MCPcopy Create free account
hub / github.com/aws/amazon-q-developer-cli / sign_executable

Function sign_executable

scripts/build.py:246–312  ·  view source on GitHub ↗

Signs an executable with CD Signer. Returns: The path to the signed executable

(signing_data: CdSigningData, exe_path: pathlib.Path)

Source from the content-addressed store, hash-verified

244
245
246def sign_executable(signing_data: CdSigningData, exe_path: pathlib.Path) -> pathlib.Path:
247 """
248 Signs an executable with CD Signer.
249
250 Returns:
251 The path to the signed executable
252 """
253 name = exe_path.name
254 info(f"Signing {name}")
255
256 info("Packaging...")
257 package_path = cd_build_signed_package(exe_path)
258
259 info("Uploading...")
260 run_cmd(["aws", "s3", "rm", "--recursive", f"s3://{signing_data.bucket_name}/signed"])
261 run_cmd(["aws", "s3", "rm", "--recursive", f"s3://{signing_data.bucket_name}/pre-signed"])
262 run_cmd(["aws", "s3", "cp", package_path, f"s3://{signing_data.bucket_name}/pre-signed/package.tar.gz"])
263
264 info("Sending request...")
265 request_id = cd_signer_create_request(manifest("com.amazon.codewhisperer"))
266 cd_signer_start_request(
267 request_id=request_id,
268 source_key="pre-signed/package.tar.gz",
269 destination_key="signed/signed.zip",
270 signing_data=signing_data,
271 )
272
273 max_duration = 180
274 end_time = time.time() + max_duration
275 i = 1
276 while True:
277 info(f"Checking for signed package attempt #{i}")
278 status = cd_signer_status_request(request_id)
279 info(f"Package has status: {status}")
280
281 match status:
282 case "success":
283 break
284 case "created" | "processing" | "inProgress":
285 pass
286 case "failure":
287 raise RuntimeError("Signing request failed")
288 case _:
289 warn(f"Unexpected status, ignoring: {status}")
290
291 if time.time() >= end_time:
292 raise RuntimeError("Signed package did not appear, check signer logs")
293 time.sleep(2)
294 i += 1
295
296 info("Signed!")
297
298 # CD Signer should return the signed executable in a zip file containing the structure:
299 # "Payload/EXECUTABLES_TO_SIGN/{executable name}".
300 info("Downloading...")
301
302 # Create a new directory for unzipping the signed executable.
303 zip_dl_path = BUILD_DIR / pathlib.Path("signed.zip")

Callers 1

sign_and_notarizeFunction · 0.85

Calls 8

infoFunction · 0.90
run_cmdFunction · 0.90
warnFunction · 0.90
cd_build_signed_packageFunction · 0.85
cd_signer_create_requestFunction · 0.85
manifestFunction · 0.85
cd_signer_start_requestFunction · 0.85
cd_signer_status_requestFunction · 0.85

Tested by

no test coverage detected