From c8261f6d1d780bb69cb979967390ff3b746b5742 Mon Sep 17 00:00:00 2001 From: Tural Farhadov Date: Wed, 26 Apr 2023 03:05:36 +0000 Subject: SERVER-76519: migrate crypt push task to Garasign --- evergreen/garasign_gpg_crypt_sign.sh | 31 +++++++++++++++++++++++++++++++ evergreen/notary_client_crypt_run.sh | 20 -------------------- evergreen/notary_client_run.sh | 23 ----------------------- 3 files changed, 31 insertions(+), 43 deletions(-) create mode 100644 evergreen/garasign_gpg_crypt_sign.sh delete mode 100644 evergreen/notary_client_crypt_run.sh delete mode 100644 evergreen/notary_client_run.sh (limited to 'evergreen') diff --git a/evergreen/garasign_gpg_crypt_sign.sh b/evergreen/garasign_gpg_crypt_sign.sh new file mode 100644 index 00000000000..378e63b1385 --- /dev/null +++ b/evergreen/garasign_gpg_crypt_sign.sh @@ -0,0 +1,31 @@ +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)" +. "$DIR/prelude.sh" + +cd src + +set -o errexit +set -o verbose + +ext="${ext:-tgz}" + +crypt_file_name=mongo_crypt_shared_v1-${push_name}-${push_arch}-${suffix}.${ext} +mv "mongo_crypt_shared_v1.$ext" $crypt_file_name + +# generating checksums +shasum -a 1 $crypt_file_name | tee $crypt_file_name.sha1 +shasum -a 256 $crypt_file_name | tee $crypt_file_name.sha256 +md5sum $crypt_file_name | tee $crypt_file_name.md5 + +# signing crypt linux artifact with gpg +cat << EOF >> gpg_signing_commands.sh +gpgloader # loading gpg keys. +gpg --yes -v --armor -o $crypt_file_name.sig --detach-sign $crypt_file_name +EOF + +podman run \ + -e GRS_CONFIG_USER1_USERNAME=${garasign_gpg_username_70} \ + -e GRS_CONFIG_USER1_PASSWORD=${garasign_gpg_password_70} \ + --rm \ + -v $(pwd):$(pwd) -w $(pwd) \ + ${garasign_gpg_image} \ + /bin/bash -c "$(cat ./gpg_signing_commands.sh)" diff --git a/evergreen/notary_client_crypt_run.sh b/evergreen/notary_client_crypt_run.sh deleted file mode 100644 index 4d73c3fed98..00000000000 --- a/evergreen/notary_client_crypt_run.sh +++ /dev/null @@ -1,20 +0,0 @@ -DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)" -. "$DIR/prelude.sh" - -cd src - -. ./notary_env.sh - -set -o errexit -set -o verbose - -ext="${ext:-tgz}" - -mv "mongo_crypt_shared_v1.$ext" mongo_crypt_shared_v1-${push_name}-${push_arch}-${suffix}.${ext} - -/usr/local/bin/notary-client.py \ - --key-name "server-7.0" \ - --auth-token-file ${workdir}/src/signing_auth_token \ - --comment "Evergreen Automatic Signing ${revision} - ${build_variant} - ${branch_name}" \ - --notary-url http://notary-service.build.10gen.cc:5000 \ - mongo_crypt_shared_v1-${push_name}-${push_arch}-${suffix}.${ext} diff --git a/evergreen/notary_client_run.sh b/evergreen/notary_client_run.sh deleted file mode 100644 index 41173e36fb1..00000000000 --- a/evergreen/notary_client_run.sh +++ /dev/null @@ -1,23 +0,0 @@ -DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)" -. "$DIR/prelude.sh" - -cd src - -. ./notary_env.sh - -set -o errexit -set -o verbose - -long_ext=${ext} -if [ "$long_ext" == "tgz" ]; then - long_ext="tar.gz" -fi - -mv mongo-binaries.tgz mongodb-${push_name}-${push_arch}-${suffix}.${ext} -mv mongo-cryptd.tgz mongodb-cryptd-${push_name}-${push_arch}-${suffix}.${ext} || true -mv mh.tgz mh-${push_name}-${push_arch}-${suffix}.${ext} || true -mv mongo-debugsymbols.tgz mongodb-${push_name}-${push_arch}-debugsymbols-${suffix}.${ext} || true -mv distsrc.${ext} mongodb-src-${src_suffix}.${long_ext} || true -/usr/bin/find build/ -type f | grep msi$ | xargs -I original_filename cp original_filename mongodb-${push_name}-${push_arch}-${suffix}.msi || true - -/usr/local/bin/notary-client.py --key-name "server-7.0" --auth-token-file ${workdir}/src/signing_auth_token --comment "Evergreen Automatic Signing ${revision} - ${build_variant} - ${branch_name}" --notary-url http://notary-service.build.10gen.cc:5000 --skip-missing mongodb-${push_name}-${push_arch}-${suffix}.${ext} mongodb-${push_name}-${push_arch}-debugsymbols-${suffix}.${ext} mongodb-${push_name}-${push_arch}-${suffix}.msi mongodb-src-${src_suffix}.${long_ext} mongodb-cryptd-${push_name}-${push_arch}-${suffix}.${ext} -- cgit v1.2.1