@mongodb-js/signing-utils 0.2.2 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/signing-clients/index.d.ts +4 -10
- package/dist/signing-clients/index.d.ts.map +1 -1
- package/dist/signing-clients/index.js +2 -2
- package/dist/signing-clients/index.js.map +1 -1
- package/dist/signing-clients/local-signing-client.js +1 -1
- package/dist/signing-clients/local-signing-client.js.map +1 -1
- package/dist/signing-clients/remote-signing-client.d.ts.map +1 -1
- package/dist/signing-clients/remote-signing-client.js +9 -4
- package/dist/signing-clients/remote-signing-client.js.map +1 -1
- package/dist/utils.d.ts +0 -14
- package/dist/utils.d.ts.map +1 -1
- package/dist/utils.js +1 -18
- package/dist/utils.js.map +1 -1
- package/package.json +3 -3
- package/src/garasign.sh +1 -4
- package/src/signing-clients/index.ts +9 -16
- package/src/signing-clients/local-signing-client.spec.ts +3 -9
- package/src/signing-clients/local-signing-client.ts +2 -2
- package/src/signing-clients/remote-signing-client.spec.ts +1 -3
- package/src/signing-clients/remote-signing-client.ts +13 -9
- package/src/utils.ts +0 -21
|
@@ -1,17 +1,11 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
2
|
export { LocalSigningClient } from './local-signing-client';
|
|
3
3
|
export { RemoteSigningClient } from './remote-signing-client';
|
|
4
|
-
export type
|
|
5
|
-
method: 'gpg';
|
|
6
|
-
} | {
|
|
7
|
-
method: 'jsign';
|
|
8
|
-
certificateAlias: 'compass' | 'mongosh';
|
|
9
|
-
timestampUrl?: string;
|
|
10
|
-
};
|
|
4
|
+
export type SigningMethod = 'gpg' | 'jsign';
|
|
11
5
|
export type SigningClientOptions = {
|
|
12
6
|
workingDirectory: string;
|
|
13
7
|
signingScript: string;
|
|
14
|
-
|
|
8
|
+
signingMethod: SigningMethod;
|
|
15
9
|
};
|
|
16
10
|
export type RemoteSigningOptions = {
|
|
17
11
|
host?: string;
|
|
@@ -19,12 +13,12 @@ export type RemoteSigningOptions = {
|
|
|
19
13
|
password?: string;
|
|
20
14
|
port?: number;
|
|
21
15
|
privateKey?: Buffer | string;
|
|
22
|
-
|
|
16
|
+
signingMethod: SigningMethod;
|
|
23
17
|
workingDirectory?: string;
|
|
24
18
|
client: 'remote';
|
|
25
19
|
};
|
|
26
20
|
export type LocalSigningOptions = {
|
|
27
|
-
|
|
21
|
+
signingMethod: SigningMethod;
|
|
28
22
|
client: 'local';
|
|
29
23
|
};
|
|
30
24
|
export type ClientOptions = RemoteSigningOptions | LocalSigningOptions;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";AAOA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,MAAM,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";AAOA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,OAAO,CAAC;AAE5C,MAAM,MAAM,oBAAoB,GAAG;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,aAAa,CAAC;CAC9B,CAAC;AAGF,MAAM,MAAM,oBAAoB,GAAG;IAEjC,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAE7B,aAAa,EAAE,aAAa,CAAC;IAK7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,QAAQ,CAAC;CAClB,CAAC;AAGF,MAAM,MAAM,mBAAmB,GAAG;IAEhC,aAAa,EAAE,aAAa,CAAC;IAE7B,MAAM,EAAE,OAAO,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG,oBAAoB,GAAG,mBAAmB,CAAC;AAEvE,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnC;AAED,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CA2BxB"}
|
|
@@ -44,13 +44,13 @@ async function getSigningClient(options) {
|
|
|
44
44
|
return new remote_signing_client_1.RemoteSigningClient(sshClient, {
|
|
45
45
|
workingDirectory: options.workingDirectory ?? '/home/ubuntu/garasign',
|
|
46
46
|
signingScript,
|
|
47
|
-
|
|
47
|
+
signingMethod: options.signingMethod,
|
|
48
48
|
});
|
|
49
49
|
}
|
|
50
50
|
if (options.client === 'local') {
|
|
51
51
|
return new local_signing_client_1.LocalSigningClient({
|
|
52
52
|
signingScript,
|
|
53
|
-
|
|
53
|
+
signingMethod: options.signingMethod,
|
|
54
54
|
});
|
|
55
55
|
}
|
|
56
56
|
throw new Error(`Unknown client type: ${options.client}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2CAA6B;AAC7B,8CAA0C;AAC1C,iEAA4D;AAC5D,mEAA8D;AAE9D,+DAA4D;AAAnD,0HAAA,kBAAkB,OAAA;AAC3B,iEAA8D;AAArD,4HAAA,mBAAmB,OAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2CAA6B;AAC7B,8CAA0C;AAC1C,iEAA4D;AAC5D,mEAA8D;AAE9D,+DAA4D;AAAnD,0HAAA,kBAAkB,OAAA;AAC3B,iEAA8D;AAArD,4HAAA,mBAAmB,OAAA;AA8CrB,KAAK,UAAU,gBAAgB,CACpC,OAAsB;IAEtB,KAAK,UAAU,YAAY,CAAC,UAAyB;QACnD,MAAM,SAAS,GAAG,IAAI,sBAAS,CAAC,UAAU,CAAC,CAAC;QAC5C,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAE5E,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE9C,OAAO,IAAI,2CAAmB,CAAC,SAAS,EAAE;YACxC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,uBAAuB;YACrE,aAAa;YACb,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC/B,OAAO,IAAI,yCAAkB,CAAC;YAC5B,aAAa;YACb,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;IACL,CAAC;IAGD,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5D,CAAC;AA7BD,4CA6BC"}
|
|
@@ -18,7 +18,7 @@ class LocalSigningClient {
|
|
|
18
18
|
try {
|
|
19
19
|
const env = {
|
|
20
20
|
...(0, utils_1.getEnv)(),
|
|
21
|
-
|
|
21
|
+
method: this.options.signingMethod,
|
|
22
22
|
};
|
|
23
23
|
const { stdout, stderr, status } = (0, child_process_1.spawnSync)('bash', [this.options.signingScript, path_1.default.basename(file)], {
|
|
24
24
|
cwd: directoryOfFileToSign,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/local-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,iDAA0C;AAC1C,
|
|
1
|
+
{"version":3,"file":"local-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/local-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,iDAA0C;AAC1C,oCAAyC;AAGzC,MAAM,gBAAgB,GAAG,aAAK,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;AAQ5D,MAAa,kBAAkB;IAC7B,YACU,OAAuD;QAAvD,YAAO,GAAP,OAAO,CAAgD;IAC9D,CAAC;IAKJ,KAAK,CAAC,IAAI,CAAC,IAAY;QACrB,gBAAgB,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QAEpC,MAAM,qBAAqB,GAAG,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEjD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG;gBACV,GAAG,IAAA,cAAM,GAAE;gBACX,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa;aACnC,CAAC;YAEF,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,yBAAS,EAC1C,MAAM,EACN,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,cAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EACjD;gBACE,GAAG,EAAE,qBAAqB;gBAC1B,GAAG;gBACH,QAAQ,EAAE,OAAO;aAClB,CACF,CAAC;YAEF,gBAAgB,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;YAErC,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,SAAS,CAAC;oBACb,MAAM;oBACN,MAAM;iBACP,CAAC,CACH,CAAC;YACJ,CAAC;YACD,gBAAgB,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gBAAgB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YAC5B,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF;AA7CD,gDA6CC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remote-signing-client.d.ts","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,OAAO,KAAK,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,GAAG,CAAC;AAE7D,qBAAa,mBAAoB,YAAW,aAAa;IAErD,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,OAAO;gBADP,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,oBAAoB;YASzB,IAAI;IAWlB,OAAO,CAAC,iBAAiB;YAMX,cAAc;
|
|
1
|
+
{"version":3,"file":"remote-signing-client.d.ts","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,OAAO,KAAK,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,GAAG,CAAC;AAE7D,qBAAa,mBAAoB,YAAW,aAAa;IAErD,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,OAAO;gBADP,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,oBAAoB;YASzB,IAAI;IAWlB,OAAO,CAAC,iBAAiB;YAMX,cAAc;IAyBtB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CA+BxC"}
|
|
@@ -24,14 +24,13 @@ class RemoteSigningClient {
|
|
|
24
24
|
}
|
|
25
25
|
async signRemoteFile(file) {
|
|
26
26
|
const env = (0, utils_1.getEnv)();
|
|
27
|
-
const signingOptions = (0, utils_1.mapSigningOptionsForScript)(this.options.signingOptions);
|
|
28
27
|
const cmds = [
|
|
29
28
|
`cd '${this.options.workingDirectory}'`,
|
|
30
29
|
`export garasign_username=${env.garasign_username}`,
|
|
31
30
|
`export garasign_password=${env.garasign_password}`,
|
|
32
31
|
`export artifactory_username=${env.artifactory_username}`,
|
|
33
32
|
`export artifactory_password=${env.artifactory_password}`,
|
|
34
|
-
|
|
33
|
+
`export method=${this.options.signingMethod}`,
|
|
35
34
|
`./garasign.sh '${file}'`,
|
|
36
35
|
];
|
|
37
36
|
const command = cmds.join(' && ');
|
|
@@ -46,8 +45,14 @@ class RemoteSigningClient {
|
|
|
46
45
|
(0, utils_1.debug)(`SFTP: Copied file ${file} to ${remotePath}`);
|
|
47
46
|
await this.signRemoteFile(path_1.default.basename(remotePath));
|
|
48
47
|
(0, utils_1.debug)(`SFTP: Signed file ${file}`);
|
|
49
|
-
|
|
50
|
-
|
|
48
|
+
if (this.options.signingMethod === 'jsign') {
|
|
49
|
+
await this.sshClient.downloadFile(remotePath, file);
|
|
50
|
+
(0, utils_1.debug)(`SFTP: Downloaded signed file to ${file}`);
|
|
51
|
+
}
|
|
52
|
+
if (this.options.signingMethod === 'gpg') {
|
|
53
|
+
await this.sshClient.downloadFile(`${remotePath}.sig`, `${file}.sig`);
|
|
54
|
+
(0, utils_1.debug)(`SFTP: Downloaded signature file to ${file}`);
|
|
55
|
+
}
|
|
51
56
|
}
|
|
52
57
|
catch (error) {
|
|
53
58
|
(0, utils_1.debug)({ error });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remote-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,
|
|
1
|
+
{"version":3,"file":"remote-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,oCAAyC;AAGzC,MAAa,mBAAmB;IAC9B,YACU,SAAoB,EACpB,OAA6B;QAD7B,cAAS,GAAT,SAAS,CAAW;QACpB,YAAO,GAAP,OAAO,CAAsB;IACpC,CAAC;IAQI,KAAK,CAAC,IAAI;QAChB,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAGvE,CAAC;YACC,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,cAAc,CAAC;YACpE,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;YACxE,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,IAAY;QACpC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,SAAS,IAAI,CAAC,GAAG,EAAE,IAAI,cAAI,CAAC,QAAQ,CACzE,IAAI,CACL,EAAE,CAAC;IACN,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,IAAY;QACvC,MAAM,GAAG,GAAG,IAAA,cAAM,GAAE,CAAC;QAMrB,MAAM,IAAI,GAAG;YACX,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,GAAG;YAEvC,4BAA4B,GAAG,CAAC,iBAAiB,EAAE;YAEnD,4BAA4B,GAAG,CAAC,iBAAiB,EAAE;YAEnD,+BAA+B,GAAG,CAAC,oBAAoB,EAAE;YAEzD,+BAA+B,GAAG,CAAC,oBAAoB,EAAE;YACzD,iBAAiB,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE;YAC7C,kBAAkB,IAAI,GAAG;SAC1B,CAAC;QACF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAA,aAAK,EAAC,6BAA6B,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAY;QACrB,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC;YAEH,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAElB,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YAChD,IAAA,aAAK,EAAC,qBAAqB,IAAI,OAAO,UAAU,EAAE,CAAC,CAAC;YAEpD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;YACrD,IAAA,aAAK,EAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;YAEnC,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,KAAK,OAAO,EAAE,CAAC;gBAC3C,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACpD,IAAA,aAAK,EAAC,mCAAmC,IAAI,EAAE,CAAC,CAAC;YACnD,CAAC;YAID,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;gBACzC,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,UAAU,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,CAAC;gBACtE,IAAA,aAAK,EAAC,sCAAsC,IAAI,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,aAAK,EAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACnB,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC5C,IAAA,aAAK,EAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;YACjD,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;CACF;AArFD,kDAqFC"}
|
package/dist/utils.d.ts
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
/// <reference types="debug" />
|
|
2
|
-
import type { SigningOptions } from './signing-clients';
|
|
3
2
|
export declare const debug: import("debug").Debugger;
|
|
4
3
|
export declare function getEnv(): {
|
|
5
4
|
garasign_username: string | undefined;
|
|
@@ -7,17 +6,4 @@ export declare function getEnv(): {
|
|
|
7
6
|
artifactory_username: string | undefined;
|
|
8
7
|
artifactory_password: string | undefined;
|
|
9
8
|
};
|
|
10
|
-
export declare function mapSigningOptionsForScript(options: SigningOptions): {
|
|
11
|
-
method: "gpg";
|
|
12
|
-
alias?: undefined;
|
|
13
|
-
timestampUrl?: undefined;
|
|
14
|
-
} | {
|
|
15
|
-
method: "jsign";
|
|
16
|
-
alias: "compass" | "mongosh";
|
|
17
|
-
timestampUrl: string;
|
|
18
|
-
} | {
|
|
19
|
-
method?: undefined;
|
|
20
|
-
alias?: undefined;
|
|
21
|
-
timestampUrl?: undefined;
|
|
22
|
-
};
|
|
23
9
|
//# sourceMappingURL=utils.d.ts.map
|
package/dist/utils.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";AAEA,eAAO,MAAM,KAAK,0BAA2B,CAAC;AAE9C,wBAAgB,MAAM;;;;;EAgBrB"}
|
package/dist/utils.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.getEnv = exports.debug = void 0;
|
|
4
4
|
const debug_1 = require("debug");
|
|
5
5
|
exports.debug = (0, debug_1.debug)('signing-utils');
|
|
6
6
|
function getEnv() {
|
|
@@ -16,21 +16,4 @@ function getEnv() {
|
|
|
16
16
|
};
|
|
17
17
|
}
|
|
18
18
|
exports.getEnv = getEnv;
|
|
19
|
-
const DEFAULT_JSIGN_TIMESTAMP_URL = 'http://timestamp.digicert.com';
|
|
20
|
-
function mapSigningOptionsForScript(options) {
|
|
21
|
-
if (options.method === 'gpg') {
|
|
22
|
-
return {
|
|
23
|
-
method: options.method,
|
|
24
|
-
};
|
|
25
|
-
}
|
|
26
|
-
if (options.method === 'jsign') {
|
|
27
|
-
return {
|
|
28
|
-
method: options.method,
|
|
29
|
-
alias: options.certificateAlias,
|
|
30
|
-
timestampUrl: options.timestampUrl ?? DEFAULT_JSIGN_TIMESTAMP_URL,
|
|
31
|
-
};
|
|
32
|
-
}
|
|
33
|
-
return {};
|
|
34
|
-
}
|
|
35
|
-
exports.mapSigningOptionsForScript = mapSigningOptionsForScript;
|
|
36
19
|
//# sourceMappingURL=utils.js.map
|
package/dist/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;;AAAA,iCAAyC;
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;;AAAA,iCAAyC;AAE5B,QAAA,KAAK,GAAG,IAAA,aAAO,EAAC,eAAe,CAAC,CAAC;AAE9C,SAAgB,MAAM;IACpB,MAAM,iBAAiB,GACrB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACvE,MAAM,iBAAiB,GACrB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACvE,MAAM,oBAAoB,GACxB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAC7E,MAAM,oBAAoB,GACxB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE7E,OAAO;QACL,iBAAiB;QACjB,iBAAiB;QACjB,oBAAoB;QACpB,oBAAoB;KACrB,CAAC;AACJ,CAAC;AAhBD,wBAgBC"}
|
package/package.json
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"email": "compass@mongodb.com"
|
|
14
14
|
},
|
|
15
15
|
"homepage": "https://github.com/mongodb-js/devtools-shared",
|
|
16
|
-
"version": "0.2.
|
|
16
|
+
"version": "0.2.4",
|
|
17
17
|
"repository": {
|
|
18
18
|
"type": "git",
|
|
19
19
|
"url": "https://github.com/mongodb-js/devtools-shared.git"
|
|
@@ -55,7 +55,6 @@
|
|
|
55
55
|
"@types/mocha": "^9.1.1",
|
|
56
56
|
"@types/node": "^17.0.35",
|
|
57
57
|
"@types/sinon-chai": "^3.2.5",
|
|
58
|
-
"@types/ssh2": "^1.11.18",
|
|
59
58
|
"chai": "^4.3.6",
|
|
60
59
|
"depcheck": "^1.4.1",
|
|
61
60
|
"eslint": "^7.25.0",
|
|
@@ -67,8 +66,9 @@
|
|
|
67
66
|
"typescript": "^5.0.4"
|
|
68
67
|
},
|
|
69
68
|
"dependencies": {
|
|
69
|
+
"@types/ssh2": "^1.11.19",
|
|
70
70
|
"debug": "^4.3.4",
|
|
71
71
|
"ssh2": "^1.15.0"
|
|
72
72
|
},
|
|
73
|
-
"gitHead": "
|
|
73
|
+
"gitHead": "f8d3303511dcae34fdd8d24074090ebd9b9a28aa"
|
|
74
74
|
}
|
package/src/garasign.sh
CHANGED
|
@@ -47,9 +47,6 @@ gpg_sign() {
|
|
|
47
47
|
}
|
|
48
48
|
|
|
49
49
|
jsign_sign() {
|
|
50
|
-
if [ -z ${alias+omitted} ]; then echo "Alias must be set when signing with jsign" && exit 1; fi
|
|
51
|
-
if [ -z ${timestampUrl+omitted} ]; then echo "Timestamp URL must be set when signing with jsign" && exit 1; fi
|
|
52
|
-
|
|
53
50
|
docker run \
|
|
54
51
|
-e GRS_CONFIG_USER1_USERNAME="${garasign_username}" \
|
|
55
52
|
-e GRS_CONFIG_USER1_PASSWORD="${garasign_password}" \
|
|
@@ -57,7 +54,7 @@ jsign_sign() {
|
|
|
57
54
|
-v $directory:$directory \
|
|
58
55
|
-w $directory \
|
|
59
56
|
artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-jsign \
|
|
60
|
-
/bin/bash -c "jsign -t '
|
|
57
|
+
/bin/bash -c "jsign -t 'http://timestamp.digicert.com' -a 'mongo-authenticode-2021' '$file'"
|
|
61
58
|
}
|
|
62
59
|
|
|
63
60
|
if [[ $method == "gpg" ]]; then
|
|
@@ -8,22 +8,12 @@ import { RemoteSigningClient } from './remote-signing-client';
|
|
|
8
8
|
export { LocalSigningClient } from './local-signing-client';
|
|
9
9
|
export { RemoteSigningClient } from './remote-signing-client';
|
|
10
10
|
|
|
11
|
-
export type
|
|
12
|
-
| {
|
|
13
|
-
method: 'gpg';
|
|
14
|
-
}
|
|
15
|
-
| {
|
|
16
|
-
method: 'jsign';
|
|
17
|
-
// The alias of the certificate used for signing in the keystore
|
|
18
|
-
certificateAlias: 'compass' | 'mongosh';
|
|
19
|
-
// The URL of the timestamping authority.
|
|
20
|
-
timestampUrl?: string;
|
|
21
|
-
};
|
|
11
|
+
export type SigningMethod = 'gpg' | 'jsign';
|
|
22
12
|
|
|
23
13
|
export type SigningClientOptions = {
|
|
24
14
|
workingDirectory: string;
|
|
25
15
|
signingScript: string;
|
|
26
|
-
|
|
16
|
+
signingMethod: SigningMethod;
|
|
27
17
|
};
|
|
28
18
|
|
|
29
19
|
/** Options for signing a file remotely over an SSH connection. */
|
|
@@ -38,8 +28,9 @@ export type RemoteSigningOptions = {
|
|
|
38
28
|
port?: number;
|
|
39
29
|
/** Buffer or string that contains a private key for either key-based or hostbased user authentication (OpenSSH format). */
|
|
40
30
|
privateKey?: Buffer | string;
|
|
31
|
+
/** The method to sign with. Use gpg on linux and jsign on windows. */
|
|
32
|
+
signingMethod: SigningMethod;
|
|
41
33
|
|
|
42
|
-
signingOptions: SigningOptions;
|
|
43
34
|
/**
|
|
44
35
|
* The path of the working directory in which to sign files **on the remote ssh server**. Defaults to `/home/ubuntu/garasign`.
|
|
45
36
|
*/
|
|
@@ -49,7 +40,9 @@ export type RemoteSigningOptions = {
|
|
|
49
40
|
|
|
50
41
|
/** Options for signing a file locally. */
|
|
51
42
|
export type LocalSigningOptions = {
|
|
52
|
-
|
|
43
|
+
/** The method to sign with. Use gpg on linux and jsign on windows. */
|
|
44
|
+
signingMethod: SigningMethod;
|
|
45
|
+
|
|
53
46
|
client: 'local';
|
|
54
47
|
};
|
|
55
48
|
|
|
@@ -76,13 +69,13 @@ export async function getSigningClient(
|
|
|
76
69
|
return new RemoteSigningClient(sshClient, {
|
|
77
70
|
workingDirectory: options.workingDirectory ?? '/home/ubuntu/garasign',
|
|
78
71
|
signingScript,
|
|
79
|
-
|
|
72
|
+
signingMethod: options.signingMethod,
|
|
80
73
|
});
|
|
81
74
|
}
|
|
82
75
|
if (options.client === 'local') {
|
|
83
76
|
return new LocalSigningClient({
|
|
84
77
|
signingScript,
|
|
85
|
-
|
|
78
|
+
signingMethod: options.signingMethod,
|
|
86
79
|
});
|
|
87
80
|
}
|
|
88
81
|
// @ts-expect-error `client` is a discriminated union - we should never reach here but we throw on the off-chance we do.
|
|
@@ -31,9 +31,7 @@ describe('LocalSigningClient', function () {
|
|
|
31
31
|
it('executes the signing script correctly', async function () {
|
|
32
32
|
const localSigningClient = new LocalSigningClient({
|
|
33
33
|
signingScript: signingScript,
|
|
34
|
-
|
|
35
|
-
method: 'gpg',
|
|
36
|
-
},
|
|
34
|
+
signingMethod: 'gpg',
|
|
37
35
|
});
|
|
38
36
|
|
|
39
37
|
await localSigningClient.sign(fileToSign);
|
|
@@ -60,9 +58,7 @@ describe('LocalSigningClient', function () {
|
|
|
60
58
|
it('sign() rejects', async function () {
|
|
61
59
|
const localSigningClient = new LocalSigningClient({
|
|
62
60
|
signingScript: signingScript,
|
|
63
|
-
|
|
64
|
-
method: 'gpg',
|
|
65
|
-
},
|
|
61
|
+
signingMethod: 'gpg',
|
|
66
62
|
});
|
|
67
63
|
|
|
68
64
|
const error = await localSigningClient.sign(fileToSign).catch((e) => e);
|
|
@@ -72,9 +68,7 @@ describe('LocalSigningClient', function () {
|
|
|
72
68
|
it('includes the stdout and stderr of the failed script in the error', async function () {
|
|
73
69
|
const localSigningClient = new LocalSigningClient({
|
|
74
70
|
signingScript: signingScript,
|
|
75
|
-
|
|
76
|
-
method: 'gpg',
|
|
77
|
-
},
|
|
71
|
+
signingMethod: 'gpg',
|
|
78
72
|
});
|
|
79
73
|
|
|
80
74
|
const error: Error = await localSigningClient
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import path from 'path';
|
|
2
2
|
import { spawnSync } from 'child_process';
|
|
3
|
-
import { debug, getEnv
|
|
3
|
+
import { debug, getEnv } from '../utils';
|
|
4
4
|
import type { SigningClient, SigningClientOptions } from '.';
|
|
5
5
|
|
|
6
6
|
const localClientDebug = debug.extend('LocalSigningClient');
|
|
@@ -27,7 +27,7 @@ export class LocalSigningClient implements SigningClient {
|
|
|
27
27
|
try {
|
|
28
28
|
const env = {
|
|
29
29
|
...getEnv(),
|
|
30
|
-
|
|
30
|
+
method: this.options.signingMethod,
|
|
31
31
|
};
|
|
32
32
|
|
|
33
33
|
const { stdout, stderr, status } = spawnSync(
|
|
@@ -46,9 +46,7 @@ describe('RemoteSigningClient', function () {
|
|
|
46
46
|
const remoteSigningClient = new RemoteSigningClient(getMockedSSHClient(), {
|
|
47
47
|
workingDirectory: workingDirectoryPath,
|
|
48
48
|
signingScript: signingScript,
|
|
49
|
-
|
|
50
|
-
method: 'gpg',
|
|
51
|
-
},
|
|
49
|
+
signingMethod: 'jsign',
|
|
52
50
|
});
|
|
53
51
|
|
|
54
52
|
await remoteSigningClient.sign(fileToSign);
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import path from 'path';
|
|
2
2
|
import type { SSHClient } from '../ssh-client';
|
|
3
|
-
import { debug, getEnv
|
|
3
|
+
import { debug, getEnv } from '../utils';
|
|
4
4
|
import type { SigningClient, SigningClientOptions } from '.';
|
|
5
5
|
|
|
6
6
|
export class RemoteSigningClient implements SigningClient {
|
|
@@ -34,9 +34,6 @@ export class RemoteSigningClient implements SigningClient {
|
|
|
34
34
|
|
|
35
35
|
private async signRemoteFile(file: string) {
|
|
36
36
|
const env = getEnv();
|
|
37
|
-
const signingOptions = mapSigningOptionsForScript(
|
|
38
|
-
this.options.signingOptions
|
|
39
|
-
);
|
|
40
37
|
/**
|
|
41
38
|
* Passing env variables as an option to ssh.exec() doesn't work as ssh config
|
|
42
39
|
* (`sshd_config.AllowEnv`) does not allow to pass env variables by default.
|
|
@@ -52,9 +49,7 @@ export class RemoteSigningClient implements SigningClient {
|
|
|
52
49
|
`export artifactory_username=${env.artifactory_username}`,
|
|
53
50
|
// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
|
|
54
51
|
`export artifactory_password=${env.artifactory_password}`,
|
|
55
|
-
|
|
56
|
-
(k) => `export ${k}=${signingOptions[k] as string}`
|
|
57
|
-
),
|
|
52
|
+
`export method=${this.options.signingMethod}`,
|
|
58
53
|
`./garasign.sh '${file}'`,
|
|
59
54
|
];
|
|
60
55
|
const command = cmds.join(' && ');
|
|
@@ -74,8 +69,17 @@ export class RemoteSigningClient implements SigningClient {
|
|
|
74
69
|
await this.signRemoteFile(path.basename(remotePath));
|
|
75
70
|
debug(`SFTP: Signed file ${file}`);
|
|
76
71
|
|
|
77
|
-
|
|
78
|
-
|
|
72
|
+
if (this.options.signingMethod === 'jsign') {
|
|
73
|
+
await this.sshClient.downloadFile(remotePath, file);
|
|
74
|
+
debug(`SFTP: Downloaded signed file to ${file}`);
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
// For signing using gpg, `.sig` file is created along side the file being signed.
|
|
78
|
+
// We also have to download it back and put it in the same path as original file.
|
|
79
|
+
if (this.options.signingMethod === 'gpg') {
|
|
80
|
+
await this.sshClient.downloadFile(`${remotePath}.sig`, `${file}.sig`);
|
|
81
|
+
debug(`SFTP: Downloaded signature file to ${file}`);
|
|
82
|
+
}
|
|
79
83
|
} catch (error) {
|
|
80
84
|
debug({ error });
|
|
81
85
|
} finally {
|
package/src/utils.ts
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { debug as debugFn } from 'debug';
|
|
2
|
-
import type { SigningOptions } from './signing-clients';
|
|
3
2
|
|
|
4
3
|
export const debug = debugFn('signing-utils');
|
|
5
4
|
|
|
@@ -20,23 +19,3 @@ export function getEnv() {
|
|
|
20
19
|
artifactory_password,
|
|
21
20
|
};
|
|
22
21
|
}
|
|
23
|
-
|
|
24
|
-
const DEFAULT_JSIGN_TIMESTAMP_URL = 'http://timestamp.digicert.com';
|
|
25
|
-
|
|
26
|
-
export function mapSigningOptionsForScript(options: SigningOptions) {
|
|
27
|
-
if (options.method === 'gpg') {
|
|
28
|
-
return {
|
|
29
|
-
method: options.method,
|
|
30
|
-
};
|
|
31
|
-
}
|
|
32
|
-
|
|
33
|
-
if (options.method === 'jsign') {
|
|
34
|
-
return {
|
|
35
|
-
method: options.method,
|
|
36
|
-
alias: options.certificateAlias,
|
|
37
|
-
timestampUrl: options.timestampUrl ?? DEFAULT_JSIGN_TIMESTAMP_URL,
|
|
38
|
-
};
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
-
return {};
|
|
42
|
-
}
|