mongodb · fmenezes · Jan 25, 2024 · Jan 17, 2024 · Jan 18, 2024 · Jan 18, 2024
@@ -73,6 +73,8 @@ functions:
           NOTARY_SIGNING_COMMENT: "Evergreen Automatic Signing (${tool_name})"
           NOTARY_AUTH_TOKEN: ${signing_auth_token_50}
           NOTARY_URL: ${notary_service_notary_url}
+          GRS_USERNAME: ${garasign_username}
+          GRS_PASSWORD: ${garasign_password}
         include_expansions_in_env:
           - go_base_path
           - workdir
@@ -112,12 +114,9 @@ functions:
         env:
           <<: *go_env
           TOOL_NAME: ${TOOL_NAME}
-          NOTARY_SIGNING_KEY_MONGOCLI: ${notary_service_signing_key_mongocli}
-          NOTARY_SIGNING_KEY_ATLASCLI: ${notary_service_signing_key_atlascli}
-          NOTARY_SIGNING_COMMENT: "Evergreen Automatic Signing (${TOOL_NAME})"
-          NOTARY_AUTH_TOKEN: ${signing_auth_token_50}
-          NOTARY_URL: ${notary_service_notary_url}
           SECRET_API_KEY: ${chocolatey_api_key}
+          GRS_USERNAME: ${garasign_username}
+          GRS_PASSWORD: ${garasign_password}
         command: bash.exe -c build/package/generate-msi.sh
   "update choco":
     - command: subprocess.exec
@@ -324,6 +323,7 @@ tasks:
       - func: "generate notices"
       - func: "install goreleaser"
       - func: "install macos notarization service"
+      - func: "install podman"
       - func: "package"
         vars:
           unstable: -unstable
@@ -424,6 +424,7 @@ tasks:
     commands:
       - func: "generate notices"
       - func: "install goreleaser"
+      - func: "install podman"
       - func: "install macos notarization service"
       - command: subprocess.exec
         type: test
@@ -500,6 +501,7 @@ tasks:
     commands:
       - func: "generate notices"
       - func: "install goreleaser"
+      - func: "install podman"
       - func: "install macos notarization service"
       - command: subprocess.exec
         type: test

@@ -20,5 +20,12 @@ FILE="dist/windows_windows_amd64_v1/bin/atlas.exe"
 if [[ -f "$FILE" ]]; then
 	echo "notarizing $FILE"
 	export NOTARY_SIGNING_KEY=$NOTARY_SIGNING_KEY_ATLASCLI
-	go run ./tools/sign -file "$FILE"
+	podman run \
+		-e "GRS_CONFIG_USER1_USERNAME=${GRS_USERNAME}" \
+		-e "GRS_CONFIG_USER1_PASSWORD=${GRS_PASSWORD}" \
+		--rm \
+		-v "$(pwd):$(pwd)" \
+		-w "$(pwd)" \
+		artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-jsign \
+		/bin/bash -c "jsign --tsaurl \"timestamp.url\" -a mongo-authenticode-2021 \"$FILE\""
 fi
@@ -19,7 +19,6 @@ GOCACHE="$(cygpath --mixed "${workdir:?}\.gocache")"
 CGO_ENABLED=0
 export GOCACHE
 export CGO_ENABLED
-export NOTARY_SIGNING_KEY
 
 go-msi check-env
 
@@ -31,10 +30,8 @@ PACKAGE_NAME=mongocli_${VERSION_GIT}_windows_x86_64.msi
 OUTPUT=./bin/mongocli.exe
 LINKER_FLAGS="-s -w -X github.com/mongodb/mongodb-atlas-cli/internal/version.Version=${VERSION_GIT} -X github.com/mongodb/mongodb-atlas-cli/internal/version.GitCommit=${COMMIT} -X github.com/mongodb/mongodb-atlas-cli/internal/config.ToolName=${TOOL_NAME:?}"
 WIX_MANIFEST_FILE="./build/package/wix/${TOOL_NAME:?}.json"
-NOTARY_SIGNING_KEY=${NOTARY_SIGNING_KEY_MONGOCLI:?}
 
 if [[ "${TOOL_NAME:?}" == atlascli ]]; then
-	NOTARY_SIGNING_KEY=${NOTARY_SIGNING_KEY_ATLASCLI:?}
 	SOURCE_FILES=./cmd/atlas
 	PACKAGE_NAME=mongodb-atlas-cli_${VERSION_GIT}_windows_x86_64.msi
 	OUTPUT=./bin/atlas.exe
@@ -45,7 +42,14 @@ env GOOS=windows GOARCH=amd64 go build \
 
 go-msi make --path "${WIX_MANIFEST_FILE}" --msi "dist/${PACKAGE_NAME}" --version "${VERSION_GIT}"
 
-go run ./tools/sign -file "dist/${PACKAGE_NAME}"
+docker run \
+  -e "GRS_CONFIG_USER1_USERNAME=${GRS_USERNAME}" \
+  -e "GRS_CONFIG_USER1_PASSWORD=${GRS_PASSWORD}" \
+  --rm \
+  -v "$(pwd):$(pwd)" \
+  -w "$(pwd)" \
+  artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-jsign \
+  /bin/bash -c "jsign --tsaurl \"timestamp.url\" -a mongo-authenticode-2021 \"dist/${PACKAGE_NAME}\""
 
 if [[ "${TOOL_NAME:?}" == atlascli ]]; then
 	go run ./tools/chocolateypkg/chocolateypkg.go -version "${VERSION_GIT}"

@@ -20,5 +20,12 @@ FILE="dist/windows_windows_amd64_v1/bin/mongocli.exe"
 if [[ -f "$FILE" ]]; then
 	echo "notarizing windows binaries"
 	export NOTARY_SIGNING_KEY=$NOTARY_SIGNING_KEY_MONGOCLI
-	go run ./tools/sign -file "$FILE"
+	podman run \
+		-e "GRS_CONFIG_USER1_USERNAME=${GRS_USERNAME}" \
+		-e "GRS_CONFIG_USER1_PASSWORD=${GRS_PASSWORD}" \
+		--rm \
+		-v "$(pwd):$(pwd)" \
+		-w "$(pwd)" \
+		artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-jsign \
+		/bin/bash -c "jsign --tsaurl \"timestamp.url\" -a mongo-authenticode-2021 \"$FILE\""
 fi