@mongodb-js/signing-utils 0.2.3 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/signing-clients/index.d.ts +6 -5
  2. package/dist/signing-clients/index.d.ts.map +1 -1
  3. package/dist/signing-clients/index.js.map +1 -1
  4. package/dist/signing-clients/remote-signing-client.d.ts.map +1 -1
  5. package/dist/signing-clients/remote-signing-client.js +4 -2
  6. package/dist/signing-clients/remote-signing-client.js.map +1 -1
  7. package/package.json +3 -3
  8. package/src/garasign.sh +26 -2
  9. package/src/signing-clients/index.ts +13 -8
  10. package/src/signing-clients/remote-signing-client.spec.ts +1 -1
  11. package/src/signing-clients/remote-signing-client.ts +4 -2
package/dist/signing-clients/index.d.ts CHANGED
@@ -1,24 +1,25 @@
1
1
  /// <reference types="node" />
2
2
  export { LocalSigningClient } from './local-signing-client';
3
3
  export { RemoteSigningClient } from './remote-signing-client';
4
- export type SigningMethod = 'gpg' | 'jsign';
4
+ export type SigningMethod = 'gpg' | 'jsign' | 'rpm_gpg';
5
5
  export type SigningClientOptions = {
6
6
  workingDirectory: string;
7
7
  signingScript: string;
8
8
  signingMethod: SigningMethod;
9
9
  };
10
- export type RemoteSigningOptions = {
10
+ type SharedSigningOptions = {
11
+ signingMethod: SigningMethod;
12
+ };
13
+ export type RemoteSigningOptions = SharedSigningOptions & {
11
14
  host?: string;
12
15
  username?: string;
13
16
  password?: string;
14
17
  port?: number;
15
18
  privateKey?: Buffer | string;
16
- signingMethod: SigningMethod;
17
19
  workingDirectory?: string;
18
20
  client: 'remote';
19
21
  };
20
- export type LocalSigningOptions = {
21
- signingMethod: SigningMethod;
22
+ export type LocalSigningOptions = SharedSigningOptions & {
22
23
  client: 'local';
23
24
  };
24
25
  export type ClientOptions = RemoteSigningOptions | LocalSigningOptions;
package/dist/signing-clients/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";AAOA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,OAAO,CAAC;AAE5C,MAAM,MAAM,oBAAoB,GAAG;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,aAAa,CAAC;CAC9B,CAAC;AAGF,MAAM,MAAM,oBAAoB,GAAG;IAEjC,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAE7B,aAAa,EAAE,aAAa,CAAC;IAK7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,QAAQ,CAAC;CAClB,CAAC;AAGF,MAAM,MAAM,mBAAmB,GAAG;IAEhC,aAAa,EAAE,aAAa,CAAC;IAE7B,MAAM,EAAE,OAAO,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG,oBAAoB,GAAG,mBAAmB,CAAC;AAEvE,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnC;AAED,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CA2BxB"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";AAOA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,OAAO,GAAG,SAAS,CAAC;AAExD,MAAM,MAAM,oBAAoB,GAAG;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,aAAa,CAAC;CAC9B,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAO1B,aAAa,EAAE,aAAa,CAAC;CAC9B,CAAC;AAGF,MAAM,MAAM,oBAAoB,GAAG,oBAAoB,GAAG;IAExD,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAK7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,QAAQ,CAAC;CAClB,CAAC;AAGF,MAAM,MAAM,mBAAmB,GAAG,oBAAoB,GAAG;IACvD,MAAM,EAAE,OAAO,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG,oBAAoB,GAAG,mBAAmB,CAAC;AAEvE,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnC;AAED,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CA2BxB"}
package/dist/signing-clients/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2CAA6B;AAC7B,8CAA0C;AAC1C,iEAA4D;AAC5D,mEAA8D;AAE9D,+DAA4D;AAAnD,0HAAA,kBAAkB,OAAA;AAC3B,iEAA8D;AAArD,4HAAA,mBAAmB,OAAA;AA8CrB,KAAK,UAAU,gBAAgB,CACpC,OAAsB;IAEtB,KAAK,UAAU,YAAY,CAAC,UAAyB;QACnD,MAAM,SAAS,GAAG,IAAI,sBAAS,CAAC,UAAU,CAAC,CAAC;QAC5C,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAE5E,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE9C,OAAO,IAAI,2CAAmB,CAAC,SAAS,EAAE;YACxC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,uBAAuB;YACrE,aAAa;YACb,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC/B,OAAO,IAAI,yCAAkB,CAAC;YAC5B,aAAa;YACb,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;IACL,CAAC;IAGD,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5D,CAAC;AA7BD,4CA6BC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/signing-clients/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,2CAA6B;AAC7B,8CAA0C;AAC1C,iEAA4D;AAC5D,mEAA8D;AAE9D,+DAA4D;AAAnD,0HAAA,kBAAkB,OAAA;AAC3B,iEAA8D;AAArD,4HAAA,mBAAmB,OAAA;AAmDrB,KAAK,UAAU,gBAAgB,CACpC,OAAsB;IAEtB,KAAK,UAAU,YAAY,CAAC,UAAyB;QACnD,MAAM,SAAS,GAAG,IAAI,sBAAS,CAAC,UAAU,CAAC,CAAC;QAC5C,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAE5E,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE9C,OAAO,IAAI,2CAAmB,CAAC,SAAS,EAAE;YACxC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,uBAAuB;YACrE,aAAa;YACb,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC/B,OAAO,IAAI,yCAAkB,CAAC;YAC5B,aAAa;YACb,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;IACL,CAAC;IAGD,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5D,CAAC;AA7BD,4CA6BC"}
package/dist/signing-clients/remote-signing-client.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"remote-signing-client.d.ts","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,OAAO,KAAK,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,GAAG,CAAC;AAE7D,qBAAa,mBAAoB,YAAW,aAAa;IAErD,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,OAAO;gBADP,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,oBAAoB;YASzB,IAAI;IAWlB,OAAO,CAAC,iBAAiB;YAMX,cAAc;IAyBtB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CA6BxC"}
1
+ {"version":3,"file":"remote-signing-client.d.ts","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,OAAO,KAAK,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,GAAG,CAAC;AAE7D,qBAAa,mBAAoB,YAAW,aAAa;IAErD,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,OAAO;gBADP,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,oBAAoB;YASzB,IAAI;IAWlB,OAAO,CAAC,iBAAiB;YAMX,cAAc;IAyBtB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CA+BxC"}
package/dist/signing-clients/remote-signing-client.js CHANGED
@@ -45,8 +45,10 @@ class RemoteSigningClient {
45
45
  (0, utils_1.debug)(`SFTP: Copied file ${file} to ${remotePath}`);
46
46
  await this.signRemoteFile(path_1.default.basename(remotePath));
47
47
  (0, utils_1.debug)(`SFTP: Signed file ${file}`);
48
- await this.sshClient.downloadFile(remotePath, file);
49
- (0, utils_1.debug)(`SFTP: Downloaded signed file to ${file}`);
48
+ if (this.options.signingMethod === 'jsign') {
49
+ await this.sshClient.downloadFile(remotePath, file);
50
+ (0, utils_1.debug)(`SFTP: Downloaded signed file to ${file}`);
51
+ }
50
52
  if (this.options.signingMethod === 'gpg') {
51
53
  await this.sshClient.downloadFile(`${remotePath}.sig`, `${file}.sig`);
52
54
  (0, utils_1.debug)(`SFTP: Downloaded signature file to ${file}`);
package/dist/signing-clients/remote-signing-client.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"remote-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,oCAAyC;AAGzC,MAAa,mBAAmB;IAC9B,YACU,SAAoB,EACpB,OAA6B;QAD7B,cAAS,GAAT,SAAS,CAAW;QACpB,YAAO,GAAP,OAAO,CAAsB;IACpC,CAAC;IAQI,KAAK,CAAC,IAAI;QAChB,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAGvE,CAAC;YACC,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,cAAc,CAAC;YACpE,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;YACxE,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,IAAY;QACpC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,SAAS,IAAI,CAAC,GAAG,EAAE,IAAI,cAAI,CAAC,QAAQ,CACzE,IAAI,CACL,EAAE,CAAC;IACN,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,IAAY;QACvC,MAAM,GAAG,GAAG,IAAA,cAAM,GAAE,CAAC;QAMrB,MAAM,IAAI,GAAG;YACX,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,GAAG;YAEvC,4BAA4B,GAAG,CAAC,iBAAiB,EAAE;YAEnD,4BAA4B,GAAG,CAAC,iBAAiB,EAAE;YAEnD,+BAA+B,GAAG,CAAC,oBAAoB,EAAE;YAEzD,+BAA+B,GAAG,CAAC,oBAAoB,EAAE;YACzD,iBAAiB,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE;YAC7C,kBAAkB,IAAI,GAAG;SAC1B,CAAC;QACF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAA,aAAK,EAAC,6BAA6B,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAY;QACrB,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC;YAEH,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAElB,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YAChD,IAAA,aAAK,EAAC,qBAAqB,IAAI,OAAO,UAAU,EAAE,CAAC,CAAC;YAEpD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;YACrD,IAAA,aAAK,EAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;YAEnC,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YACpD,IAAA,aAAK,EAAC,mCAAmC,IAAI,EAAE,CAAC,CAAC;YAIjD,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;gBACzC,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,UAAU,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,CAAC;gBACtE,IAAA,aAAK,EAAC,sCAAsC,IAAI,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,aAAK,EAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACnB,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC5C,IAAA,aAAK,EAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;YACjD,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;CACF;AAnFD,kDAmFC"}
1
+ {"version":3,"file":"remote-signing-client.js","sourceRoot":"","sources":["../../src/signing-clients/remote-signing-client.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,oCAAyC;AAGzC,MAAa,mBAAmB;IAC9B,YACU,SAAoB,EACpB,OAA6B;QAD7B,cAAS,GAAT,SAAS,CAAW;QACpB,YAAO,GAAP,OAAO,CAAsB;IACpC,CAAC;IAQI,KAAK,CAAC,IAAI;QAChB,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAGvE,CAAC;YACC,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,cAAc,CAAC;YACpE,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;YACxE,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,IAAY;QACpC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,SAAS,IAAI,CAAC,GAAG,EAAE,IAAI,cAAI,CAAC,QAAQ,CACzE,IAAI,CACL,EAAE,CAAC;IACN,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,IAAY;QACvC,MAAM,GAAG,GAAG,IAAA,cAAM,GAAE,CAAC;QAMrB,MAAM,IAAI,GAAG;YACX,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,GAAG;YAEvC,4BAA4B,GAAG,CAAC,iBAAiB,EAAE;YAEnD,4BAA4B,GAAG,CAAC,iBAAiB,EAAE;YAEnD,+BAA+B,GAAG,CAAC,oBAAoB,EAAE;YAEzD,+BAA+B,GAAG,CAAC,oBAAoB,EAAE;YACzD,iBAAiB,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE;YAC7C,kBAAkB,IAAI,GAAG;SAC1B,CAAC;QACF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAA,aAAK,EAAC,6BAA6B,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAY;QACrB,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC;YAEH,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAElB,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YAChD,IAAA,aAAK,EAAC,qBAAqB,IAAI,OAAO,UAAU,EAAE,CAAC,CAAC;YAEpD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;YACrD,IAAA,aAAK,EAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;YAEnC,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,KAAK,OAAO,EAAE,CAAC;gBAC3C,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACpD,IAAA,aAAK,EAAC,mCAAmC,IAAI,EAAE,CAAC,CAAC;YACnD,CAAC;YAID,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;gBACzC,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,UAAU,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,CAAC;gBACtE,IAAA,aAAK,EAAC,sCAAsC,IAAI,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,aAAK,EAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACnB,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC5C,IAAA,aAAK,EAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;YACjD,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;CACF;AArFD,kDAqFC"}
package/package.json CHANGED
@@ -13,7 +13,7 @@
13
13
  "email": "compass@mongodb.com"
14
14
  },
15
15
  "homepage": "https://github.com/mongodb-js/devtools-shared",
16
- "version": "0.2.3",
16
+ "version": "0.3.0",
17
17
  "repository": {
18
18
  "type": "git",
19
19
  "url": "https://github.com/mongodb-js/devtools-shared.git"
@@ -55,7 +55,6 @@
55
55
  "@types/mocha": "^9.1.1",
56
56
  "@types/node": "^17.0.35",
57
57
  "@types/sinon-chai": "^3.2.5",
58
- "@types/ssh2": "^1.11.18",
59
58
  "chai": "^4.3.6",
60
59
  "depcheck": "^1.4.1",
61
60
  "eslint": "^7.25.0",
@@ -67,8 +66,9 @@
67
66
  "typescript": "^5.0.4"
68
67
  },
69
68
  "dependencies": {
69
+ "@types/ssh2": "^1.11.19",
70
70
  "debug": "^4.3.4",
71
71
  "ssh2": "^1.15.0"
72
72
  },
73
- "gitHead": "78b0e2830560fe80bb4a0c3002bb93bd4b4fe077"
73
+ "gitHead": "2486ccb12386067d251f452b5ac380a055a1db9c"
74
74
  }
package/src/garasign.sh CHANGED
@@ -11,7 +11,7 @@ if [ -z ${garasign_username+omitted} ]; then echo "garasign_username is unset" &
11
11
  if [ -z ${garasign_password+omitted} ]; then echo "garasign_password is unset" && exit 1; fi
12
12
  if [ -z ${artifactory_username+omitted} ]; then echo "artifactory_username is unset" && exit 1; fi
13
13
  if [ -z ${artifactory_password+omitted} ]; then echo "artifactory_password is unset" && exit 1; fi
14
- if [ -z ${method+omitted} ]; then echo "method must either be gpg or jsign" && exit 1; fi
14
+ if [ -z ${method+omitted} ]; then echo "method must either be gpg, rpm_gpg or jsign" && exit 1; fi
15
15
 
16
16
  ARTIFACTORY_HOST="artifactory.corp.mongodb.com"
17
17
 
@@ -53,12 +53,36 @@ jsign_sign() {
53
53
  --rm \
54
54
  -v $directory:$directory \
55
55
  -w $directory \
56
- artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-jsign \
56
+ ${ARTIFACTORY_HOST}/release-tools-container-registry-local/garasign-jsign \
57
57
  /bin/bash -c "jsign -t 'http://timestamp.digicert.com' -a 'mongo-authenticode-2021' '$file'"
58
58
  }
59
59
 
60
+ rpm_gpg_sign() {
61
+ # For signing an rpm using garasign-gpg image, we need to install rpm and then import the signing key (keyId)
62
+ # into rpm manually. This script assumes, by default there's only one key in the gpg keyring and it's the one
63
+ # to be used for signing. The rpm signing command is copied from:
64
+ # https://github.com/mongodb-devprod-infrastructure/barque/blob/3c03fe0b6a5a0d0221a78d688de6015f546fc495/sign/rpm.go#L21
65
+ docker run \
66
+ -e GRS_CONFIG_USER1_USERNAME="${garasign_username}" \
67
+ -e GRS_CONFIG_USER1_PASSWORD="${garasign_password}" \
68
+ --rm \
69
+ -v $directory:$directory \
70
+ -w $directory \
71
+ ${ARTIFACTORY_HOST}/release-tools-container-registry-local/garasign-gpg \
72
+ /bin/bash -c "gpgloader \
73
+ && apt update -y && apt install -y rpm \
74
+ && keyId=\$(gpg --list-keys --keyid-format=long --with-colons | awk -F: 'NR==2 {print \$5}') \
75
+ && tmpFile=\$(mktemp) && gpg --export -a \$keyId > \$tmpFile && rpm --import \$tmpFile && rm \$tmpFile \
76
+ && rpm --addsign \
77
+ --define \"_gpg_name \$keyId\" \
78
+ --define \"__gpg_sign_cmd \$(which gpg) \$(which gpg) --local-user=\$keyId --verbose --verbose --no-armor --digest-algo=sha256 --output %{__signature_filename} --detach-sign %{__plaintext_filename}\" $file \
79
+ "
80
+ }
81
+
60
82
  if [[ $method == "gpg" ]]; then
61
83
  gpg_sign
84
+ elif [[ $method == "rpm_gpg" ]]; then
85
+ rpm_gpg_sign
62
86
  elif [[ $method == "jsign" ]]; then
63
87
  jsign_sign
64
88
  else
package/src/signing-clients/index.ts CHANGED
@@ -8,7 +8,7 @@ import { RemoteSigningClient } from './remote-signing-client';
8
8
  export { LocalSigningClient } from './local-signing-client';
9
9
  export { RemoteSigningClient } from './remote-signing-client';
10
10
 
11
- export type SigningMethod = 'gpg' | 'jsign';
11
+ export type SigningMethod = 'gpg' | 'jsign' | 'rpm_gpg';
12
12
 
13
13
  export type SigningClientOptions = {
14
14
  workingDirectory: string;
@@ -16,8 +16,18 @@ export type SigningClientOptions = {
16
16
  signingMethod: SigningMethod;
17
17
  };
18
18
 
19
+ type SharedSigningOptions = {
20
+ /**
21
+ * The method to sign with.
22
+ * - `jsign` - for signing windows files (`exe`, `msi`, `dll`)
23
+ * - `rpm_gpg` - for signing rhel package (`rpm`)
24
+ * - `gpg` - for signing other files (`tar`, `zip`, `deb`)
25
+ */
26
+ signingMethod: SigningMethod;
27
+ };
28
+
19
29
  /** Options for signing a file remotely over an SSH connection. */
20
- export type RemoteSigningOptions = {
30
+ export type RemoteSigningOptions = SharedSigningOptions & {
21
31
  /** Hostname or IP address of the server to */
22
32
  host?: string;
23
33
  /** Username for authentication. */
@@ -28,8 +38,6 @@ export type RemoteSigningOptions = {
28
38
  port?: number;
29
39
  /** Buffer or string that contains a private key for either key-based or hostbased user authentication (OpenSSH format). */
30
40
  privateKey?: Buffer | string;
31
- /** The method to sign with. Use gpg on linux and jsign on windows. */
32
- signingMethod: SigningMethod;
33
41
 
34
42
  /**
35
43
  * The path of the working directory in which to sign files **on the remote ssh server**. Defaults to `/home/ubuntu/garasign`.
@@ -39,10 +47,7 @@ export type RemoteSigningOptions = {
39
47
  };
40
48
 
41
49
  /** Options for signing a file locally. */
42
- export type LocalSigningOptions = {
43
- /** The method to sign with. Use gpg on linux and jsign on windows. */
44
- signingMethod: SigningMethod;
45
-
50
+ export type LocalSigningOptions = SharedSigningOptions & {
46
51
  client: 'local';
47
52
  };
48
53
 
package/src/signing-clients/remote-signing-client.spec.ts CHANGED
@@ -46,7 +46,7 @@ describe('RemoteSigningClient', function () {
46
46
  const remoteSigningClient = new RemoteSigningClient(getMockedSSHClient(), {
47
47
  workingDirectory: workingDirectoryPath,
48
48
  signingScript: signingScript,
49
- signingMethod: 'gpg',
49
+ signingMethod: 'jsign',
50
50
  });
51
51
 
52
52
  await remoteSigningClient.sign(fileToSign);
package/src/signing-clients/remote-signing-client.ts CHANGED
@@ -69,8 +69,10 @@ export class RemoteSigningClient implements SigningClient {
69
69
  await this.signRemoteFile(path.basename(remotePath));
70
70
  debug(`SFTP: Signed file ${file}`);
71
71
 
72
- await this.sshClient.downloadFile(remotePath, file);
73
- debug(`SFTP: Downloaded signed file to ${file}`);
72
+ if (this.options.signingMethod === 'jsign') {
73
+ await this.sshClient.downloadFile(remotePath, file);
74
+ debug(`SFTP: Downloaded signed file to ${file}`);
75
+ }
74
76
 
75
77
  // For signing using gpg, `.sig` file is created along side the file being signed.
76
78
  // We also have to download it back and put it in the same path as original file.