TUN-6984: [CI] Ignore security import errors for code_sigining

This PR lets the script skip if the `security import`
command exits with a 1. This is okay becuase this script manually checks
this exit code to validate if its a duplicate error and if its not,
returns.
This commit is contained in:
Sudarsan Reddy 2022-12-05 15:18:00 +00:00
parent 09e33a0b17
commit 72503eeaaa
1 changed files with 6 additions and 4 deletions

View File

@ -35,7 +35,9 @@ if [[ ! -z "$CFD_CODE_SIGN_KEY" ]]; then
if [[ ! -z "$CFD_CODE_SIGN_PASS" ]]; then if [[ ! -z "$CFD_CODE_SIGN_PASS" ]]; then
# write private key to disk and then import it keychain # write private key to disk and then import it keychain
echo -n -e ${CFD_CODE_SIGN_KEY} | base64 -D > ${CODE_SIGN_PRIV} echo -n -e ${CFD_CODE_SIGN_KEY} | base64 -D > ${CODE_SIGN_PRIV}
out=$(security import ${CODE_SIGN_PRIV} -A -P "${CFD_CODE_SIGN_PASS}" 2>&1) # we set || true here and for every `security import invoke` because the "duplicate SecKeychainItemImport" error
# will cause set -e to exit 1. It is okay we do this because we deliberately handle this error in the lines below.
out=$(security import ${CODE_SIGN_PRIV} -A -P "${CFD_CODE_SIGN_PASS}" 2>&1) || true
exitcode=$? exitcode=$?
if [ -n "$out" ]; then if [ -n "$out" ]; then
if [ $exitcode -eq 0 ]; then if [ $exitcode -eq 0 ]; then
@ -55,7 +57,7 @@ fi
if [[ ! -z "$CFD_CODE_SIGN_CERT" ]]; then if [[ ! -z "$CFD_CODE_SIGN_CERT" ]]; then
# write certificate to disk and then import it keychain # write certificate to disk and then import it keychain
echo -n -e ${CFD_CODE_SIGN_CERT} | base64 -D > ${CODE_SIGN_CERT} echo -n -e ${CFD_CODE_SIGN_CERT} | base64 -D > ${CODE_SIGN_CERT}
out1=$(security import ${CODE_SIGN_CERT} -A 2>&1) out1=$(security import ${CODE_SIGN_CERT} -A 2>&1) || true
exitcode1=$? exitcode1=$?
if [ -n "$out1" ]; then if [ -n "$out1" ]; then
if [ $exitcode1 -eq 0 ]; then if [ $exitcode1 -eq 0 ]; then
@ -77,7 +79,7 @@ if [[ ! -z "$CFD_INSTALLER_KEY" ]]; then
if [[ ! -z "$CFD_INSTALLER_PASS" ]]; then if [[ ! -z "$CFD_INSTALLER_PASS" ]]; then
# write private key to disk and then import it into the keychain # write private key to disk and then import it into the keychain
echo -n -e ${CFD_INSTALLER_KEY} | base64 -D > ${INSTALLER_PRIV} echo -n -e ${CFD_INSTALLER_KEY} | base64 -D > ${INSTALLER_PRIV}
out2=$(security import ${INSTALLER_PRIV} -A -P "${CFD_INSTALLER_PASS}" 2>&1) out2=$(security import ${INSTALLER_PRIV} -A -P "${CFD_INSTALLER_PASS}" 2>&1) || true
exitcode2=$? exitcode2=$?
if [ -n "$out2" ]; then if [ -n "$out2" ]; then
if [ $exitcode2 -eq 0 ]; then if [ $exitcode2 -eq 0 ]; then
@ -97,7 +99,7 @@ fi
if [[ ! -z "$CFD_INSTALLER_CERT" ]]; then if [[ ! -z "$CFD_INSTALLER_CERT" ]]; then
# write certificate to disk and then import it keychain # write certificate to disk and then import it keychain
echo -n -e ${CFD_INSTALLER_CERT} | base64 -D > ${INSTALLER_CERT} echo -n -e ${CFD_INSTALLER_CERT} | base64 -D > ${INSTALLER_CERT}
out3=$(security import ${INSTALLER_CERT} -A 2>&1) out3=$(security import ${INSTALLER_CERT} -A 2>&1) || true
exitcode3=$? exitcode3=$?
if [ -n "$out3" ]; then if [ -n "$out3" ]; then
if [ $exitcode3 -eq 0 ]; then if [ $exitcode3 -eq 0 ]; then