Allow dylib to be signed by macos signing and fix verification command (

#3710) Signed-off-by: Sayali Gaikawad <[email protected]>
opensearch-project · Aug 31, 2023 · 4743a92 · 4743a92
1 parent 131b1c8
commit 4743a92
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/src/sign_workflow/signer_mac.py b/src/sign_workflow/signer_mac.py
@@ -18,7 +18,7 @@
 
 
 class SignerMac(Signer):
-    ACCEPTED_FILE_TYPES = [".pkg", ".dmg"]
+    ACCEPTED_FILE_TYPES = [".pkg", ".dmg", ".dylib"]
 
     def generate_signature_and_verify(self, artifact: str, basepath: Path, signature_type: str) -> None:
         filename = os.path.join(basepath, artifact)
@@ -51,5 +51,8 @@ def verify(self, filename: str) -> None:
         if platform.system() != 'Darwin':
             raise OSError(f"Cannot verify mac artifacts on non-Darwin system, {platform.system()}")
         else:
-            verify_cmd = ["pkgutil", "--check-signature", filename]
+            if (filename.endswith('.pkg')):
+                verify_cmd = ["pkgutil", "--check-signature", filename]
+            else:
+                verify_cmd = ["codesign", "--verify", "--deep", "--verbose=4", "--display", filename]
             self.git_repo.execute(" ".join(verify_cmd))
diff --git a/tests/tests_sign_workflow/test_signer_mac.py b/tests/tests_sign_workflow/test_signer_mac.py
@@ -29,10 +29,12 @@ def test_accepted_file_types(self, git_repo: Mock, platform_moc: Mock) -> None:
             "the-cat.cat",
             "random-file.txt",
             "something-1.0.0.0.jar",
+            "the-dylib.dylib"
         ]
         expected = [
             call("the-dmg.dmg", Path("path"), 'null'),
             call("the-pkg.pkg", Path("path"), 'null'),
+            call("the-dylib.dylib", Path("path"), 'null')
         ]
         signer = SignerMac(True)
         signer.sign = MagicMock()  # type: ignore
@@ -70,6 +72,13 @@ def test_signer_verify(self, mock_repo: Mock, platform_moc: Mock) -> None:
         signer.verify("/path/the-pkg.pkg")
         mock_repo.assert_has_calls([call().execute('pkgutil --check-signature /path/the-pkg.pkg')])
 
+    @patch("platform.system", return_value='Darwin')
+    @patch("sign_workflow.signer.GitRepository")
+    def test_signer_verify_dylib(self, mock_repo: Mock, platform_moc: Mock) -> None:
+        signer = SignerMac(True)
+        signer.verify("/path/the-dylib.dylib")
+        mock_repo.assert_has_calls([call().execute('codesign --verify --deep --verbose=4 --display /path/the-dylib.dylib')])
+
     @patch("platform.system", return_value='Linux')
     @patch("sign_workflow.signer.GitRepository")
     def test_signer_invalid_os(self, mock_repo: Mock, platform_moc: Mock) -> None: