hishtory/scripts/actions-sign.py

46 lines
1.6 KiB
Python
Raw Permalink Normal View History

2022-05-24 08:25:12 +02:00
import os
import time
import subprocess
2022-05-24 09:12:29 +02:00
def main():
assertPresentAndNotAscii("hishtory-darwin-arm64")
assertPresentAndNotAscii("hishtory-darwin-amd64")
print("before sha1sum:")
2022-05-25 07:26:24 +02:00
os.system("sha1sum hishtory-* 2>&1")
print("before sha256sum:")
os.system("sha256sum hishtory-* 2>&1")
2022-05-24 09:12:29 +02:00
print("file:")
2022-05-25 07:26:24 +02:00
os.system("file hishtory-* 2>&1")
2022-05-24 09:12:29 +02:00
print("signing...")
os.system("""
set -emo pipefail
cp hishtory-darwin-arm64 hishtory-darwin-arm64-unsigned
cp hishtory-darwin-amd64 hishtory-darwin-amd64-unsigned
2022-05-24 09:12:29 +02:00
echo $MACOS_CERTIFICATE | base64 -d > certificate.p12
security create-keychain -p $MACOS_CERTIFICATE_PWD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $MACOS_CERTIFICATE_PWD build.keychain
security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CERTIFICATE_PWD build.keychain
/usr/bin/codesign --force -s 6D4E1575A0D40C370E294916A8390797106C8A6E hishtory-darwin-arm64 -v
/usr/bin/codesign --force -s 6D4E1575A0D40C370E294916A8390797106C8A6E hishtory-darwin-amd64 -v
""")
print("after sha1sum:")
os.system("sha1sum hishtory-* 2>&1")
print("after sha256sum:")
os.system("sha256sum hishtory-* 2>&1")
2022-05-24 09:12:29 +02:00
2022-05-24 08:25:12 +02:00
def assertPresentAndNotAscii(fn):
if not os.path.exists(fn):
raise Exception(f"{fn=} does not exist, did it fail to download?")
2022-05-24 08:25:12 +02:00
out = subprocess.check_output(["file", fn]).decode('utf-8')
if "ASCII text" in out:
raise Exception(f"{fn=} is of type {out}")
2022-05-24 08:25:12 +02:00
2022-05-24 09:12:29 +02:00
if __name__ == '__main__':
main()