Revert "[recipes] Check path existence instead of env var."
This reverts commit 4f86c2bd93d10189bac09ba49b9a8173f6c6baa0.
Reason for revert: Breaking builds; need to debug.
Original change's description:
> [recipes] Check path existence instead of env var.
>
> Environment variables do not seem to be well supported in the
> version of recipes that we are using. As a result, I've switched
> to just checking the existence of a hardcoded key path.
>
> Bug: 37321
>
> Change-Id: I05dd1e12623378aea13ece29c4ed7b9107e43aab
TBR=nmulcahey@google.com,atyfto@google.com,rudymathu@google.com
Change-Id: Ib7986f34a0289c8e34dc6dbd376995a8f04faa31
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 37321
diff --git a/recipe_modules/build/resources/sign.py b/recipe_modules/build/resources/sign.py
index d21d661..f11d70f 100644
--- a/recipe_modules/build/resources/sign.py
+++ b/recipe_modules/build/resources/sign.py
@@ -9,8 +9,8 @@
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_pem_private_key
-RELEASE_PKEY_PATH = '/etc/release_keys/release_key.pem'
-RELEASE_PUBKEY_PATH = '/etc/release_keys/release_key_pub.pem'
+RELEASE_PKEY_PATH = 'RELEASE_PKEY_PATH'
+RELEASE_PUBKEY_PATH = 'RELEASE_PUBKEY_PATH'
def main():
@@ -22,13 +22,16 @@
if not opts.archive_file or not os.path.exists(opts.archive_file):
return
- if (not os.path.exists(RELEASE_PKEY_PATH) or
- not os.path.exists(RELEASE_PUBKEY_PATH)):
- return
+ # Check that private key/public key env vars are set.
+ pkey_path = os.environ.get(RELEASE_PKEY_PATH)
+ pubkey_path = os.environ.get(RELEASE_PUBKEY_PATH)
+ if not pkey_path or not pubkey_path:
+ return
# Open the private key file
- with open(RELEASE_PKEY_PATH, 'rb') as f:
- pkey_data = f.read()
+ if pkey_path:
+ with open(pkey_path, 'rb') as f:
+ pkey_data = f.read()
private_key = load_pem_private_key(pkey_data, None, default_backend())
# Open and sign the archive.