py
@@ -36,17 +36,16 @@ from mozharness.mozilla.buildbot import
TBPL_FAILURE,
TBPL_RETRY,
TBPL_WARNING,
TBPL_SUCCESS,
TBPL_WORST_LEVEL_TUPLE,
)
from mozharness.mozilla.purge import PurgeMixin
from mozharness.mozilla.secrets import SecretsMixin
-from mozharness.mozilla.signing import SigningMixin
from mozharness.mozilla.testing.errors import TinderBoxPrintRe
from mozharness.mozilla.testing.unittest import tbox_print_summary
from mozharness.mozilla.updates.balrog import BalrogMixin
from mozharness.base.python import (
PerfherderResourceOptionsMixin,
VirtualenvMixin,
)
@@ -664,17 +663,17 @@ def generate_build_ID():
return time.strftime("%Y%m%d%H%M%S", time.localtime(time.time()))
def generate_build_UID():
return uuid.uuid4().hex
class BuildScript(BuildbotMixin, PurgeMixin, BalrogMixin,
- SigningMixin, VirtualenvMixin, MercurialScript,
+ VirtualenvMixin, MercurialScript,
SecretsMixin, PerfherderResourceOptionsMixin):
def __init__(self, **kwargs):
# objdir is referenced in _query_abs_dirs() so let's make sure we
# have that attribute before calling BaseScript.__init__
self.objdir = None
super(BuildScript, self).__init__(**kwargs)
# epoch is only here to represent the start of the buildbot build
# that this mozharn script came from. until I can grab bbot's
@@ -922,42 +921,24 @@ or run without that action (ie: --no-{ac
if c.get('update_channel'):
env["MOZ_UPDATE_CHANNEL"] = c['update_channel']
else: # let's just give the generic channel based on branch
env["MOZ_UPDATE_CHANNEL"] = "nightly-%s" % (self.branch,)
if self.config.get('pgo_build') or self._compile_against_pgo():
env['MOZ_PGO'] = '1'
- if c.get('enable_signing'):
- if os.environ.get('MOZ_SIGNING_SERVERS'):
- moz_sign_cmd = subprocess.list2cmdline(
- self.query_moz_sign_cmd(formats=None)
- )
- # windows fix. This is passed to mach build env and we call that
- # with python, not with bash so we need to fix the slashes here
- env['MOZ_SIGN_CMD'] = moz_sign_cmd.replace('\\', '\\\\\\\\')
- else:
- self.warning("signing disabled because MOZ_SIGNING_SERVERS is not set")
- elif 'MOZ_SIGN_CMD' in env:
- # Ensure that signing is truly disabled
- # MOZ_SIGN_CMD may be defined by default in buildbot (see MozillaBuildFactory)
- self.warning("Clearing MOZ_SIGN_CMD because we don't have config['enable_signing']")
- del env['MOZ_SIGN_CMD']
-
# to activate the right behaviour in mozonfigs while we transition
if c.get('enable_release_promotion'):
env['ENABLE_RELEASE_PROMOTION'] = "1"
update_channel = c.get('update_channel', self.branch)
self.info("Release promotion update channel: %s"
% (update_channel,))
env["MOZ_UPDATE_CHANNEL"] = update_channel
- # we can't make env an attribute of self because env can change on
- # every call for reasons like MOZ_SIGN_CMD
return env
def query_mach_build_env(self, multiLocale=None):
c = self.config
if multiLocale is None and self.query_is_nightly():
multiLocale = c.get('multi_locale', False)
mach_env = {}
if c.get('upload_env'):
deleted file mode 100755
--- a/testing/mozharness/mozharness/mozilla/signing.py
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/usr/bin/env python
-# ***** BEGIN LICENSE BLOCK *****
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this file,
-# You can obtain one at http://mozilla.org/MPL/2.0/.
-# ***** END LICENSE BLOCK *****
-"""Mozilla-specific signing methods.
-"""
-
-import os
-import re
-import json
-import sys
-
-from mozharness.base.errors import BaseErrorList
-from mozharness.base.log import ERROR, FATAL
-from mozharness.base.signing import AndroidSigningMixin, BaseSigningMixin
-
-AndroidSignatureVerificationErrorList = BaseErrorList + [{
- "regex": re.compile(r'''^Invalid$'''),
- "level": FATAL,
- "explanation": "Signature is invalid!"
-}, {
- "substr": "filename not matched",
- "level": ERROR,
-}, {
- "substr": "ERROR: Could not unzip",
- "level": ERROR,
-}, {
- "regex": re.compile(r'''Are you sure this is a (nightly|release) package'''),
- "level": FATAL,
- "explanation": "Not signed!"
-}]
-
-
-# SigningMixin {{{1
-
-class SigningMixin(BaseSigningMixin):
- """Generic signing helper methods."""
- def query_moz_sign_cmd(self, formats=['gpg']):
- if 'MOZ_SIGNING_SERVERS' not in os.environ:
- self.fatal("MOZ_SIGNING_SERVERS not in env; no MOZ_SIGN_CMD for you!")
- dirs = self.query_abs_dirs()
- signing_dir = os.path.join(dirs['abs_work_dir'], 'tools', 'release', 'signing')
- cache_dir = os.path.join(dirs['abs_work_dir'], 'signing_cache')
- token = os.path.join(dirs['base_work_dir'], 'token')
- nonce = os.path.join(dirs['base_work_dir'], 'nonce')
- host_cert = os.path.join(signing_dir, 'host.cert')
- python = sys.executable
- # A mock environment is a special case, the system python isn't
- # available there
- if 'mock_target' in self.config:
- python = 'python2.7'
- cmd = [
- python,
- os.path.join(signing_dir, 'signtool.py'),
- '--cachedir', cache_dir,
- '-t', token,
- '-n', nonce,
- '-c', host_cert,
- ]
- if formats:
- for f in formats:
- cmd += ['-f', f]
- for h in os.environ['MOZ_SIGNING_SERVERS'].split(","):
- cmd += ['-H', h]
- return cmd
-
- def generate_signing_manifest(self, files):
- """Generate signing manifest for signingworkers
-
- Every entry in the manifest requires a dictionary of
- "file_to_sign" (basename) and "hash" (SHA512) of every file to be
- signed. Signing format is defined in the signing task.
- """
- manifest_content = [
- {
- "file_to_sign": os.path.basename(f),
- "hash": self.query_sha512sum(f)
- }
- for f in files
- ]
- return json.dumps(manifest_content)
-
-
-# MobileSigningMixin {{{1
-class MobileSigningMixin(AndroidSigningMixin, SigningMixin):
- def verify_android_signature(self, apk, script=None, key_alias="nightly",
- tools_dir="tools/", env=None):
- """Runs mjessome's android signature verification script.
- This currently doesn't check to see if the apk exists; you may want
- to do that before calling the method.
- """
- c = self.config
- dirs = self.query_abs_dirs()
- if script is None:
- script = c.get('signature_verification_script')
- if env is None:
- env = self.query_env()
- return self.run_command(
- [script, "--tools-dir=%s" % tools_dir, "--%s" % key_alias,
- "--apk=%s" % apk],
- cwd=dirs['abs_work_dir'],
- env=env,
- error_list=AndroidSignatureVerificationErrorList
- )
--- a/testing/mozharness/scripts/desktop_l10n.py
+++ b/testing/mozharness/scripts/desktop_l10n.py
@@ -8,17 +8,16 @@
This script manages Desktop repacks for nightly builds.
"""
import os
import glob
import re
import sys
import shlex
-import subprocess
# load modules from parent dir
sys.path.insert(1, os.path.dirname(sys.path[0]))
from mozharness.base.errors import MakefileErrorList
from mozharness.base.script import BaseScript
from mozharness.base.transfer import TransferMixin
from mozharness.base.vcs.vcsbase import VCSMixin
@@ -26,17 +25,16 @@ from mozharness.mozilla.buildbot import
from mozharness.mozilla.purge import PurgeMixin
from mozharness.mozilla.building.buildbase import (
MakeUploadOutputParser,
get_mozconfig_path,
)
from mozharness.mozilla.l10n.locales import LocalesMixin
from mozharness.mozilla.mar import MarMixin
from mozharness.mozilla.release import ReleaseMixin
-from mozharness.mozilla.signing import SigningMixin
from mozharness.mozilla.updates.balrog import BalrogMixin
from mozharness.base.python import VirtualenvMixin
try:
import simplejson as json
assert json
except ImportError:
import json
@@ -63,17 +61,17 @@ runtime_config_tokens = ('buildid', 'ver
'abs_objdir', 'revision',
'to_buildid', 'en_us_binary_url',
'en_us_installer_binary_url', 'mar_tools_url',
'who')
# DesktopSingleLocale {{{1
class DesktopSingleLocale(LocalesMixin, ReleaseMixin, BuildbotMixin,
- VCSMixin, SigningMixin, PurgeMixin, BaseScript,
+ VCSMixin, PurgeMixin, BaseScript,
BalrogMixin, MarMixin, VirtualenvMixin, TransferMixin):
"""Manages desktop repacks"""
config_options = [[
['--balrog-config', ],
{"action": "extend",
"dest": "config_files",
"type": "string",
"help": "Specify the balrog configuration file"}
@@ -368,21 +366,16 @@ class DesktopSingleLocale(LocalesMixin,
bootstrap_env = self.query_env(partial_env=config.get("bootstrap_env"),
replace_dict=replace_dict)
# Override en_us_installer_binary_url if passed as a buildbot property
if self.buildbot_config["properties"].get("en_us_installer_binary_url"):
self.info("Overriding en_us_binary_url with %s" %
self.buildbot_config["properties"]["en_us_installer_binary_url"])
bootstrap_env['EN_US_INSTALLER_BINARY_URL'] = str(
self.buildbot_config["properties"]["en_us_installer_binary_url"])
- if 'MOZ_SIGNING_SERVERS' in os.environ:
- sign_cmd = self.query_moz_sign_cmd(formats=None)
- sign_cmd = subprocess.list2cmdline(sign_cmd)
- # windows fix
- bootstrap_env['MOZ_SIGN_CMD'] = sign_cmd.replace('\\', '\\\\\\\\')
for binary in self._mar_binaries():
# "mar -> MAR" and 'mar.exe -> MAR' (windows)
name = binary.replace('.exe', '')
name = name.upper()
binary_path = os.path.join(self._mar_tool_dir(), binary)
# windows fix...
if binary.endswith('.exe'):
binary_path = binary_path.replace('\\', '\\\\\\\\')
@@ -406,21 +399,16 @@ class DesktopSingleLocale(LocalesMixin,
for extra in config['upload_env_extra']:
upload_env[extra] = config['upload_env_extra'][extra]
self.upload_env = upload_env
return self.upload_env
def query_l10n_env(self):
l10n_env = self._query_upload_env().copy()
- # both upload_env and bootstrap_env define MOZ_SIGN_CMD
- # the one from upload_env is taken from os.environ, the one from
- # bootstrap_env is set with query_moz_sign_cmd()
- # we need to use the value provided my query_moz_sign_cmd or make upload
- # will fail (signtool.py path is wrong)
l10n_env.update(self.query_bootstrap_env())
return l10n_env
def _query_make_ident_output(self):
"""Get |make ident| output from the objdir.
Only valid after setup is run.
"""
if self.make_ident_output:
--- a/testing/mozharness/scripts/mobile_l10n.py
+++ b/testing/mozharness/scripts/mobile_l10n.py
@@ -8,17 +8,16 @@
This currently supports nightly and release single locale repacks for
Android. This also creates nightly updates.
"""
import glob
import os
import re
-import subprocess
import sys
try:
import simplejson as json
assert json
except ImportError:
import json
@@ -26,30 +25,29 @@ except ImportError:
sys.path.insert(1, os.path.dirname(sys.path[0]))
from mozharness.base.errors import MakefileErrorList
from mozharness.base.log import OutputParser
from mozharness.base.transfer import TransferMixin
from mozharness.mozilla.buildbot import BuildbotMixin
from mozharness.mozilla.purge import PurgeMixin
from mozharness.mozilla.release import ReleaseMixin
-from mozharness.mozilla.signing import MobileSigningMixin
from mozharness.mozilla.tooltool import TooltoolMixin
from mozharness.base.vcs.vcsbase import MercurialScript
from mozharness.mozilla.l10n.locales import LocalesMixin
from mozharness.mozilla.mock import MockMixin
from mozharness.mozilla.secrets import SecretsMixin
from mozharness.mozilla.updates.balrog import BalrogMixin
from mozharness.base.python import VirtualenvMixin
# MobileSingleLocale {{{1
class MobileSingleLocale(MockMixin, LocalesMixin, ReleaseMixin,
- MobileSigningMixin, TransferMixin, TooltoolMixin,
- BuildbotMixin, PurgeMixin, MercurialScript, BalrogMixin,
+ TransferMixin, TooltoolMixin, BuildbotMixin,
+ PurgeMixin, MercurialScript, BalrogMixin,
VirtualenvMixin, SecretsMixin):
config_options = [[
['--locale', ],
{"action": "extend",
"dest": "locales",
"type": "string",
"help": "Specify the locale(s) to sign and update"
}
@@ -180,19 +178,16 @@ class MobileSingleLocale(MockMixin, Loca
'version': rc['version'],
'buildnum': rc['buildnum']
}
repack_env = self.query_env(partial_env=c.get("repack_env"),
replace_dict=replace_dict)
if c.get('base_en_us_binary_url') and c.get('release_config_file'):
rc = self.query_release_config()
repack_env['EN_US_BINARY_URL'] = c['base_en_us_binary_url'] % replace_dict
- if 'MOZ_SIGNING_SERVERS' in os.environ:
- repack_env['MOZ_SIGN_CMD'] = \
- subprocess.list2cmdline(self.query_moz_sign_cmd(formats=['jar']))
if self.query_is_nightly() or self.query_is_nightly_promotion():
if self.query_is_nightly():
# Nightly promotion needs to set update_channel but not do all
# the 'IS_NIGHTLY' automation parts, like uploading symbols
# (for now).
repack_env["IS_NIGHTLY"] = "yes"
# In branch_specifics.py we might set update_channel explicitly.
@@ -222,18 +217,16 @@ class MobileSingleLocale(MockMixin, Loca
# builds go to 'mozilla-central-l10n', while android builds add part of
# the platform name as well, like 'mozilla-central-android-api-16-l10n'.
# So we override the branch with something that contains the platform
# name.
replace_dict['branch'] = c['upload_branch']
upload_env = self.query_env(partial_env=c.get("upload_env"),
replace_dict=replace_dict)
- if 'MOZ_SIGNING_SERVERS' in os.environ:
- upload_env['MOZ_SIGN_CMD'] = subprocess.list2cmdline(self.query_moz_sign_cmd())
if self.query_is_release_or_beta():
upload_env['MOZ_PKG_VERSION'] = '%(version)s' % replace_dict
self.upload_env = upload_env
return self.upload_env
def _query_make_ident_output(self):
"""Get |make ident| output from the objdir.
Only valid after setup is run.