Signs an executable with CD Signer. Returns: The path to the signed executable
(signing_data: CdSigningData, exe_path: pathlib.Path)
| 244 | |
| 245 | |
| 246 | def sign_executable(signing_data: CdSigningData, exe_path: pathlib.Path) -> pathlib.Path: |
| 247 | """ |
| 248 | Signs an executable with CD Signer. |
| 249 | |
| 250 | Returns: |
| 251 | The path to the signed executable |
| 252 | """ |
| 253 | name = exe_path.name |
| 254 | info(f"Signing {name}") |
| 255 | |
| 256 | info("Packaging...") |
| 257 | package_path = cd_build_signed_package(exe_path) |
| 258 | |
| 259 | info("Uploading...") |
| 260 | run_cmd(["aws", "s3", "rm", "--recursive", f"s3://{signing_data.bucket_name}/signed"]) |
| 261 | run_cmd(["aws", "s3", "rm", "--recursive", f"s3://{signing_data.bucket_name}/pre-signed"]) |
| 262 | run_cmd(["aws", "s3", "cp", package_path, f"s3://{signing_data.bucket_name}/pre-signed/package.tar.gz"]) |
| 263 | |
| 264 | info("Sending request...") |
| 265 | request_id = cd_signer_create_request(manifest("com.amazon.codewhisperer")) |
| 266 | cd_signer_start_request( |
| 267 | request_id=request_id, |
| 268 | source_key="pre-signed/package.tar.gz", |
| 269 | destination_key="signed/signed.zip", |
| 270 | signing_data=signing_data, |
| 271 | ) |
| 272 | |
| 273 | max_duration = 180 |
| 274 | end_time = time.time() + max_duration |
| 275 | i = 1 |
| 276 | while True: |
| 277 | info(f"Checking for signed package attempt #{i}") |
| 278 | status = cd_signer_status_request(request_id) |
| 279 | info(f"Package has status: {status}") |
| 280 | |
| 281 | match status: |
| 282 | case "success": |
| 283 | break |
| 284 | case "created" | "processing" | "inProgress": |
| 285 | pass |
| 286 | case "failure": |
| 287 | raise RuntimeError("Signing request failed") |
| 288 | case _: |
| 289 | warn(f"Unexpected status, ignoring: {status}") |
| 290 | |
| 291 | if time.time() >= end_time: |
| 292 | raise RuntimeError("Signed package did not appear, check signer logs") |
| 293 | time.sleep(2) |
| 294 | i += 1 |
| 295 | |
| 296 | info("Signed!") |
| 297 | |
| 298 | # CD Signer should return the signed executable in a zip file containing the structure: |
| 299 | # "Payload/EXECUTABLES_TO_SIGN/{executable name}". |
| 300 | info("Downloading...") |
| 301 | |
| 302 | # Create a new directory for unzipping the signed executable. |
| 303 | zip_dl_path = BUILD_DIR / pathlib.Path("signed.zip") |
no test coverage detected