SERVER-76519: migrate crypt push task to Garasign

3 files changed, 31 insertions, 43 deletions

diff --git a/evergreen/garasign_gpg_crypt_sign.sh b/evergreen/garasign_gpg_crypt_sign.sh
new file mode 100644
index 00000000000..378e63b1385
--- /dev/null
+++ b/evergreen/garasign_gpg_crypt_sign.sh
@@ -0,0 +1,31 @@
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)"
+. "$DIR/prelude.sh"
+
+cd src
+
+set -o errexit
+set -o verbose
+
+ext="${ext:-tgz}"
+
+crypt_file_name=mongo_crypt_shared_v1-${push_name}-${push_arch}-${suffix}.${ext}
+mv "mongo_crypt_shared_v1.$ext" $crypt_file_name
+
+# generating checksums
+shasum -a 1 $crypt_file_name | tee $crypt_file_name.sha1
+shasum -a 256 $crypt_file_name | tee $crypt_file_name.sha256
+md5sum $crypt_file_name | tee $crypt_file_name.md5
+
+# signing crypt linux artifact with gpg
+cat << EOF >> gpg_signing_commands.sh
+gpgloader # loading gpg keys.
+gpg --yes -v --armor -o $crypt_file_name.sig --detach-sign $crypt_file_name
+EOF
+
+podman run \
+  -e GRS_CONFIG_USER1_USERNAME=${garasign_gpg_username_70} \
+  -e GRS_CONFIG_USER1_PASSWORD=${garasign_gpg_password_70} \
+  --rm \
+  -v $(pwd):$(pwd) -w $(pwd) \
+  ${garasign_gpg_image} \
+  /bin/bash -c "$(cat ./gpg_signing_commands.sh)"
diff --git a/evergreen/notary_client_crypt_run.sh b/evergreen/notary_client_crypt_run.sh
deleted file mode 100644
index 4d73c3fed98..00000000000
--- a/evergreen/notary_client_crypt_run.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)"
-. "$DIR/prelude.sh"
-
-cd src
-
-. ./notary_env.sh
-
-set -o errexit
-set -o verbose
-
-ext="${ext:-tgz}"
-
-mv "mongo_crypt_shared_v1.$ext" mongo_crypt_shared_v1-${push_name}-${push_arch}-${suffix}.${ext}
-
-/usr/local/bin/notary-client.py \
-  --key-name "server-7.0" \
-  --auth-token-file ${workdir}/src/signing_auth_token \
-  --comment "Evergreen Automatic Signing ${revision} - ${build_variant} - ${branch_name}" \
-  --notary-url http://notary-service.build.10gen.cc:5000 \
-  mongo_crypt_shared_v1-${push_name}-${push_arch}-${suffix}.${ext}
diff --git a/evergreen/notary_client_run.sh b/evergreen/notary_client_run.sh
deleted file mode 100644
index 41173e36fb1..00000000000
--- a/evergreen/notary_client_run.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)"
-. "$DIR/prelude.sh"
-
-cd src
-
-. ./notary_env.sh
-
-set -o errexit
-set -o verbose
-
-long_ext=${ext}
-if [ "$long_ext" == "tgz" ]; then
-  long_ext="tar.gz"
-fi
-
-mv mongo-binaries.tgz mongodb-${push_name}-${push_arch}-${suffix}.${ext}
-mv mongo-cryptd.tgz mongodb-cryptd-${push_name}-${push_arch}-${suffix}.${ext} || true
-mv mh.tgz mh-${push_name}-${push_arch}-${suffix}.${ext} || true
-mv mongo-debugsymbols.tgz mongodb-${push_name}-${push_arch}-debugsymbols-${suffix}.${ext} || true
-mv distsrc.${ext} mongodb-src-${src_suffix}.${long_ext} || true
-/usr/bin/find build/ -type f | grep msi$ | xargs -I original_filename cp original_filename mongodb-${push_name}-${push_arch}-${suffix}.msi || true
-
-/usr/local/bin/notary-client.py --key-name "server-7.0" --auth-token-file ${workdir}/src/signing_auth_token --comment "Evergreen Automatic Signing ${revision} - ${build_variant} - ${branch_name}" --notary-url http://notary-service.build.10gen.cc:5000 --skip-missing mongodb-${push_name}-${push_arch}-${suffix}.${ext} mongodb-${push_name}-${push_arch}-debugsymbols-${suffix}.${ext} mongodb-${push_name}-${push_arch}-${suffix}.msi mongodb-src-${src_suffix}.${long_ext} mongodb-cryptd-${push_name}-${push_arch}-${suffix}.${ext}