wip - verify autograph-stage mar signatures

get_mozilla_keys.sh

@@ -3,6 +3,7 @@
 set -e
 
 SHA1_REV="58402b43c9e1e22d8a9976ee9a7e4ffeee1bbbf2"
+# TODO update this rev when we land the autograph-stage key in-tree
 SHA384_REV="92f6879a8f9fc7e727d7c281c9fa9f538cb96cb5"
 
 function get_key() {
@@ -46,4 +47,7 @@ echo
 get_key "dep1.der" "dep1_sha1" $SHA1_REV
 echo
 get_key "dep2.der" "dep2_sha1" $SHA1_REV
+echo
+
+get_key "autograph_stage.der" "autograph_stage_sha384" $SHA384_REV
 ) > src/mardor/mozilla.py

src/mardor/cli.py

@@ -99,6 +99,7 @@ def get_keys(keyfiles, signature_type):
         ('nightly', 'sha384'): [mardor.mozilla.nightly1_sha384, mardor.mozilla.nightly2_sha384],
         ('dep', 'sha1'): [mardor.mozilla.dep1_sha1, mardor.mozilla.dep2_sha1],
         ('dep', 'sha384'): [mardor.mozilla.dep1_sha384, mardor.mozilla.dep2_sha384],
+        ('autograph-stage', 'sha384'): [mardor.mozilla.autograph_stage_sha384],
     }
     keys = []
     for keyfile in keyfiles:

src/mardor/mozilla.py

@@ -163,3 +163,18 @@
 alRnlvBZWbO9ZoiXbyuxXjZRRRx6vO8UTEOQTsKmXBAGZCW6z0+AAlgvPnILgOG+
 jQIDAQAB
 -----END PUBLIC KEY-----"""
+
+autograph_stage_sha384 = b"""-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvN249lqptaK9L7VltsDt
+6X/Hik/iqHSdJMwAWOoB8exyUvura0VMZhYNGCl046zKnE9aX5aMk4s4MJX0Kw9Q
+KofWUZ+hni18gyXFjecg6AyuEiMAJpSDknWnkZ1hucXTLNpwXwRHPW5YHIinKidz
+kTCREsZl0IU+gieEYXziQ4eBvc9eSNnprKhN/00AxHlmwCtY+3HLso9PYptcOspf
+yuQC/PKLwBb6hqcwEoHsT0w1roRRSACZCHfJYtzXteW7uY3NcUOrSlWFMtZguXuO
+K0U/OJaVnfcJ6REB9HTAzgmL54QlXlGTge8Vj+XMx4GqZD1fuM7rctIFclSL/wWi
+tq8MOedINL2lj2YKB8ArU2kWmi+v7HLcS94WHHcGsBh7SrNRZQEfiMBKrHHW+mqO
+xRRbyR3zAn6M78UOFqMboEQWzWHKFNhw8VI1CA8maylNuArAZhJzdLvUUo2IuQQo
+floKjdeooezDYBeeeJXOcGUv3VrulIuL3MA5k1l+c6uBX7NFWX8ukBTG09b3sNP+
+iH4P2AIcKoccxFpjswlUZCnSKF0jRu1Ue+IulHDNzora8WDOqK0IsfNfZMNyykGf
+8WsELSO3m4CxXuCbY8hmm67dTQ5DKYf874GUm7yOCe2u4piRSJ20eA4WguwxmEIj
+96Kk7NgCLtRU3G754oOTksUCAwEAAQ==
+-----END PUBLIC KEY-----"""