Changeset 25875


Ignore:
Timestamp:
12/16/20 15:41:15 (4 years ago)
Author:
jdquinn
Message:

CHG: Refinement of macOS Binaries packaging and signing scripts (again)

Location:
issm/trunk-jpl/packagers/mac
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-matlab.sh

    r25874 r25875  
    1616#
    1717# Options:
    18 # -c/--cleanup                  Remove lock file from signed package repository (use if
    19 #                                               build is aborted to allow for subsequent fresh build)
    2018# -n/--notarizeonly             Sign/notarize only (use if signing/notarization fails
    2119#                                               to skip tests/packaging)
     
    2523#                                               transfer fails for some reason to skip testing and
    2624#                                               signing)
     25# -u/--unlock                   Remove lock file from signed package repository (use if
     26#                                               build is aborted to allow for subsequent fresh build)
    2727#
    2828# Debugging:
     
    9292## Functions
    9393#
    94 validate_signed_repo_copy(){
    95         # Check out copy of repository for signed binaries if it does not exist
    96         # (e.g. 'Check-out Strategy' was set to 'Use 'svn update' as much as
    97         # possible'; initial checkout failed)
    98         if [ ! -d ${SIGNED_REPO_COPY} && ! -d ${SIGNED_REPO_COPY}/.svn ]; then
    99                 # Check out copy of SVN repository for signed packages
    100                 #
    101                 # NOTE: Get empty copy because we do not want to have to check out package from
    102                 #               previous signing.
    103                 #
    104                 echo "Checking out copy of repository for signed packages"
    105                 svn checkout \
    106                         --trust-server-cert \
    107                         --non-interactive \
    108                         --depth empty \
    109                         --username ${USERNAME} \
    110                         --password ${PASSWORD} \
    111                         ${SIGNED_REPO_URL} \
    112                         ${SIGNED_REPO_COPY} > /dev/null 2>&1
    113         fi
     94checkout_signed_repo_copy(){
     95        echo "Checking out copy of repository for signed packages"
     96
     97        # NOTE: Get empty copy because we do not want to have to check out package
     98        #               from previous signing.
     99        #
     100        svn checkout \
     101                --trust-server-cert \
     102                --non-interactive \
     103                --depth empty \
     104                --username ${USERNAME} \
     105                --password ${PASSWORD} \
     106                ${SIGNED_REPO_URL} \
     107                ${SIGNED_REPO_COPY}
    114108}
    115 
    116 ## Parse options
    117 #
    118 if [ $# -gt 1 ]; then
    119         echo "Can use only one option at a time"
    120         exit 1
    121 fi
    122 
    123 cleanup=0
    124 notarize_only=0
    125 skip_tests=0
    126 transfer_only=0
    127 while [ $# -gt 0 ]; do
    128     case $1 in
    129         -c|--cleanup) cleanup=1; shift ;;
    130         -n|--notarizeonly) notarize_only=1; shift ;;
    131         -s|--skiptests) skip_tests=1; shift ;;
    132         -t|--transferonly) transfer_only=1; shift ;;
    133         *) echo "Unknown parameter passed: $1"; exit 1 ;;
    134     esac
    135     shift
    136 done
    137 
    138 if [ ${cleanup} -eq 1 ]; then
    139         # Remove signing lock file from signed package repository so that a new
    140         # build can run
    141         echo "Removing lock file from repository for signed packages"
     109checkout_unsigned_repo_copy(){
     110        echo "Checking out copy of repository for unsigned packages"
    142111        svn checkout \
    143112                --trust-server-cert \
     
    145114                --username ${USERNAME} \
    146115                --password ${PASSWORD} \
    147                 --depth empty \
    148                 ${SIGNED_REPO_URL} \
    149                 ${SIGNED_REPO_COPY} > /dev/null 2>&1
    150         svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
     116                ${UNSIGNED_REPO_URL} \
     117                ${UNSIGNED_REPO_COPY}
     118}
     119validate_signed_repo_copy(){
     120        # Validate copy of repository for signed binaries (e.g.
     121        # 'Check-out Strategy' was set to 'Use 'svn update' as much as possible';
     122        # initial checkout failed)
     123        if [[ ! -d ${SIGNED_REPO_COPY} || ! -d ${SIGNED_REPO_COPY}/.svn ]]; then
     124                rm -rf ${SIGNED_REPO_COPY}
     125                checkout_signed_repo_copy
     126        fi
     127}
     128
     129## Parse options
     130#
     131if [ $# -gt 1 ]; then
     132        echo "Can use only one option at a time"
     133        exit 1
     134fi
     135
     136notarize_only=0
     137skip_tests=0
     138transfer_only=0
     139unlock=0
     140while [ $# -gt 0 ]; do
     141    case $1 in
     142        -n|--notarizeonly) notarize_only=1; shift ;;
     143        -s|--skiptests) skip_tests=1; shift ;;
     144        -t|--transferonly) transfer_only=1; shift ;;
     145        -u|--unlock) unlock=1; shift ;;
     146        *) echo "Unknown parameter passed: $1"; exit 1 ;;
     147    esac
     148    shift
     149done
     150
     151if [ ${unlock} -eq 1 ]; then
     152        # Remove signing lock file from signed package repository so that a new
     153        # build can run
     154        echo "Removing lock file from repository for signed packages"
     155        checkout_signed_repo_copy
     156        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
    151157        svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
    152158        svn commit \
     
    155161                --username ${USERNAME} \
    156162                --password ${PASSWORD} \
    157                 --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    158         svn cleanup ${SIGNED_REPO_COPY} > /dev/null 2>&1
     163                --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY}
     164        svn cleanup ${SIGNED_REPO_COPY}
    159165        exit 1
    160166fi
    161167
    162168if [ ${transfer_only} -eq 0 ]; then
     169        rm -rf ${SIGNED_REPO_COPY}
     170
     171        checkout_signed_repo_copy
     172
     173        # If lock file exists, a signing build is still in process by JPL Cybersecurity
     174        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
     175        if [ -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
     176                echo "Previous signing job still in process by JPL Cybersecurity. Please try again later."
     177                exit 1
     178        fi
     179
    163180        if [ ${notarize_only} -eq 0 ]; then
    164181                # Check if MATLAB exists
     
    171188                echo "Cleaning up existing assets"
    172189                cd ${ISSM_DIR}
    173                 rm -rf ${PKG} ${COMPRESSED_PKG} ${SIGNED_REPO_COPY} ${UNSIGNED_REPO_COPY}
     190                rm -rf ${PKG} ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY}
    174191                mkdir ${PKG}
    175 
    176                 # Check out copy of SVN repository for signed packages
    177                 #
    178                 # NOTE: Get empty copy because we do not want to have to check out package from
    179                 #               previous signing.
    180                 #
    181                 echo "Checking out copy of repository for signed packages"
    182                 svn checkout \
    183                         --trust-server-cert \
    184                         --non-interactive \
    185                         --username ${USERNAME} \
    186                         --password ${PASSWORD} \
    187                         --depth empty \
    188                         ${SIGNED_REPO_URL} \
    189                         ${SIGNED_REPO_COPY} > /dev/null 2>&1
    190 
    191                 # If lock file exists, a signing build is still in process by JPL Cybersecurity
    192                 svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
    193                 if [ -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
    194                         echo "Previous signing job still in process by JPL Cybersecurity. Please try again later."
    195                         exit 1
    196                 fi
    197192
    198193                # Add required binaries and libraries to package and modify them where needed
     
    297292                # failed.
    298293                #
    299 
    300                 # Make sure copy of repository for signed packages exists
    301                 validate_signed_repo_copy
     294                echo "Notarizing only"
    302295        fi
    303296
     
    311304                --username ${USERNAME} \
    312305                --password ${PASSWORD} \
    313                 --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     306                --message "ADD: New lock file" ${SIGNED_REPO_COPY}
    314307
    315308        # Save current working copy revision number
    316         svn up ${SIGNED_REPO_COPY} > /dev/null 2>&1
     309        svn up ${SIGNED_REPO_COPY}
    317310        CURRENT_REV=$(svn info --show-item last-changed-revision ${SIGNED_REPO_COPY})
    318311
    319312        # Check out copy of SVN repository for unsigned packages
    320         echo "Checking out copy of repository for unsigned packages"
    321         svn checkout \
    322                 --trust-server-cert \
    323                 --non-interactive \
    324                 --username ${USERNAME} \
    325                 --password ${PASSWORD} \
    326                 ${UNSIGNED_REPO_URL} \
    327                 ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     313        checkout_unsigned_repo_copy
    328314
    329315        if [ ${notarize_only} -eq 0 ]; then
     
    341327                        --username ${USERNAME} \
    342328                        --password ${PASSWORD} \
    343                         --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     329                        --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY}
    344330        else
    345331                # NOTE: If notarize_only == 1, we commit a dummy file as the signing
     
    348334                #
    349335                echo "Attempting to sign existing package again"
    350                 touch ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE}
     336                echo $(date +'%Y-%m-%d-%H-%M-%S') > ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} # Write datetime stamp to file to ensure modification is made
    351337                svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
    352338                svn commit \
     
    355341                        --username ${USERNAME} \
    356342                        --password ${PASSWORD} \
    357                         --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     343                        --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY}
    358344        fi
    359345
     
    366352                echo "...in progress still; checking again in ${SIGNING_CHECK_PERIOD} seconds"
    367353                sleep ${SIGNING_CHECK_PERIOD}
    368                 svn up ${SIGNED_REPO_COPY} > /dev/null 2>&1
     354                svn up ${SIGNED_REPO_COPY}
    369355                NEW_REV=$(svn info --show-item last-changed-revision ${SIGNED_REPO_COPY})
    370356
     
    372358                        IN_PROCESS=0
    373359
    374                         svn up ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE} > /dev/null 2>&1
    375                         svn up ${SIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1
     360                        svn up ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE}
     361                        svn up ${SIGNED_REPO_COPY}/${COMPRESSED_PKG}
    376362
    377363                        # No error, so check status
  • issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-python.sh

    r25874 r25875  
    44# To be used after running,
    55#
    6 #       ${ISSM_DIR}/jenkins/jenkins.sh ${ISSM_DIR}/jenkins/pine_island-mac-binaries-python
     6#       ${ISSM_DIR}/jenkins/jenkins.sh ${ISSM_DIR}/jenkins/pine_island-mac-binaries-matlab
    77#
    88# in the context of a Jenkins project.
     
    1616#
    1717# Options:
    18 # -c/--cleanup                  Remove lock file from signed package repository (use if
    19 #                                               build is aborted to allow for subsequent fresh build)
    2018# -n/--notarizeonly             Sign/notarize only (use if signing/notarization fails
    2119#                                               to skip tests/packaging)
     
    2523#                                               transfer fails for some reason to skip testing and
    2624#                                               signing)
     25# -u/--unlock                   Remove lock file from signed package repository (use if
     26#                                               build is aborted to allow for subsequent fresh build)
    2727#
    2828# Debugging:
     
    3030#       Jenkins server. Debugging may be perfomed locally by running,
    3131#
    32 #               packagers/mac/sign-issm-mac-binaries-python.sh
     32#               packagers/mac/sign-issm-mac-binaries-matlab.sh
    3333#
    3434#       with Apple Developer credentials.
     
    9191## Functions
    9292#
    93 validate_signed_repo_copy(){
    94         # Check out copy of repository for signed binaries if it does not exist
    95         # (e.g. 'Check-out Strategy' was set to 'Use 'svn update' as much as
    96         # possible'; initial checkout failed)
    97         if [ ! -d ${SIGNED_REPO_COPY} && ! -d ${SIGNED_REPO_COPY}/.svn ]; then
    98                 # Check out copy of SVN repository for signed packages
    99                 #
    100                 # NOTE: Get empty copy because we do not want to have to check out package from
    101                 #               previous signing.
    102                 #
    103                 echo "Checking out copy of repository for signed packages"
    104                 svn checkout \
    105                         --trust-server-cert \
    106                         --non-interactive \
    107                         --depth empty \
    108                         --username ${USERNAME} \
    109                         --password ${PASSWORD} \
    110                         ${SIGNED_REPO_URL} \
    111                         ${SIGNED_REPO_COPY} > /dev/null 2>&1
    112         fi
     93checkout_signed_repo_copy(){
     94        echo "Checking out copy of repository for signed packages"
     95
     96        # NOTE: Get empty copy because we do not want to have to check out package
     97        #               from previous signing.
     98        #
     99        svn checkout \
     100                --trust-server-cert \
     101                --non-interactive \
     102                --depth empty \
     103                --username ${USERNAME} \
     104                --password ${PASSWORD} \
     105                ${SIGNED_REPO_URL} \
     106                ${SIGNED_REPO_COPY}
    113107}
    114 
    115 ## Parse options
    116 #
    117 if [ $# -gt 1 ]; then
    118         echo "Can use only one option at a time"
    119         exit 1
    120 fi
    121 
    122 cleanup=0
    123 notarize_only=0
    124 skip_tests=0
    125 transfer_only=0
    126 while [ $# -gt 0 ]; do
    127     case $1 in
    128         -c|--cleanup) cleanup=1; shift ;;
    129         -n|--notarizeonly) notarize_only=1; shift ;;
    130         -s|--skiptests) skip_tests=1; shift ;;
    131         -t|--transferonly) transfer_only=1; shift ;;
    132         *) echo "Unknown parameter passed: $1"; exit 1 ;;
    133     esac
    134     shift
    135 done
    136 
    137 if [ ${cleanup} -eq 1 ]; then
    138         # Remove signing lock file from signed package repository so that a new
    139         # build can run
    140         echo "Removing lock file from repository for signed packages"
     108checkout_unsigned_repo_copy(){
     109        echo "Checking out copy of repository for unsigned packages"
    141110        svn checkout \
    142111                --trust-server-cert \
     
    144113                --username ${USERNAME} \
    145114                --password ${PASSWORD} \
    146                 --depth empty \
    147                 ${SIGNED_REPO_URL} \
    148                 ${SIGNED_REPO_COPY} > /dev/null 2>&1
    149         svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
    150         svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
     115                ${UNSIGNED_REPO_URL} \
     116                ${UNSIGNED_REPO_COPY}
     117}
     118validate_signed_repo_copy(){
     119        # Validate copy of repository for signed binaries (e.g.
     120        # 'Check-out Strategy' was set to 'Use 'svn update' as much as possible';
     121        # initial checkout failed)
     122        if [[ ! -d ${SIGNED_REPO_COPY} || ! -d ${SIGNED_REPO_COPY}/.svn ]]; then
     123                rm -rf ${SIGNED_REPO_COPY}
     124                checkout_signed_repo_copy
     125        fi
     126}
     127
     128## Parse options
     129#
     130if [ $# -gt 1 ]; then
     131        echo "Can use only one option at a time"
     132        exit 1
     133fi
     134
     135notarize_only=0
     136skip_tests=0
     137transfer_only=0
     138unlock=0
     139while [ $# -gt 0 ]; do
     140    case $1 in
     141        -n|--notarizeonly) notarize_only=1; shift ;;
     142        -s|--skiptests) skip_tests=1; shift ;;
     143        -t|--transferonly) transfer_only=1; shift ;;
     144        -u|--unlock) unlock=1; shift ;;
     145        *) echo "Unknown parameter passed: $1"; exit 1 ;;
     146    esac
     147    shift
     148done
     149
     150if [ ${unlock} -eq 1 ]; then
     151        # Remove signing lock file from signed package repository so that a new
     152        # build can run
     153        echo "Removing lock file from repository for signed packages"
     154        checkout_signed_repo_copy
     155        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
     156        svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
    151157        svn commit \
    152158                --trust-server-cert \
     
    154160                --username ${USERNAME} \
    155161                --password ${PASSWORD} \
    156                 --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    157         svn cleanup ${SIGNED_REPO_COPY} > /dev/null 2>&1
     162                --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY}
     163        svn cleanup ${SIGNED_REPO_COPY}
    158164        exit 1
    159165fi
    160166
    161167if [ ${transfer_only} -eq 0 ]; then
     168        rm -rf ${SIGNED_REPO_COPY}
     169
     170        checkout_signed_repo_copy
     171
     172        # If lock file exists, a signing build is still in process by JPL Cybersecurity
     173        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
     174        if [ -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
     175                echo "Previous signing job still in process by JPL Cybersecurity. Please try again later."
     176                exit 1
     177        fi
     178
    162179        if [ ${notarize_only} -eq 0 ]; then
    163180                # Clean up from previous packaging
    164181                echo "Cleaning up existing assets"
    165182                cd ${ISSM_DIR}
    166                 rm -rf ${PKG} ${COMPRESSED_PKG} ${SIGNED_REPO_COPY} ${UNSIGNED_REPO_COPY}
     183                rm -rf ${PKG} ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY}
    167184                mkdir ${PKG}
    168185
     
    180197                        --depth empty \
    181198                        ${SIGNED_REPO_URL} \
    182                         ${SIGNED_REPO_COPY} > /dev/null 2>&1
     199                        ${SIGNED_REPO_COPY}
    183200
    184201                # If lock file exists, a signing build is still in process by JPL Cybersecurity
    185                 svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
     202                svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
    186203                if [ -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
    187204                        echo "Previous signing job still in process by JPL Cybersecurity. Please try again later."
     
    298315                # failed.
    299316                #
    300 
    301                 # Make sure copy of repository for signed packages exists
    302                 validate_signed_repo_copy
     317                echo "Notarizing only"
    303318        fi
    304319
     
    306321        echo "Committing lock file to repository for signed packages"
    307322        touch ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
    308         svn add ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
     323        svn add ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
    309324        svn commit \
    310325                --trust-server-cert \
     
    312327                --username ${USERNAME} \
    313328                --password ${PASSWORD} \
    314                 --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     329                --message "ADD: New lock file" ${SIGNED_REPO_COPY}
    315330
    316331        # Save current working copy revision number
    317         svn up ${SIGNED_REPO_COPY} > /dev/null 2>&1
     332        svn up ${SIGNED_REPO_COPY}
    318333        CURRENT_REV=$(svn info --show-item last-changed-revision ${SIGNED_REPO_COPY})
    319334
    320335        # Check out copy of SVN repository for unsigned packages
    321         echo "Checking out copy of repository for unsigned packages"
    322         svn checkout \
    323                 --trust-server-cert \
    324                 --non-interactive \
    325                 --username ${USERNAME} \
    326                 --password ${PASSWORD} \
    327                 ${UNSIGNED_REPO_URL} \
    328                 ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     336        checkout_unsigned_repo_copy
    329337
    330338        if [ ${notarize_only} -eq 0 ]; then
     
    336344                echo "Committing package to repository for unsigned packages"
    337345                cp ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY}
    338                 svn add ${UNSIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1
     346                svn add ${UNSIGNED_REPO_COPY}/${COMPRESSED_PKG}
    339347                svn commit \
    340348                        --trust-server-cert \
     
    342350                        --username ${USERNAME} \
    343351                        --password ${PASSWORD} \
    344                         --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     352                        --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY}
    345353        else
    346354                # NOTE: If notarize_only == 1, we commit a dummy file as the signing
     
    349357                #
    350358                echo "Attempting to sign existing package again"
    351                 touch ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE}
    352                 svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
     359                echo $(date +'%Y-%m-%d-%H-%M-%S') > ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} # Write datetime stamp to file to ensure modification is made
     360                svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE}
    353361                svn commit \
    354362                        --trust-server-cert \
     
    356364                        --username ${USERNAME} \
    357365                        --password ${PASSWORD} \
    358                         --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     366                        --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY}
    359367        fi
    360368
     
    367375                echo "...in progress still; checking again in ${SIGNING_CHECK_PERIOD} seconds"
    368376                sleep ${SIGNING_CHECK_PERIOD}
    369                 svn up ${SIGNED_REPO_COPY} > /dev/null 2>&1
     377                svn up ${SIGNED_REPO_COPY}
    370378                NEW_REV=$(svn info --show-item last-changed-revision ${SIGNED_REPO_COPY})
    371379
     
    373381                        IN_PROCESS=0
    374382
    375                         svn up ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE} > /dev/null 2>&1
    376                         svn up ${SIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1
     383                        svn up ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE}
     384                        svn up ${SIGNED_REPO_COPY}/${COMPRESSED_PKG}
    377385
    378386                        # No error, so check status
  • issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh

    r25874 r25875  
    4242#
    4343# NOTE:
    44 # - Assumes that 'issm-binaries-user' and 'issm-binaries-pass' are set up in
     44# - Assumes that "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" are set up in
    4545#       the 'Bindings' section under a 'Username and password (separated)' binding
    4646#       (requires 'Credentials Binding Plugin').
     
    8686PASSWORD=${ISSM_BINARIES_PASS}
    8787PKG="ISSM-macOS-MATLAB"
    88 PRIMARY_BUNDLE_ID="**********.issm.matlab" # Should be "gov.nasa.jpl.issm.matlab"
    89 RETRIGGER_SIGNING_FILE="retrigger.txt"
     88PRIMARY_BUNDLE_ID="gov.nasa.jpl.issm.matlab"
    9089SIGNED_REPO_COPY="./signed"
    9190SIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/signed"
     
    9998EXE_ENTITLEMENTS_PLIST="${PKG}/bin/entitlements.plist"
    10099
    101 # Clean up from previous packaging (not necessary for single builds on Jenkins,
    102 # but useful when testing packaging locally)
    103 echo "Cleaning up existing assets"
    104 rm -rf ${PKG} ${COMPRESSED_PKG} ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} ${SIGNED_REPO_COPY} ${UNSIGNED_REPO_COPY}
    105 mkdir ${PKG}
    106 
    107100# NOTE: Uncomment the following for local testing (Jenkins checks out copy of
    108101#               repository for unsigned packages to working directory)
    109102#
    110 # Check out copy of repository for unsigned packages
     103
     104# # Clean up from previous packaging (not necessary for single builds on Jenkins,
     105# # but useful when testing packaging locally)
     106# echo "Cleaning up existing assets"
     107# rm -rf ${COMPRESSED_PKG} ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} ${UNSIGNED_REPO_COPY}
     108
     109# # Check out copy of repository for unsigned packages
    111110# echo "Checking out copy of respository for unsigned packages"
    112111# svn checkout \
     
    116115#       --password ${PASSWORD} \
    117116#       ${UNSIGNED_REPO_URL} \
    118 #       ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     117#       ${UNSIGNED_REPO_COPY}
     118
     119rm -rf ${PKG} ${SIGNED_REPO_COPY}
    119120
    120121# Extract package contents
     
    246247fi
    247248
    248 # Remove dummy file for retriggering signing/notarization (if it exists)
    249 svn delete ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
    250 svn commit \
    251         --trust-server-cert \
    252         --non-interactive \
    253         --username ${USERNAME} \
    254         --password ${PASSWORD} \
    255         --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    256 
    257249# Check out copy of repository for signed packages
    258250echo "Checking out copy of respository for signed packages"
     
    263255        --password ${PASSWORD} \
    264256        ${SIGNED_REPO_URL} \
    265         ${SIGNED_REPO_COPY} > /dev/null 2>&1
     257        ${SIGNED_REPO_COPY}
    266258
    267259# Copy notarization file to repository for signed packages
     
    284276                --username ${USERNAME} \
    285277                --password ${PASSWORD} \
    286                 --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     278                --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY}
    287279else
    288280        # Commit changes
     
    293285                --username ${USERNAME} \
    294286                --password ${PASSWORD} \
    295                 --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     287                --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY}
    296288
    297289        exit 1
  • issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python.sh

    r25874 r25875  
    4242#
    4343# NOTE:
    44 # - Assumes that 'issm-binaries-user' and 'issm-binaries-pass' are set up in
     44# - Assumes that "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" are set up in
    4545#       the 'Bindings' section under a 'Username and password (separated)' binding
    4646#       (requires 'Credentials Binding Plugin').
     
    8686PASSWORD=${ISSM_BINARIES_PASS}
    8787PKG="ISSM-macOS-Python"
    88 PRIMARY_BUNDLE_ID="**********.issm.python" # Should be "gov.nasa.jpl.issm.python"
    89 RETRIGGER_SIGNING_FILE="retrigger.txt"
     88PRIMARY_BUNDLE_ID="gov.nasa.jpl.issm.python"
    9089SIGNED_REPO_COPY="./signed"
    9190SIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/python/signed"
     
    9998EXE_ENTITLEMENTS_PLIST="${PKG}/bin/entitlements.plist"
    10099
    101 # Clean up from previous packaging (not necessary for single builds on Jenkins,
    102 # but useful when testing packaging locally)
    103 echo "Cleaning up existing assets"
    104 rm -rf ${PKG} ${COMPRESSED_PKG} ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} ${SIGNED_REPO_COPY} ${UNSIGNED_REPO_COPY}
    105 mkdir ${PKG}
    106 
    107100# NOTE: Uncomment the following for local testing (Jenkins checks out copy of
    108101#               repository for unsigned packages to working directory)
    109102#
    110 # Check out copy of repository for unsigned packages
     103
     104# # Clean up from previous packaging (not necessary for single builds on Jenkins,
     105# # but useful when testing packaging locally)
     106# echo "Cleaning up existing assets"
     107# rm -rf ${COMPRESSED_PKG} ${NOTARIZATION_LOGFILE_PATH}/${NOTARIZATION_LOGFILE} ${UNSIGNED_REPO_COPY}
     108
     109# # Check out copy of repository for unsigned packages
    111110# echo "Checking out copy of respository for unsigned packages"
    112111# svn checkout \
     
    116115#       --password ${PASSWORD} \
    117116#       ${UNSIGNED_REPO_URL} \
    118 #       ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     117#       ${UNSIGNED_REPO_COPY}
     118
     119rm -rf ${PKG} ${SIGNED_REPO_COPY}
     120
    119121
    120122# Extract package contents
     
    255257fi
    256258
    257 # Remove dummy file for retriggering signing/notarization (if it exists)
    258 svn delete ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
    259 svn commit \
    260         --trust-server-cert \
    261         --non-interactive \
    262         --username ${USERNAME} \
    263         --password ${PASSWORD} \
    264         --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    265 
    266259# Check out copy of repository for signed packages
    267260echo "Checking out copy of respository for signed packages"
     
    272265        --password ${PASSWORD} \
    273266        ${SIGNED_REPO_URL} \
    274         ${SIGNED_REPO_COPY} > /dev/null 2>&1
     267        ${SIGNED_REPO_COPY}
    275268
    276269# Copy notarization file to repository for signed packages
     
    279272
    280273# Remove lock file from repository for signed packages
    281 svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
     274svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
    282275
    283276if [ ${SUCCESS} -eq 1 ]; then
     
    293286                --username ${USERNAME} \
    294287                --password ${PASSWORD} \
    295                 --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     288                --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY}
    296289else
    297290        # Commit changes
     
    302295                --username ${USERNAME} \
    303296                --password ${PASSWORD} \
    304                 --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     297                --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY}
    305298
    306299        exit 1
Note: See TracChangeset for help on using the changeset viewer.