diff options
author | Tural Farhadov <tural.ferhadov@gmail.com> | 2023-04-26 03:05:36 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-04-26 04:10:41 +0000 |
commit | c8261f6d1d780bb69cb979967390ff3b746b5742 (patch) | |
tree | 69d11bacc191eab0bddcab5be8f583a5cf925f41 /evergreen | |
parent | 606e34054ef33e59b78715263b125ff7ebea1394 (diff) | |
download | mongo-c8261f6d1d780bb69cb979967390ff3b746b5742.tar.gz |
SERVER-76519: migrate crypt push task to Garasign
Diffstat (limited to 'evergreen')
-rw-r--r-- | evergreen/garasign_gpg_crypt_sign.sh | 31 | ||||
-rw-r--r-- | evergreen/notary_client_crypt_run.sh | 20 | ||||
-rw-r--r-- | evergreen/notary_client_run.sh | 23 |
3 files changed, 31 insertions, 43 deletions
diff --git a/evergreen/garasign_gpg_crypt_sign.sh b/evergreen/garasign_gpg_crypt_sign.sh new file mode 100644 index 00000000000..378e63b1385 --- /dev/null +++ b/evergreen/garasign_gpg_crypt_sign.sh @@ -0,0 +1,31 @@ +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)" +. "$DIR/prelude.sh" + +cd src + +set -o errexit +set -o verbose + +ext="${ext:-tgz}" + +crypt_file_name=mongo_crypt_shared_v1-${push_name}-${push_arch}-${suffix}.${ext} +mv "mongo_crypt_shared_v1.$ext" $crypt_file_name + +# generating checksums +shasum -a 1 $crypt_file_name | tee $crypt_file_name.sha1 +shasum -a 256 $crypt_file_name | tee $crypt_file_name.sha256 +md5sum $crypt_file_name | tee $crypt_file_name.md5 + +# signing crypt linux artifact with gpg +cat << EOF >> gpg_signing_commands.sh +gpgloader # loading gpg keys. +gpg --yes -v --armor -o $crypt_file_name.sig --detach-sign $crypt_file_name +EOF + +podman run \ + -e GRS_CONFIG_USER1_USERNAME=${garasign_gpg_username_70} \ + -e GRS_CONFIG_USER1_PASSWORD=${garasign_gpg_password_70} \ + --rm \ + -v $(pwd):$(pwd) -w $(pwd) \ + ${garasign_gpg_image} \ + /bin/bash -c "$(cat ./gpg_signing_commands.sh)" diff --git a/evergreen/notary_client_crypt_run.sh b/evergreen/notary_client_crypt_run.sh deleted file mode 100644 index 4d73c3fed98..00000000000 --- a/evergreen/notary_client_crypt_run.sh +++ /dev/null @@ -1,20 +0,0 @@ -DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)" -. "$DIR/prelude.sh" - -cd src - -. ./notary_env.sh - -set -o errexit -set -o verbose - -ext="${ext:-tgz}" - -mv "mongo_crypt_shared_v1.$ext" mongo_crypt_shared_v1-${push_name}-${push_arch}-${suffix}.${ext} - -/usr/local/bin/notary-client.py \ - --key-name "server-7.0" \ - --auth-token-file ${workdir}/src/signing_auth_token \ - --comment "Evergreen Automatic Signing ${revision} - ${build_variant} - ${branch_name}" \ - --notary-url http://notary-service.build.10gen.cc:5000 \ - mongo_crypt_shared_v1-${push_name}-${push_arch}-${suffix}.${ext} diff --git a/evergreen/notary_client_run.sh b/evergreen/notary_client_run.sh deleted file mode 100644 index 41173e36fb1..00000000000 --- a/evergreen/notary_client_run.sh +++ /dev/null @@ -1,23 +0,0 @@ -DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)" -. "$DIR/prelude.sh" - -cd src - -. ./notary_env.sh - -set -o errexit -set -o verbose - -long_ext=${ext} -if [ "$long_ext" == "tgz" ]; then - long_ext="tar.gz" -fi - -mv mongo-binaries.tgz mongodb-${push_name}-${push_arch}-${suffix}.${ext} -mv mongo-cryptd.tgz mongodb-cryptd-${push_name}-${push_arch}-${suffix}.${ext} || true -mv mh.tgz mh-${push_name}-${push_arch}-${suffix}.${ext} || true -mv mongo-debugsymbols.tgz mongodb-${push_name}-${push_arch}-debugsymbols-${suffix}.${ext} || true -mv distsrc.${ext} mongodb-src-${src_suffix}.${long_ext} || true -/usr/bin/find build/ -type f | grep msi$ | xargs -I original_filename cp original_filename mongodb-${push_name}-${push_arch}-${suffix}.msi || true - -/usr/local/bin/notary-client.py --key-name "server-7.0" --auth-token-file ${workdir}/src/signing_auth_token --comment "Evergreen Automatic Signing ${revision} - ${build_variant} - ${branch_name}" --notary-url http://notary-service.build.10gen.cc:5000 --skip-missing mongodb-${push_name}-${push_arch}-${suffix}.${ext} mongodb-${push_name}-${push_arch}-debugsymbols-${suffix}.${ext} mongodb-${push_name}-${push_arch}-${suffix}.msi mongodb-src-${src_suffix}.${long_ext} mongodb-cryptd-${push_name}-${push_arch}-${suffix}.${ext} |