@mongodb-js/signing-utils 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/signing-clients/index.d.ts +11 -4
- package/dist/signing-clients/index.d.ts.map +1 -1
- package/dist/signing-clients/index.js +2 -2
- package/dist/signing-clients/index.js.map +1 -1
- package/dist/signing-clients/local-signing-client.js +1 -1
- package/dist/signing-clients/local-signing-client.js.map +1 -1
- package/dist/signing-clients/remote-signing-client.d.ts.map +1 -1
- package/dist/signing-clients/remote-signing-client.js +2 -1
- package/dist/signing-clients/remote-signing-client.js.map +1 -1
- package/dist/utils.d.ts +14 -0
- package/dist/utils.d.ts.map +1 -1
- package/dist/utils.js +18 -1
- package/dist/utils.js.map +1 -1
- package/package.json +2 -2
- package/src/garasign.sh +16 -7
- package/src/signing-clients/index.ts +18 -9
- package/src/signing-clients/local-signing-client.spec.ts +9 -3
- package/src/signing-clients/local-signing-client.ts +2 -2
- package/src/signing-clients/remote-signing-client.spec.ts +3 -1
- package/src/signing-clients/remote-signing-client.ts +7 -2
- package/src/utils.ts +21 -0
|
@@ -1,23 +1,30 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
2
|
export { LocalSigningClient } from './local-signing-client';
|
|
3
3
|
export { RemoteSigningClient } from './remote-signing-client';
|
|
4
|
-
export type
|
|
4
|
+
export type SigningOptions = {
|
|
5
|
+
method: 'gpg';
|
|
6
|
+
} | {
|
|
7
|
+
method: 'jsign';
|
|
8
|
+
certificateAlias: 'compass' | 'mongosh';
|
|
9
|
+
timestampUrl?: string;
|
|
10
|
+
};
|
|
5
11
|
export type SigningClientOptions = {
|
|
6
12
|
workingDirectory: string;
|
|
7
13
|
signingScript: string;
|
|
8
|
-
|
|
14
|
+
signingOptions: SigningOptions;
|
|
9
15
|
};
|
|
10
16
|
export type RemoteSigningOptions = {
|
|
17
|
+
host?: string;
|
|
11
18
|
username?: string;
|
|
12
19
|
password?: string;
|
|
13
20
|
port?: number;
|
|
14
21
|
privateKey?: Buffer | string;
|
|
15
|
-
|
|
22
|
+
signingOptions: SigningOptions;
|
|
16
23
|
workingDirectory?: string;
|
|
17
24
|
client: 'remote';
|
|
18
25
|
};
|
|
19
26
|
export type LocalSigningOptions = {
|
|
20
|
-
|
|
27
|
+
signingOptions: SigningOptions;
|
|
21
28
|
client: 'local';
|
|
22
29
|
};
|
|
23
30
|
export type ClientOptions = RemoteSigningOptions | LocalSigningOptions;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";AAOA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,MAAM,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";AAOA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,MAAM,cAAc,GACtB;IACE,MAAM,EAAE,KAAK,CAAC;CACf,GACD;IACE,MAAM,EAAE,OAAO,CAAC;IAEhB,gBAAgB,EAAE,SAAS,GAAG,SAAS,CAAC;IAExC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEN,MAAM,MAAM,oBAAoB,GAAG;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,cAAc,CAAC;CAChC,CAAC;AAGF,MAAM,MAAM,oBAAoB,GAAG;IAEjC,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAE7B,cAAc,EAAE,cAAc,CAAC;IAI/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,QAAQ,CAAC;CAClB,CAAC;AAGF,MAAM,MAAM,mBAAmB,GAAG;IAChC,cAAc,EAAE,cAAc,CAAC;IAC/B,MAAM,EAAE,OAAO,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG,oBAAoB,GAAG,mBAAmB,CAAC;AAEvE,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnC;AAED,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CA2BxB"}
|
|
@@ -44,13 +44,13 @@ async function getSigningClient(options) {
|
|
|
44
44
|
return new remote_signing_client_1.RemoteSigningClient(sshClient, {
|
|
45
45
|
workingDirectory: options.workingDirectory ?? '/home/ubuntu/garasign',
|
|
46
46
|
signingScript,
|
|
47
|
-
|
|
47
|
+
signingOptions: options.signingOptions,
|
|
48
48
|
});
|
|
49
49
|
}
|
|
50
50
|
if (options.client === 'local') {
|
|
51
51
|
return new local_signing_client_1.LocalSigningClient({
|
|
52
52
|
signingScript,
|
|
53
|
-
|
|
53
|
+
signingOptions: options.signingOptions,
|
|
54
54
|
});
|
|
55
55
|
}
|
|
56
56
|
throw new Error(`Unknown client type: ${options.client}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2CAA6B;AAC7B,8CAA0C;AAC1C,iEAA4D;AAC5D,mEAA8D;AAE9D,+DAA4D;AAAnD,0HAAA,kBAAkB,OAAA;AAC3B,iEAA8D;AAArD,4HAAA,mBAAmB,OAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2CAA6B;AAC7B,8CAA0C;AAC1C,iEAA4D;AAC5D,mEAA8D;AAE9D,+DAA4D;AAAnD,0HAAA,kBAAkB,OAAA;AAC3B,iEAA8D;AAArD,4HAAA,mBAAmB,OAAA;AAqDrB,KAAK,UAAU,gBAAgB,CACpC,OAAsB;IAEtB,KAAK,UAAU,YAAY,CAAC,UAAyB;QACnD,MAAM,SAAS,GAAG,IAAI,sBAAS,CAAC,UAAU,CAAC,CAAC;QAC5C,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAE5E,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE9C,OAAO,IAAI,2CAAmB,CAAC,SAAS,EAAE;YACxC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,uBAAuB;YACrE,aAAa;YACb,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC/B,OAAO,IAAI,yCAAkB,CAAC;YAC5B,aAAa;YACb,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC,CAAC;IACL,CAAC;IAGD,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5D,CAAC;AA7BD,4CA6BC"}
|
|
@@ -18,7 +18,7 @@ class LocalSigningClient {
|
|
|
18
18
|
try {
|
|
19
19
|
const env = {
|
|
20
20
|
...(0, utils_1.getEnv)(),
|
|
21
|
-
|
|
21
|
+
...(0, utils_1.mapSigningOptionsForScript)(this.options.signingOptions),
|
|
22
22
|
};
|
|
23
23
|
const { stdout, stderr, status } = (0, child_process_1.spawnSync)('bash', [this.options.signingScript, path_1.default.basename(file)], {
|
|
24
24
|
cwd: directoryOfFileToSign,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/local-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,iDAA0C;AAC1C,
|
|
1
|
+
{"version":3,"file":"local-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/local-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,iDAA0C;AAC1C,oCAAqE;AAGrE,MAAM,gBAAgB,GAAG,aAAK,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;AAQ5D,MAAa,kBAAkB;IAC7B,YACU,OAAuD;QAAvD,YAAO,GAAP,OAAO,CAAgD;IAC9D,CAAC;IAKJ,KAAK,CAAC,IAAI,CAAC,IAAY;QACrB,gBAAgB,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QAEpC,MAAM,qBAAqB,GAAG,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEjD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG;gBACV,GAAG,IAAA,cAAM,GAAE;gBACX,GAAG,IAAA,kCAA0B,EAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;aAC3D,CAAC;YAEF,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,yBAAS,EAC1C,MAAM,EACN,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,cAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EACjD;gBACE,GAAG,EAAE,qBAAqB;gBAC1B,GAAG;gBACH,QAAQ,EAAE,OAAO;aAClB,CACF,CAAC;YAEF,gBAAgB,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;YAErC,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,SAAS,CAAC;oBACb,MAAM;oBACN,MAAM;iBACP,CAAC,CACH,CAAC;YACJ,CAAC;YACD,gBAAgB,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gBAAgB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YAC5B,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF;AA7CD,gDA6CC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remote-signing-client.d.ts","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,OAAO,KAAK,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,GAAG,CAAC;AAE7D,qBAAa,mBAAoB,YAAW,aAAa;IAErD,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,OAAO;gBADP,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,oBAAoB;YASzB,IAAI;IAWlB,OAAO,CAAC,iBAAiB;YAMX,cAAc;
|
|
1
|
+
{"version":3,"file":"remote-signing-client.d.ts","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,OAAO,KAAK,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,GAAG,CAAC;AAE7D,qBAAa,mBAAoB,YAAW,aAAa;IAErD,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,OAAO;gBADP,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,oBAAoB;YASzB,IAAI;IAWlB,OAAO,CAAC,iBAAiB;YAMX,cAAc;IA8BtB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAsBxC"}
|
|
@@ -24,13 +24,14 @@ class RemoteSigningClient {
|
|
|
24
24
|
}
|
|
25
25
|
async signRemoteFile(file) {
|
|
26
26
|
const env = (0, utils_1.getEnv)();
|
|
27
|
+
const signingOptions = (0, utils_1.mapSigningOptionsForScript)(this.options.signingOptions);
|
|
27
28
|
const cmds = [
|
|
28
29
|
`cd '${this.options.workingDirectory}'`,
|
|
29
30
|
`export garasign_username=${env.garasign_username}`,
|
|
30
31
|
`export garasign_password=${env.garasign_password}`,
|
|
31
32
|
`export artifactory_username=${env.artifactory_username}`,
|
|
32
33
|
`export artifactory_password=${env.artifactory_password}`,
|
|
33
|
-
`export
|
|
34
|
+
...Object.keys(signingOptions).map((k) => `export ${k}=${signingOptions[k]}`),
|
|
34
35
|
`./garasign.sh '${file}'`,
|
|
35
36
|
];
|
|
36
37
|
const command = cmds.join(' && ');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remote-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,
|
|
1
|
+
{"version":3,"file":"remote-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,oCAAqE;AAGrE,MAAa,mBAAmB;IAC9B,YACU,SAAoB,EACpB,OAA6B;QAD7B,cAAS,GAAT,SAAS,CAAW;QACpB,YAAO,GAAP,OAAO,CAAsB;IACpC,CAAC;IAQI,KAAK,CAAC,IAAI;QAChB,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAGvE,CAAC;YACC,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,cAAc,CAAC;YACpE,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;YACxE,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,IAAY;QACpC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,SAAS,IAAI,CAAC,GAAG,EAAE,IAAI,cAAI,CAAC,QAAQ,CACzE,IAAI,CACL,EAAE,CAAC;IACN,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,IAAY;QACvC,MAAM,GAAG,GAAG,IAAA,cAAM,GAAE,CAAC;QACrB,MAAM,cAAc,GAAG,IAAA,kCAA0B,EAC/C,IAAI,CAAC,OAAO,CAAC,cAAc,CAC5B,CAAC;QAMF,MAAM,IAAI,GAAG;YACX,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,GAAG;YAEvC,4BAA4B,GAAG,CAAC,iBAAiB,EAAE;YAEnD,4BAA4B,GAAG,CAAC,iBAAiB,EAAE;YAEnD,+BAA+B,GAAG,CAAC,oBAAoB,EAAE;YAEzD,+BAA+B,GAAG,CAAC,oBAAoB,EAAE;YACzD,GAAI,MAAM,CAAC,IAAI,CAAC,cAAc,CAAqC,CAAC,GAAG,CACrE,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,cAAc,CAAC,CAAC,CAAW,EAAE,CACpD;YACD,kBAAkB,IAAI,GAAG;SAC1B,CAAC;QACF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAA,aAAK,EAAC,6BAA6B,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAY;QACrB,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC;YAEH,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAElB,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YAChD,IAAA,aAAK,EAAC,qBAAqB,IAAI,OAAO,UAAU,EAAE,CAAC,CAAC;YAEpD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;YACrD,IAAA,aAAK,EAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;YAEnC,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YACpD,IAAA,aAAK,EAAC,mCAAmC,IAAI,EAAE,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,aAAK,EAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACnB,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC5C,IAAA,aAAK,EAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;YACjD,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;CACF;AAjFD,kDAiFC"}
|
package/dist/utils.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
/// <reference types="debug" />
|
|
2
|
+
import type { SigningOptions } from './signing-clients';
|
|
2
3
|
export declare const debug: import("debug").Debugger;
|
|
3
4
|
export declare function getEnv(): {
|
|
4
5
|
garasign_username: string | undefined;
|
|
@@ -6,4 +7,17 @@ export declare function getEnv(): {
|
|
|
6
7
|
artifactory_username: string | undefined;
|
|
7
8
|
artifactory_password: string | undefined;
|
|
8
9
|
};
|
|
10
|
+
export declare function mapSigningOptionsForScript(options: SigningOptions): {
|
|
11
|
+
method: "gpg";
|
|
12
|
+
alias?: undefined;
|
|
13
|
+
timestampUrl?: undefined;
|
|
14
|
+
} | {
|
|
15
|
+
method: "jsign";
|
|
16
|
+
alias: "compass" | "mongosh";
|
|
17
|
+
timestampUrl: string;
|
|
18
|
+
} | {
|
|
19
|
+
method?: undefined;
|
|
20
|
+
alias?: undefined;
|
|
21
|
+
timestampUrl?: undefined;
|
|
22
|
+
};
|
|
9
23
|
//# sourceMappingURL=utils.d.ts.map
|
package/dist/utils.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAExD,eAAO,MAAM,KAAK,0BAA2B,CAAC;AAE9C,wBAAgB,MAAM;;;;;EAgBrB;AAID,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,cAAc;;;;;;;;;;;;EAgBjE"}
|
package/dist/utils.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.getEnv = exports.debug = void 0;
|
|
3
|
+
exports.mapSigningOptionsForScript = exports.getEnv = exports.debug = void 0;
|
|
4
4
|
const debug_1 = require("debug");
|
|
5
5
|
exports.debug = (0, debug_1.debug)('signing-utils');
|
|
6
6
|
function getEnv() {
|
|
@@ -16,4 +16,21 @@ function getEnv() {
|
|
|
16
16
|
};
|
|
17
17
|
}
|
|
18
18
|
exports.getEnv = getEnv;
|
|
19
|
+
const DEFAULT_JSIGN_TIMESTAMP_URL = 'http://timestamp.digicert.com';
|
|
20
|
+
function mapSigningOptionsForScript(options) {
|
|
21
|
+
if (options.method === 'gpg') {
|
|
22
|
+
return {
|
|
23
|
+
method: options.method,
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
if (options.method === 'jsign') {
|
|
27
|
+
return {
|
|
28
|
+
method: options.method,
|
|
29
|
+
alias: options.certificateAlias,
|
|
30
|
+
timestampUrl: options.timestampUrl ?? DEFAULT_JSIGN_TIMESTAMP_URL,
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
return {};
|
|
34
|
+
}
|
|
35
|
+
exports.mapSigningOptionsForScript = mapSigningOptionsForScript;
|
|
19
36
|
//# sourceMappingURL=utils.js.map
|
package/dist/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;;AAAA,iCAAyC;
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;;AAAA,iCAAyC;AAG5B,QAAA,KAAK,GAAG,IAAA,aAAO,EAAC,eAAe,CAAC,CAAC;AAE9C,SAAgB,MAAM;IACpB,MAAM,iBAAiB,GACrB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACvE,MAAM,iBAAiB,GACrB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACvE,MAAM,oBAAoB,GACxB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAC7E,MAAM,oBAAoB,GACxB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE7E,OAAO;QACL,iBAAiB;QACjB,iBAAiB;QACjB,oBAAoB;QACpB,oBAAoB;KACrB,CAAC;AACJ,CAAC;AAhBD,wBAgBC;AAED,MAAM,2BAA2B,GAAG,+BAA+B,CAAC;AAEpE,SAAgB,0BAA0B,CAAC,OAAuB;IAChE,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC7B,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC/B,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,KAAK,EAAE,OAAO,CAAC,gBAAgB;YAC/B,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,2BAA2B;SAClE,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAhBD,gEAgBC"}
|
package/package.json
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"email": "compass@mongodb.com"
|
|
14
14
|
},
|
|
15
15
|
"homepage": "https://github.com/mongodb-js/devtools-shared",
|
|
16
|
-
"version": "0.2.
|
|
16
|
+
"version": "0.2.2",
|
|
17
17
|
"repository": {
|
|
18
18
|
"type": "git",
|
|
19
19
|
"url": "https://github.com/mongodb-js/devtools-shared.git"
|
|
@@ -70,5 +70,5 @@
|
|
|
70
70
|
"debug": "^4.3.4",
|
|
71
71
|
"ssh2": "^1.15.0"
|
|
72
72
|
},
|
|
73
|
-
"gitHead": "
|
|
73
|
+
"gitHead": "eb7e757ac0ab44f343b22df168a26ebc1955eccc"
|
|
74
74
|
}
|
package/src/garasign.sh
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
#! /usr/bin/env bash
|
|
2
2
|
|
|
3
|
+
set -e
|
|
4
|
+
|
|
3
5
|
if [ -z "$1" ]; then
|
|
4
6
|
echo "Usage: garasign.sh <file>"
|
|
5
7
|
exit 1
|
|
@@ -22,13 +24,15 @@ trap logout_artifactory EXIT
|
|
|
22
24
|
echo "Logging into docker artifactory"
|
|
23
25
|
echo "${artifactory_password}" | docker login --password-stdin --username ${artifactory_username} ${ARTIFACTORY_HOST} > /dev/null 2>&1
|
|
24
26
|
|
|
25
|
-
|
|
26
|
-
|
|
27
|
+
if [ $? -ne 0 ]; then
|
|
28
|
+
echo "Docker login failed" >&2
|
|
29
|
+
exit 1
|
|
30
|
+
fi
|
|
27
31
|
|
|
28
32
|
directory=$(pwd)
|
|
29
33
|
file=$1
|
|
30
34
|
|
|
31
|
-
echo "File to be signed: $file"
|
|
35
|
+
echo "File to be signed: $file using $method"
|
|
32
36
|
echo "Working directory: $directory"
|
|
33
37
|
|
|
34
38
|
gpg_sign() {
|
|
@@ -43,6 +47,9 @@ gpg_sign() {
|
|
|
43
47
|
}
|
|
44
48
|
|
|
45
49
|
jsign_sign() {
|
|
50
|
+
if [ -z ${alias+omitted} ]; then echo "Alias must be set when signing with jsign" && exit 1; fi
|
|
51
|
+
if [ -z ${timestampUrl+omitted} ]; then echo "Timestamp URL must be set when signing with jsign" && exit 1; fi
|
|
52
|
+
|
|
46
53
|
docker run \
|
|
47
54
|
-e GRS_CONFIG_USER1_USERNAME="${garasign_username}" \
|
|
48
55
|
-e GRS_CONFIG_USER1_PASSWORD="${garasign_password}" \
|
|
@@ -50,13 +57,15 @@ jsign_sign() {
|
|
|
50
57
|
-v $directory:$directory \
|
|
51
58
|
-w $directory \
|
|
52
59
|
artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-jsign \
|
|
53
|
-
/bin/bash -c "jsign
|
|
60
|
+
/bin/bash -c "jsign -t '$timestampUrl' -a '$alias' '$file'"
|
|
54
61
|
}
|
|
55
62
|
|
|
56
|
-
if [[
|
|
63
|
+
if [[ $method == "gpg" ]]; then
|
|
57
64
|
gpg_sign
|
|
58
|
-
elif [[
|
|
65
|
+
elif [[ $method == "jsign" ]]; then
|
|
59
66
|
jsign_sign
|
|
67
|
+
else
|
|
68
|
+
echo "Unknown signing method: $method"
|
|
69
|
+
exit 1
|
|
60
70
|
fi
|
|
61
|
-
|
|
62
71
|
echo "Finished signing $file"
|
|
@@ -8,16 +8,28 @@ import { RemoteSigningClient } from './remote-signing-client';
|
|
|
8
8
|
export { LocalSigningClient } from './local-signing-client';
|
|
9
9
|
export { RemoteSigningClient } from './remote-signing-client';
|
|
10
10
|
|
|
11
|
-
export type
|
|
11
|
+
export type SigningOptions =
|
|
12
|
+
| {
|
|
13
|
+
method: 'gpg';
|
|
14
|
+
}
|
|
15
|
+
| {
|
|
16
|
+
method: 'jsign';
|
|
17
|
+
// The alias of the certificate used for signing in the keystore
|
|
18
|
+
certificateAlias: 'compass' | 'mongosh';
|
|
19
|
+
// The URL of the timestamping authority.
|
|
20
|
+
timestampUrl?: string;
|
|
21
|
+
};
|
|
12
22
|
|
|
13
23
|
export type SigningClientOptions = {
|
|
14
24
|
workingDirectory: string;
|
|
15
25
|
signingScript: string;
|
|
16
|
-
|
|
26
|
+
signingOptions: SigningOptions;
|
|
17
27
|
};
|
|
18
28
|
|
|
19
29
|
/** Options for signing a file remotely over an SSH connection. */
|
|
20
30
|
export type RemoteSigningOptions = {
|
|
31
|
+
/** Hostname or IP address of the server to */
|
|
32
|
+
host?: string;
|
|
21
33
|
/** Username for authentication. */
|
|
22
34
|
username?: string;
|
|
23
35
|
/** Password for password-based user authentication. */
|
|
@@ -26,9 +38,8 @@ export type RemoteSigningOptions = {
|
|
|
26
38
|
port?: number;
|
|
27
39
|
/** Buffer or string that contains a private key for either key-based or hostbased user authentication (OpenSSH format). */
|
|
28
40
|
privateKey?: Buffer | string;
|
|
29
|
-
/** The method to sign with. Use gpg on linux and jsign on windows. */
|
|
30
|
-
signingMethod: SigningMethod;
|
|
31
41
|
|
|
42
|
+
signingOptions: SigningOptions;
|
|
32
43
|
/**
|
|
33
44
|
* The path of the working directory in which to sign files **on the remote ssh server**. Defaults to `/home/ubuntu/garasign`.
|
|
34
45
|
*/
|
|
@@ -38,9 +49,7 @@ export type RemoteSigningOptions = {
|
|
|
38
49
|
|
|
39
50
|
/** Options for signing a file locally. */
|
|
40
51
|
export type LocalSigningOptions = {
|
|
41
|
-
|
|
42
|
-
signingMethod: SigningMethod;
|
|
43
|
-
|
|
52
|
+
signingOptions: SigningOptions;
|
|
44
53
|
client: 'local';
|
|
45
54
|
};
|
|
46
55
|
|
|
@@ -67,13 +76,13 @@ export async function getSigningClient(
|
|
|
67
76
|
return new RemoteSigningClient(sshClient, {
|
|
68
77
|
workingDirectory: options.workingDirectory ?? '/home/ubuntu/garasign',
|
|
69
78
|
signingScript,
|
|
70
|
-
|
|
79
|
+
signingOptions: options.signingOptions,
|
|
71
80
|
});
|
|
72
81
|
}
|
|
73
82
|
if (options.client === 'local') {
|
|
74
83
|
return new LocalSigningClient({
|
|
75
84
|
signingScript,
|
|
76
|
-
|
|
85
|
+
signingOptions: options.signingOptions,
|
|
77
86
|
});
|
|
78
87
|
}
|
|
79
88
|
// @ts-expect-error `client` is a discriminated union - we should never reach here but we throw on the off-chance we do.
|
|
@@ -31,7 +31,9 @@ describe('LocalSigningClient', function () {
|
|
|
31
31
|
it('executes the signing script correctly', async function () {
|
|
32
32
|
const localSigningClient = new LocalSigningClient({
|
|
33
33
|
signingScript: signingScript,
|
|
34
|
-
|
|
34
|
+
signingOptions: {
|
|
35
|
+
method: 'gpg',
|
|
36
|
+
},
|
|
35
37
|
});
|
|
36
38
|
|
|
37
39
|
await localSigningClient.sign(fileToSign);
|
|
@@ -58,7 +60,9 @@ describe('LocalSigningClient', function () {
|
|
|
58
60
|
it('sign() rejects', async function () {
|
|
59
61
|
const localSigningClient = new LocalSigningClient({
|
|
60
62
|
signingScript: signingScript,
|
|
61
|
-
|
|
63
|
+
signingOptions: {
|
|
64
|
+
method: 'gpg',
|
|
65
|
+
},
|
|
62
66
|
});
|
|
63
67
|
|
|
64
68
|
const error = await localSigningClient.sign(fileToSign).catch((e) => e);
|
|
@@ -68,7 +72,9 @@ describe('LocalSigningClient', function () {
|
|
|
68
72
|
it('includes the stdout and stderr of the failed script in the error', async function () {
|
|
69
73
|
const localSigningClient = new LocalSigningClient({
|
|
70
74
|
signingScript: signingScript,
|
|
71
|
-
|
|
75
|
+
signingOptions: {
|
|
76
|
+
method: 'gpg',
|
|
77
|
+
},
|
|
72
78
|
});
|
|
73
79
|
|
|
74
80
|
const error: Error = await localSigningClient
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import path from 'path';
|
|
2
2
|
import { spawnSync } from 'child_process';
|
|
3
|
-
import { debug, getEnv } from '../utils';
|
|
3
|
+
import { debug, getEnv, mapSigningOptionsForScript } from '../utils';
|
|
4
4
|
import type { SigningClient, SigningClientOptions } from '.';
|
|
5
5
|
|
|
6
6
|
const localClientDebug = debug.extend('LocalSigningClient');
|
|
@@ -27,7 +27,7 @@ export class LocalSigningClient implements SigningClient {
|
|
|
27
27
|
try {
|
|
28
28
|
const env = {
|
|
29
29
|
...getEnv(),
|
|
30
|
-
|
|
30
|
+
...mapSigningOptionsForScript(this.options.signingOptions),
|
|
31
31
|
};
|
|
32
32
|
|
|
33
33
|
const { stdout, stderr, status } = spawnSync(
|
|
@@ -46,7 +46,9 @@ describe('RemoteSigningClient', function () {
|
|
|
46
46
|
const remoteSigningClient = new RemoteSigningClient(getMockedSSHClient(), {
|
|
47
47
|
workingDirectory: workingDirectoryPath,
|
|
48
48
|
signingScript: signingScript,
|
|
49
|
-
|
|
49
|
+
signingOptions: {
|
|
50
|
+
method: 'gpg',
|
|
51
|
+
},
|
|
50
52
|
});
|
|
51
53
|
|
|
52
54
|
await remoteSigningClient.sign(fileToSign);
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import path from 'path';
|
|
2
2
|
import type { SSHClient } from '../ssh-client';
|
|
3
|
-
import { debug, getEnv } from '../utils';
|
|
3
|
+
import { debug, getEnv, mapSigningOptionsForScript } from '../utils';
|
|
4
4
|
import type { SigningClient, SigningClientOptions } from '.';
|
|
5
5
|
|
|
6
6
|
export class RemoteSigningClient implements SigningClient {
|
|
@@ -34,6 +34,9 @@ export class RemoteSigningClient implements SigningClient {
|
|
|
34
34
|
|
|
35
35
|
private async signRemoteFile(file: string) {
|
|
36
36
|
const env = getEnv();
|
|
37
|
+
const signingOptions = mapSigningOptionsForScript(
|
|
38
|
+
this.options.signingOptions
|
|
39
|
+
);
|
|
37
40
|
/**
|
|
38
41
|
* Passing env variables as an option to ssh.exec() doesn't work as ssh config
|
|
39
42
|
* (`sshd_config.AllowEnv`) does not allow to pass env variables by default.
|
|
@@ -49,7 +52,9 @@ export class RemoteSigningClient implements SigningClient {
|
|
|
49
52
|
`export artifactory_username=${env.artifactory_username}`,
|
|
50
53
|
// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
|
|
51
54
|
`export artifactory_password=${env.artifactory_password}`,
|
|
52
|
-
|
|
55
|
+
...(Object.keys(signingOptions) as (keyof typeof signingOptions)[]).map(
|
|
56
|
+
(k) => `export ${k}=${signingOptions[k] as string}`
|
|
57
|
+
),
|
|
53
58
|
`./garasign.sh '${file}'`,
|
|
54
59
|
];
|
|
55
60
|
const command = cmds.join(' && ');
|
package/src/utils.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { debug as debugFn } from 'debug';
|
|
2
|
+
import type { SigningOptions } from './signing-clients';
|
|
2
3
|
|
|
3
4
|
export const debug = debugFn('signing-utils');
|
|
4
5
|
|
|
@@ -19,3 +20,23 @@ export function getEnv() {
|
|
|
19
20
|
artifactory_password,
|
|
20
21
|
};
|
|
21
22
|
}
|
|
23
|
+
|
|
24
|
+
const DEFAULT_JSIGN_TIMESTAMP_URL = 'http://timestamp.digicert.com';
|
|
25
|
+
|
|
26
|
+
export function mapSigningOptionsForScript(options: SigningOptions) {
|
|
27
|
+
if (options.method === 'gpg') {
|
|
28
|
+
return {
|
|
29
|
+
method: options.method,
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
if (options.method === 'jsign') {
|
|
34
|
+
return {
|
|
35
|
+
method: options.method,
|
|
36
|
+
alias: options.certificateAlias,
|
|
37
|
+
timestampUrl: options.timestampUrl ?? DEFAULT_JSIGN_TIMESTAMP_URL,
|
|
38
|
+
};
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
return {};
|
|
42
|
+
}
|