SERVER-64332 added macos binary signing to push task

2022-04-18 21:14:29 +00:00 · 2022-04-18 21:14:29 +00:00 · 8aee4d35ca
commit 8aee4d35ca
parent db43279e5b
2 changed files with 14 additions and 0 deletions
--- a/evergreen/functions/notary_client_credentials_setup.sh
+++ b/evergreen/functions/notary_client_credentials_setup.sh
@ -9,6 +9,7 @@ cat << EOF > notary_env.sh
 export NOTARY_TOKEN=${signing_auth_token_60}
 export BARQUE_USERNAME=${barque_user}
 export BARQUE_API_KEY=${barque_api_key}
+export MACOS_NOTARY_TOKEN=${macos_notarization_secret}
 EOF

 echo "${signing_auth_token_60}" > signing_auth_token
--- a/evergreen/notary_client_run.sh
+++ b/evergreen/notary_client_run.sh
@ -13,6 +13,19 @@ if [ "$long_ext" == "tgz" ]; then
  long_ext="tar.gz"
 fi

+if [[ "${push_name}" == "macos"* ]]; then
+  curl https://macos-notary-1628249594.s3.amazonaws.com/releases/client/v3.3.0/linux_amd64.zip -o linux_amd64.zip
+  unzip linux_amd64.zip
+  chmod +x ./linux_amd64/macnotary
+  bins=("mongo-binaries.tgz" "mongo-shell.tgz" "mongo-cryptd.tgz" "mh.tgz")
+  for archive in ${bins[@]}; do
+    TEMP_ARCHIVE="$(mktemp -p $PWD)"
+    mv "$archive" "$TEMP_ARCHIVE"
+    ./linux_amd64/macnotary -f "$TEMP_ARCHIVE" -m notarizeAndSign -u https://dev.macos-notary.build.10gen.cc/api -k server -s ${MACOS_NOTARY_TOKEN} -b server.mongodb.com -o "$archive"
+    rm -f "$TEMP_ARCHIVE"
+  done
+fi
+
 mv mongo-binaries.tgz mongodb-${push_name}-${push_arch}-${suffix}.${ext}
 mv mongo-shell.tgz mongodb-shell-${push_name}-${push_arch}-${suffix}.${ext}
 mv mongo-cryptd.tgz mongodb-cryptd-${push_name}-${push_arch}-${suffix}.${ext} || true