From 4743a92211aa996e647ab469830ca8a002b3155c Mon Sep 17 00:00:00 2001 From: Sayali Gaikawad <61760125+gaiksaya@users.noreply.github.com> Date: Thu, 31 Aug 2023 11:55:26 -0700 Subject: [PATCH] Allow dylib to be signed by macos signing and fix verification command (#3710) Signed-off-by: Sayali Gaikawad --- src/sign_workflow/signer_mac.py | 7 +++++-- tests/tests_sign_workflow/test_signer_mac.py | 9 +++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/sign_workflow/signer_mac.py b/src/sign_workflow/signer_mac.py index 0e43a593d5..58db0359da 100644 --- a/src/sign_workflow/signer_mac.py +++ b/src/sign_workflow/signer_mac.py @@ -18,7 +18,7 @@ class SignerMac(Signer): - ACCEPTED_FILE_TYPES = [".pkg", ".dmg"] + ACCEPTED_FILE_TYPES = [".pkg", ".dmg", ".dylib"] def generate_signature_and_verify(self, artifact: str, basepath: Path, signature_type: str) -> None: filename = os.path.join(basepath, artifact) @@ -51,5 +51,8 @@ def verify(self, filename: str) -> None: if platform.system() != 'Darwin': raise OSError(f"Cannot verify mac artifacts on non-Darwin system, {platform.system()}") else: - verify_cmd = ["pkgutil", "--check-signature", filename] + if (filename.endswith('.pkg')): + verify_cmd = ["pkgutil", "--check-signature", filename] + else: + verify_cmd = ["codesign", "--verify", "--deep", "--verbose=4", "--display", filename] self.git_repo.execute(" ".join(verify_cmd)) diff --git a/tests/tests_sign_workflow/test_signer_mac.py b/tests/tests_sign_workflow/test_signer_mac.py index e71dc98815..3746f26199 100644 --- a/tests/tests_sign_workflow/test_signer_mac.py +++ b/tests/tests_sign_workflow/test_signer_mac.py @@ -29,10 +29,12 @@ def test_accepted_file_types(self, git_repo: Mock, platform_moc: Mock) -> None: "the-cat.cat", "random-file.txt", "something-1.0.0.0.jar", + "the-dylib.dylib" ] expected = [ call("the-dmg.dmg", Path("path"), 'null'), call("the-pkg.pkg", Path("path"), 'null'), + call("the-dylib.dylib", Path("path"), 'null') ] signer = SignerMac(True) signer.sign = MagicMock() # type: ignore @@ -70,6 +72,13 @@ def test_signer_verify(self, mock_repo: Mock, platform_moc: Mock) -> None: signer.verify("/path/the-pkg.pkg") mock_repo.assert_has_calls([call().execute('pkgutil --check-signature /path/the-pkg.pkg')]) + @patch("platform.system", return_value='Darwin') + @patch("sign_workflow.signer.GitRepository") + def test_signer_verify_dylib(self, mock_repo: Mock, platform_moc: Mock) -> None: + signer = SignerMac(True) + signer.verify("/path/the-dylib.dylib") + mock_repo.assert_has_calls([call().execute('codesign --verify --deep --verbose=4 --display /path/the-dylib.dylib')]) + @patch("platform.system", return_value='Linux') @patch("sign_workflow.signer.GitRepository") def test_signer_invalid_os(self, mock_repo: Mock, platform_moc: Mock) -> None: