CSHARP-5176: Migrate signing to Garasign (#1387)

mongodb · Jul 24, 2024 · 2f5e234 · 2f5e234
1 parent 452b06f
commit 2f5e234
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 18 deletions.
diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml
@@ -1020,10 +1020,9 @@ functions:
         env:
           ARTIFACTORY_PASSWORD: ${ARTIFACTORY_PASSWORD}
           ARTIFACTORY_USERNAME: ${ARTIFACTORY_USERNAME}
-          AZURE_NUGET_SIGN_TENANT_ID: ${AZURE_NUGET_SIGN_TENANT_ID}
-          AZURE_NUGET_SIGN_CLIENT_ID: ${AZURE_NUGET_SIGN_CLIENT_ID}
-          AZURE_NUGET_SIGN_CLIENT_SECRET: ${AZURE_NUGET_SIGN_CLIENT_SECRET}
           PACKAGE_VERSION: "$PACKAGE_VERSION"
+          GRS_USERNAME: ${GRS_USERNAME}
+          GRS_PASSWORD: ${GRS_PASSWORD}
         script: |
           ${PREPARE_SHELL}
           . ./evergreen/sign-packages.sh

diff --git a/evergreen/sign-packages.sh b/evergreen/sign-packages.sh
@@ -4,22 +4,15 @@ set -o errexit  # Exit the script with error if any of the commands fail
 # Environment variables used as input:
 # ARTIFACTORY_PASSWORD
 # ARTIFACTORY_USERNAME
-# AZURE_NUGET_SIGN_TENANT_ID
-# AZURE_NUGET_SIGN_CLIENT_ID
-# AZURE_NUGET_SIGN_CLIENT_SECRET
+# GRS_USERNAME
+# GRS_PASSWORD
 # PACKAGE_VERSION
 
 echo "${ARTIFACTORY_PASSWORD}" | docker login --password-stdin --username "${ARTIFACTORY_USERNAME}" artifactory.corp.mongodb.com
 
-docker run --platform="linux/amd64" --rm -v $(pwd):/workdir -w /workdir \
-  artifactory.corp.mongodb.com/release-tools-container-registry-local/azure-keyvault-nuget \
-  NuGetKeyVaultSignTool sign "artifacts/nuget/*.$PACKAGE_VERSION.nupkg" \
-    --force \
-    --file-digest=sha256 \
-    --timestamp-rfc3161=http://timestamp.digicert.com \
-    --timestamp-digest=sha256 \
-    --azure-key-vault-url=https://mdb-authenticode.vault.azure.net \
-    --azure-key-vault-tenant-id="$AZURE_NUGET_SIGN_TENANT_ID" \
-    --azure-key-vault-client-secret="$AZURE_NUGET_SIGN_CLIENT_SECRET" \
-    --azure-key-vault-client-id="$AZURE_NUGET_SIGN_CLIENT_ID" \
-    --azure-key-vault-certificate=authenticode-2021
+echo "GRS_CONFIG_USER1_USERNAME=${GRS_USERNAME}" >> "signing-envfile"
+echo "GRS_CONFIG_USER1_PASSWORD=${GRS_PASSWORD}" >> "signing-envfile"
+
+docker run --platform="linux/amd64" --env-file=signing-envfile --rm -v $(pwd):/workdir -w /workdir \
+  artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-jsign \
+  /bin/bash -c "jsign --tsaurl "http://timestamp.digicert.com" -a mongo-authenticode-2021 "./artifacts/nuget/*.$PACKAGE_VERSION.nupkg""