From 98cc8ba27f14c88d1f1bf4b4b700fec309f9d901 Mon Sep 17 00:00:00 2001
From: Heitor Neiva <hneiva@mozilla.com>
Date: Fri, 8 Dec 2023 14:12:49 -0800
Subject: [PATCH] PR changes

---
 signingscript/Dockerfile                      |   8 ++-----
 .../docker.d/apple_signing_creds.yml          |  18 +++++++-------
 ...uild_rcodesign.sh => install_rcodesign.sh} |   0
 .../data/orgmozillafirefox.provisionprofile   | Bin 0 -> 13185 bytes
 ...lafirefoxdeveloperedition.provisionprofile | Bin 0 -> 12503 bytes
 signingscript/src/signingscript/script.py     |  22 +++++++++---------
 signingscript/src/signingscript/sign.py       |   7 +++---
 signingscript/src/signingscript/utils.py      |   6 ++---
 signingscript/tests/conftest.py               |   4 ++--
 .../tests/example_apple_signing_config.json   |   6 ++---
 signingscript/tests/test_rcodesign.py         |   8 +++----
 11 files changed, 38 insertions(+), 41 deletions(-)
 rename signingscript/docker.d/{build_rcodesign.sh => install_rcodesign.sh} (100%)
 create mode 100644 signingscript/src/signingscript/data/orgmozillafirefox.provisionprofile
 create mode 100644 signingscript/src/signingscript/data/orgmozillafirefoxdeveloperedition.provisionprofile

diff --git a/signingscript/Dockerfile b/signingscript/Dockerfile
index 0e8b94175..e53ff7ebf 100644
--- a/signingscript/Dockerfile
+++ b/signingscript/Dockerfile
@@ -24,13 +24,9 @@ COPY ["version.jso[n]", "/app/"]
 # Install msix
 # Install rcodesign
 RUN chown -R app:app /app \
- && cd /app/scriptworker_client \
- && pip install /app/scriptworker_client \
- && pip install -r requirements/base.txt \
- && pip install . \
  && cd /app/signingscript/docker.d \
  && bash build_libdmg_hfsplus.sh /usr/bin \
- && bash build_rcodesign.sh /usr/bin \
+ && bash install_rcodesign.sh /usr/bin \
  && bash build_msix_packaging.sh
 
 # Set user and workdir
@@ -39,8 +35,8 @@ WORKDIR /app
 
 # Install signingscript + configloader + widevine
 RUN python -m venv /app \
- && cd signingscript \
  && /app/bin/pip install /app/scriptworker_client \
+ && cd signingscript \
  && /app/bin/pip install -r requirements/base.txt \
  && /app/bin/pip install . \
  && python -m venv /app/configloader_venv \
diff --git a/signingscript/docker.d/apple_signing_creds.yml b/signingscript/docker.d/apple_signing_creds.yml
index 457441a03..64432a5df 100644
--- a/signingscript/docker.d/apple_signing_creds.yml
+++ b/signingscript/docker.d/apple_signing_creds.yml
@@ -10,15 +10,15 @@ in:
     $match:
       'ENV == "prod" && scope_prefix':
         '${scope_prefix[0]}cert:release-signing':
-          - "app_credentials": {"$eval": "APPLE_APP_SIGNING_CREDENTIALS"}
-            "installer_credentials": {"$eval": "APPLE_INSTALLER_SIGNING_CREDENTIALS"}
-            "password": {"$eval": "APPLE_SIGNING_CREDS_PASSWORD"}
+          - "app_pkcs12_bundle": {"$eval": "APPLE_APP_SIGNING_PKCS12"}
+            "installer_pkcs12_bundle": {"$eval": "APPLE_INSTALLER_SIGNING_PKCS12"}
+            "pkcs12_password": {"$eval": "APPLE_SIGNING_PKCS12_PASSWORD"}
         '${scope_prefix[0]}cert:nightly-signing':
-          - "app_credentials": {"$eval": "APPLE_APP_SIGNING_CREDENTIALS"}
-            "installer_credentials": {"$eval": "APPLE_INSTALLER_SIGNING_CREDENTIALS"}
-            "password": {"$eval": "APPLE_SIGNING_CREDS_PASSWORD"}
+          - "app_pkcs12_bundle": {"$eval": "APPLE_APP_SIGNING_PKCS12"}
+            "installer_pkcs12_bundle": {"$eval": "APPLE_INSTALLER_SIGNING_PKCS12"}
+            "pkcs12_password": {"$eval": "APPLE_SIGNING_PKCS12_PASSWORD"}
       'ENV != "prod" && scope_prefix':
         '${scope_prefix[0]}cert:dep-signing':
-          - "app_credentials": {"$eval": "APPLE_APP_SIGNING_DEP_CREDENTIALS"}
-            "installer_credentials": {"$eval": "APPLE_INSTALLER_SIGNING_DEP_CREDENTIALS"}
-            "password": {"$eval": "APPLE_SIGNING_DEP_CREDS_PASSWORD"}
+          - "app_pkcs12_bundle": {"$eval": "APPLE_APP_SIGNING_DEP_PKCS12"}
+            "installer_pkcs12_bundle": {"$eval": "APPLE_INSTALLER_SIGNING_DEP_PKCS12"}
+            "pkcs12_password": {"$eval": "APPLE_SIGNING_DEP_PKCS12_PASSWORD"}
diff --git a/signingscript/docker.d/build_rcodesign.sh b/signingscript/docker.d/install_rcodesign.sh
similarity index 100%
rename from signingscript/docker.d/build_rcodesign.sh
rename to signingscript/docker.d/install_rcodesign.sh
diff --git a/signingscript/src/signingscript/data/orgmozillafirefox.provisionprofile b/signingscript/src/signingscript/data/orgmozillafirefox.provisionprofile
new file mode 100644
index 0000000000000000000000000000000000000000..e1c4920fc0669df0da99835665194062c524bf60
GIT binary patch
literal 13185
zcmdUW2bdexwZC`W*JS~lj<HxeVppRsfo+&3X(Wxbqb@lZq?y@K8EGVqq>+>W_5vo@
zCIRA*0LGY>IFwKf7%=g}kc1YDslkRg2`$ACz%kDu#^Ifjw%WA+|9fBFd;5L*R`<@G
zThIBO-#O<B88luvW%?P*UCZ~*>X_QOZqQgj294Ryjt>0{WcrlJ+SwC3kC{9H8SFW7
zv{}cx!JcW8274wgIH#T$H8s90XQaZy9(^Cuqu~pz#AOP?!k%!*(QE5DXHnOJ69_*Z
ziuaS6qL`5@n*K26rEpD8uTF;+iz2Vn5g|g;@1=qv4fLVYk-i>HPr6bmo~6?%iqe-<
zTlKM0UTrAr`pZ(0FIO5~=&ToB=;JC}4-C`pecW`Qmdmh}MP1Vu<oL!S7>*)*$vnS6
zrxu}Bu9RW2iyWCUKOof?=!VLp?Zph6tibXpjxSU)0~x;D4^1=Bbf|}9xttu^mC1-Q
zcB92*w~XygH_}Xf4KMSpPKjh?bSfMa78wwOu~%>CMQkC1{w%ZUEWI_cK-YRSG^c(s
zSs9SZ`GY1fvKW6b_T@uUatscLr;~-Gz;h#=3?xOF*A4Fz!Pj_E-DDj085Rv&z{?|T
zhnF&a0n978h^8oqoW*g>T@p}*!cc*tB7|A1bBDZjKcf&#-0hJPRJz9cP=@qk465)U
zvO?ps6V-=FR8evPXT*?*)@!UY(x6C@q)4C076QdYUd+a0fnv&F5|~&7NjmL~WGrB&
zgK@=;#)$~ScnM68u`Wzb1Ti8Jb0f)Uq8K+g;J>{}kq$lQgpu<i0%L|~jBJgG3yOz{
zVM@vw7J^Z8)|(~0G@5HY!_qV!iO`BG&HCsprO-`Up+j-RM^H$#RmUoH7OlfG_>lT&
z7RRIznWQnni3|ClTgr!QnR*V^O5<6k$wWvq-AqvaP`u7GF$@!Y5e%hie=Z<$`G}k{
zVj`Qt+yNYGts@!rr8%cqOJyY?6t!ED(YhRmwWW-11wQR(8C3ESJ}ex{HGMh3?91fp
zWD^av`<4$H*F~Vo_A`kl5q*u%i*m|I3XH+tU|~;(_PCBWQFpstJcNpo5S%SWWl<j{
z<VxvW#%Wg&4A$j9Q9q6{HdK9%3m*7RqV=$mvAg-SKkld@X)J8QrI=!D_UHW$15ZJN
zQqdH&&{5IN8GKfE$tIWcLWa@>yaul%hN@h$YOY2Tes|1mP4^GTW{#`c;$gRe3eh!|
z_m}H2)`5z-f<GUwx@;~>hH?{ZHf@Y~I6IBX+Pu_YM6{7H@eYR&jkybvimsfCu{9k^
zG>eKX#|w58&P0eHPC86md<iavr4&m{Z$|qqX2QukqqS<uZLa!IhYl1EMe2=EDwGzD
z32RjHnmkfD+^Flc&Rh*ikWr4JqlF+xFz$>+XE%gNj|;1NV;L4h2&a|h++4qx#_A^2
z9145=I%71<h4Oi^Xb$k0oV78wtS6jKGE|)<l76>hs#tRFvQsKm;x1iW7nk#5yvR@l
z%AlBJqHwZ_<EUU$2vzO_NC;(IIt-;0lt2g6Gjj!L(n+9E0Sm+&T0^F3uiNq-k}>r+
zwCM&S+p2UdLSQH+2xUwl9T>yHSuzMsfQ+MY%A>?Fj0wAF)ai6P(+KB6E#8K`7B~77
zZ{DG>&bsK$`)a9RyN)L4N&@sY8D$h7=sy}jRQ=&7Gzi}rMG#0vl@FNjkp6So1RBO@
z%B6)5F=ie(3OZB~8knqiiz%m=PUU?f<plk81*Bw*7UG6T19T$a){U?bFXV)H)NH0)
zSQ>D`OgSA*))=WI)V5JyHW9-Rc%B7Js3kHO;6_*g91v3(Xb)JS_7l(7Matz<+vVah
zcMir9*}T39eN_`UmQ5MVIlvmg9y8S0^OP&nOazsK<^uYo_NUIF_1-}k<iZ*-C%_|E
zlR923Af}>`D(9lBG!b{=Dh@JX2L{;b$P^{c6;S*cTa7bv#sl^p)-{T6iRc(?3)&Qi
z(2@(WEf<P{3!`U>Du8E9>$xAp;&Aw$M9gk8#nZ8VyERJ&97&K`k`imaG>w{C=SV0d
zrc*#~70M;FWK3#ffWemo`AK6KNfS+woe-t?LR5n$U=;X7vuFqt#<d09Z^^0yWc2_n
zk%zE^M12WM!%s8~HnEN{MRSSa2jW<P)7JClXjO7Z5o3TB5_}-egaa{uq&~n()r_g(
z&{oV*8VeY-o<u-vE(SwLF>mn^Ql2QqjVz_tHq2<<#gU?=P<3NkuE6F3;ifU|r3pMy
zBhrMN<t!-21@!KLP=xga$#~A#Fk0MrF+<16ysc(%h3&>j+^-GjeUWH@ZFq_aEtiVO
zTGT=Xh-f;SM|2T7mUMEQQ%CFb&YZ1582momLg+(mG>zF)m6E=h5%c~Mo9(aTqS;o(
zs(M4vg&;NARZ*%Tx{)+0I7_2u&R_{u+$EAN#@(4TZozYofs76_5Ds(39B~nDZG>>z
z$O2>0an)+dz!xi~P>e?<i7*xeXx>1V^HF`tLtC8%X5qpXeMqXNeVBv{F$sbU^pYxF
z<GEhoR0A1t92sd@cE4ww^=5I2qWn(Kb|M{DQNK<!)e{wkbWXq$3{9edEGPkJpbb0m
zV96PzQbvLyU1$>O>~T^M`h#?wBAQtggoTTOL^oAS4ewzzm_=L!jf+OYDWqQH@?jiJ
z=SyI<Y21OypgDQ4fE5}I(<ovOMF})Spk_C#PlL7w#8A{xjYl~#fsz<VT9`mZ)uOrs
zq&c06hG`5*6xn<P`VbT+qlCjQca6)7t?^mJA*V>yB8#A9Fp~kB;#3qely_7Tj1q!z
z3*P*Q<*WiTX(XbF8V`#g&^iJAwk>lm0RO`=B1AP+&F~Xc-4|l&KE0&41jQe5M$)OU
zm`g;>EvAx)QGn=*XPh<9q5}k)4ughQhR6R>CeUhYcJM9?*4Ab{0jC2=1X!PsAc3Kv
zO_im<cOz(Kn!q@Q&D#M<>tetuHaVBO7%u>`f-{J?L<QFB43J_l5cY+Eq0vsHh5RFo
zDi{UyYBMvD6)|-Wim(T8mJ&iEj(|Tz8-hg6K;sIHIU<o@n4#T7LX2kv>4cNkdqa`5
zFBGr%2rQQf>ND{u)9{AkO&^h~gEh(1ggfgaP%D8&$V4mw*1)cSjErM;a6SqpFajHH
zcxcKT^k}s~OHtusW`6*w64i2l#SUj*Orf075w74t!UopJWrA~ZsB`DQlC=@or`G3H
z*^|Li8JieRw2&XE#@p<0=>G@{tt7{;Ur_jQ=aw-8(`2iu5!PnTCu43gk++*@f}v@r
zYCX*@3zP_&bEE5{s$d;}2}W|>D6}aA(#fb9SfRcMds1y%zDR>@qM#rGO&PvHKQWa-
zt4ui3Bv7(M1GIegd!~xIW^W8j^HIHe#!VUpL}!$2++eSaTB5P6)r_bz>Wz+*=L6ZN
z;uDm{SM;He=fye~1%@8ft5z2*vRDPZ7{AvAT4g#q0=Gk((eqIm$gt<&EkrWOm_x66
z2;OMLz#0Q^9^vu*2ns#^%uFSkkZ7N}?_Y8@oFS6&M%|5+k!!-ds;n!L0hW@5F+_FF
zp!-Am?2uJUr=F1`56_}LNnMLK>VQ3rG}(r}0J^7VU9>`c!8`z4DZk3{a<nR!ZV65s
zWhflSjSd}^4c5ce2#rd>7ywsklO5oapq*^p*+dg<)=tx8uFcdahr5<CG6I8;f;Wh{
z=q8z`ai;D4C<-_1{V?O06?h#P4C7(}3GlASxyE`G5)Fo^#R9=YtHv9qgS`dJ1h_{6
zqhy*iL7M1LPVtEn)Y0Yx>Xby2Owm}|;{p#bI6R+l-d^Kyj9`Ljg(BJJzr)kxvM7TI
zEU=rbzn`JNLkpJ$hCwO8mqF2B+!D0e8J8z#P0$%uB11sp7;(VmkPvg-h%r$EV-<@+
zxWpL())-<kAy%0Ucq2M{Kx?4$Zmz-S$tYq|LUl(H?bpYnXhXC!HaWy_F47oFie^5R
zYC2eJu*&fb)N1gGVMD}{C=$g0o^@uKESxmfX4izkL@_LAm3@|Ul<-seQqYs<EZQ1h
ztr=uFS8AgDEpH&uvSB0^0<BSH@?chnVOi7zEPQC)445IGgc6vDX2FbW3s@aX@J<my
zoW4TEstd@3fH{NK?0}q$2kMN@ZZ4E)DVZoYWs1<doBEtBfmEI4fl`K!pjoVvkR+y2
zVSIX0=gWp^ZG|dkiy>dtWH2TjRxanVr9<voo{AS3GhXLX4ZTw${6ZYn@)<cJfDU-`
z;6dQ2B&<Oo!TS-K1aCFfkh<hOaPCd4KnG;7>#e8&L16CTs6a4fup<yrz$hFM0M+X5
zED8)(^}=P^6&{x9uZcJWXoYO|?IF<OaNq7!9#}jhD|q{vlT_T1a1-Sn3R3qq(FQ~b
z)DPHTcM|I0Kh%Xl`CDumOVTcC%zWt4`8a%Lz%MZs#N2?zVq(PeZ|Mf|@6d~ANM-V4
z^<r37Xbe+)IEpgPq$Lnd84Uw&yUXvBEJ3F}<%<xBTu{!3lkS405yZ5nS|m=`o0())
zP6QgZs<m0op(zF<k$^3lNmeAcQgp}5qFG4PLdJShGP#W4AtE$tYk4AM+Y@onpam)~
zb15xPCJTzHI3zS&wGzA(5t<oyDVHf0_*&UmF5Amqw?|e2W4$1TB>h<wZ1EVctBGRi
zF<w{7;A^t@h>cclO|4Z&piRK>7XAT-*Epvyoq))YuRWImaB~%qNm;^6f`^Ldldb^5
z5>m};@HJ8g^w;JVk%lUl5UDEA4KvsfWxR*xD!QuKjK>iSP*g7Et4X$`+a)7tqgebB
zT?Pyr>vd59hz_V8*MT}-03FYvSu{d;^8R{B8%;*5g#wr*J@{ZLk2$D!63&b<B~;*a
zY>a3#xy#w4)s-C}T%_ArDrBXCy<}u@+DSI4ezK_3<y~~iRBSjIJ6EU#iarYW8k5>M
z?g`kqu!Z9qh)Ir@#G2KKb9GP19?seNn;tc4h$?Z=b5CW&)?rw|Dws=hDv~+C*5Ut~
zb)_9G1bHAx)e{C!Hf$b_7WzUYL=53sNcD~}KOK}5Pdj=^5V!;4nt>qYz<^(Xe_{X|
zoCp5XfcVT1Pp2HdV!~i9rt<8VDBm}*$BvvrDsh(@eQjnD;1UoKXnzNrz!Hprk|D1i
zuQz#jOmSFf+-O#uWUWv#=&`Wi*H=psi)incK}CxqlSz;+qD)kx38ytvm2<&Z)8M5-
zsNP@l`$VDI#6470$`u-B3q%LQD(7}UR8<+P!??;R57b{i$6NfA6mgS6CLkNM*}9bD
zn+%9&PGQtJ4@IWH-y~rVRc<jFHEHQ@WF%_xHTny_o-YmlMU$qS(RS1fC55;N!a6d1
zAc8yOv&IdK1JKV(yK<vrDHO;&LMQcK9F<ZdRh-i%#Pbks0{#tAB$0ReWcUugY((aR
z82Fx)kSIi|apQ1gNd$fmSde$f5P_;e#JbI~RCzE2^w4f7B4w{Zlz7<gC?Ff)r}}`8
zg8doC4H!QbcO;rf%@_6xvQDfCOx#)SZ}#_Fo2b9FX2z!CC^*S9j+sz}P{u~+l+YLA
zhTwAnZjfjO^Tc9CQp{B=xMUX7<%Th9WP=4<&em+TctNQ;YFI{0RZ(k`p@byWUr@?1
zSJV~u6tXPCS=|vbopFa9euo&tYK{~s$115t0XNlw^G4N(AtFE)A%toF7wbEuJI3M^
z;>4r4Gl)7wRAE5R!l*>Kimi;mXbi-SHX-{lCX$YUcDhEQqiS{}=b#ze7sd`e!tfcj
z+97lRQGoX!9DDJQ<MBR=*2a#BGfZ9eotYRKE(PO3C7TSCz&cCml(VR<H}pmi;<xgm
zmMGhE5{kH*k^=G8F&Ug(KOGJ$Omo<-w6X#O){-riAGFJm1;SAZWNQd>TG=1aA2f_A
zm=bq*6mZ7{_TcA1p&hww<CGeGBm-Gh?nt!hX5%$e!<*}ODOOiQ>t%99ZOY=yo5BfS
zHdq?)>56`fhl>U&+@<LJ`U*YJ57HEN_DfjU?)K@L{zBO4_1Fb;KqT}Q6YjxX^k{@^
z`hkB#kunlef8fsLAq6;^1{+E&!Yf_sYpnz$<S2)-mE3R&t*@HOl&YCZqnDKmm1L&C
zmwPiK$;6TFrY~rx)kcDJYM)=-ai-7<nbF>2vN3LA-?%3=tvZz595bWgG~Y-%aWtXX
zCzXZ1yaaJfG1)h8P|EacC#>+P-c(sqWWL;2tfpY_UdV>_vSq%tA4zd^>`J-XN=J_C
z6B@H=*umZ;%kr|^E0m>b@t_@SZ`x2Icg*C^7?TtojfH;wHdpv${+sR3*a5!o@J6H}
zSCcDJng3=Z^o?7@*Nu^3MXAd5!gkj(uwkRSJG43fKb`%*39%Y<9-DwC>%~m@OH<z_
zeJk~C{Ib;d7iI3hS|nRa39;=O_>)pWMnw@)+hg})!LXpUT87}LM-%<S`!%GQAXmfJ
z1xBT6%#n|3?nqx>G-0}}KN?&r7p3-IjO|3d9uUgp`H<wz)JEg+nL>pZ`0^r)*@`UC
z4VQ-CDIBJVk;x97t%XmSk{oO9H7CuMUK7Icy{RN;=(QM4c0I=rAO_ZS;JA_YO^%VS
zhKJFQ8FBbL7wB5oEf%dCoc&W|a8ei<oVak^#LkY+&ben_w6yDQFL&Pj-urL-X#2Bw
zownxV%xYxT$o-Ly8E~N_)w*9YF+6F?oX&7iKL<H<3KY8Lbiox3k=IZKwoiWwa*|p(
zW6r#G<>+MuI7<y$t)!(g;Hv%zWUkt7;+$FSb^%GMXmAuc{>WJdL~qbr^me1oY)KqB
z%cvHS_8){Q^aO&n-kf=M`^~6S7C8mbSu=72LKEQO!i6e4nlBq)y(y#4b7rU0JhGCR
zV^=cNqP13Ju%l<}ZgfnZFmbS>8}8V2baf7PbWFJEydCrR{qwPHo}L9yy>`k!kKDWG
zrsEfJhYno-;gZdFntpM|nI{xpJAU;Emz`PJGW(F^9Sd0ZMeetsuD<rd6KkfqzMXyK
z^!uI}*#Gp3BVN3J(t^Q9mx^zF-c{ap*T2q|T$|UfJe2<7h4+8^DqZJszR#%5zm*>J
zZ?6A($Iknoe`fo@p=T%lGM$vK=zqocR(kS9JF06u9Y5dk_6zw6y)(G&)njafXKlOj
z?ek9m_I=C#ditp|_FeFu<%jM2DCM8>C+~~%x98V>An&N3Fzd$Rc1QH8^My;d$V%7x
zRO+Fh7ng6Uo_NLGjsJY_wpaFFa*Cnr?31opthss3i@K#p-SE2wGye48{`Z$gyN_IZ
zj`s3XH|_15*fF8w)@2_e%ic#0gN>axr=#QZNz;%i@UOFD0y1B%J8{xc$Pr8DYPV&a
zt83H$wI_FF-?=~8>!dH9wge%jOw&&3m^^uEN5>=^VnIy9Wu#;IX+zhFBvvktxmTnX
z5u<8OMZOH;!zPhFb(r~+PDM^ePF#1wy7|lJ4ZX^i#W8QHt^1$~nWwg&J?V%^bB|v6
zqbuEullADH+rMQ#Y=wQ=+xJ$H+3MqNbtRKPOQs-)OzCP}yJER1ogI@pK_$j(2*^ao
zgv2k+w`_l}Yi;0`34=Y#^JU#tpZ44{_vGK)(S==b%@e<<&fDdE_V9Nv%AI@2l6{NG
z%B+u?7k>BZtvlJ3*cC4w^?P(fZ0(e3m%Dy<?mZ{I`oXR<FL-y?Z5JQ+mo=BXw)%W;
z%D%$)^Ep>uh(G-1lDjq^b?)x>y3ags&JRBRHoyLfv}@<*4_tf0%zXyS+O@NOc)qP`
z<+U#zCT?6g<9okd^uE+_$5xuW;EhX51F3h9=8@-Dd`<@U7505s!Jl-opYCNgl$SK#
zioEdHrb{2OCF(yv)D_q?%e->+&fiq7Pk%yPu==ju>o**}{HkrgLGa}-zgz5N9$5DH
z`X9aW*T3GoYWle!+J12V^F0%H2{`{W3Ba-mfaTUUuyk~e-J{9>J`_=9$Y3_;O^C6D
zB4)&Z*oTV$79{&R$av@KpG}{C^&7`K`*%(LU`gZB-d&bkqTcZPE04Zn=cgX=lc{(1
zAf10cYSBOXr@wqLy8g$XzWD6Gnv-&eZo75UJI9{!<oqA5ZO**SxpMI<M_7%|{j!_h
zIydv;Ge?&{IdAr>7oUH_?vp1z8vZ_g-mH%~^NELh4v){<uzK%*u37s+|D#)C{lfRB
zJ)qh9++AmCq~b&8bRerX;xBaHxbW{<>a=5?{@2zAADO*<$#JhexA4KU?%vZqd%`s{
z?mOX#zRIf$X1$R*;?7%3*EoaWE%)fq4gc8pcJcZ5ZuOEE%?E;iEqcW-E2$ZWT!LP1
zT(RsvB=&w{l3`VP!}sUy<mJzWCH!O5>$RJVbNQQ<)z9>{A!D$k2_RZKNY%Pk)oX#s
zWMm>};22f?Lj3qzfEnyit<^luq`{79FybWmOc*k6EH}9WS+*NFV;FNfJB~PB1rGV3
zyNoTcVUs#!*^?uUJCS7%9kXl$*qltV!15ZfbCq;P*07`Z@HDB0CRu1`ib=QvsY%Lm
zHP6c$l@S*!?RN&?9bWwuH0l^Y@l#+@Wq8UZ%bcddm-FyKfztq&<1%gACJkt+GJoc{
zfr=8ms}2S&N5)r8Z?T+YE5M@EJ}YgnsP6#PY{A#JEZ2E^>l;5<b;Fx~S8mu{dr3k3
zTjpPO$z{i0x6o<b{j(d+{oa|c+;`PsuW#NX-|)AWxbEi~e$(r>Ec&$mdG6_{?_X%Y
zWMxqEvhA1m{m1qGuH5I^&*DFwJpDUIo*Oyz_{z&0SDtvb^VV0Tliu3(;>P0dyU9PE
z`s~N~`Uih{@W><Azj;xQ`Pq|S-QN9L?v-0kI`PoGH{bPrdD#WOK6deR-8J|BgK&Lx
zfo<*KpDa8@(5x_K_s$x8Vdt(}b)N>ai@C>Hqq6s`sb@xZ?dU#X_Krv8qx}zVw_LpC
z^6>VbUiXLr+xPmbrL`B`9N2j5FMfcXbl4eBb<cZ<UbBRK+Ozb?{ySE@y5pVCwoRXE
zy|-FD0U4aU5+F=&!`C5)!>Jtg>&4bP8`tz*pWA%?*ez2z(f<%1QE8F^u^|S7UT;He
zK$8p>#AXDh1Vw8C3BVQGGeO=bO`Lf$on$rspeCjn;nZ+@RxPNPM>N5VP=NA(0|(lD
z%6YMA04T=q&bIEnYRWr<^Y1zJrHP9J*+;K<@{B#l4SqTpTsddz+o?C6c=1i+gcJHs
ze+s|lCG2<eE}S-HSLC$Sn{UPLI<~NIYxlK(I@Nso?Q<@F_wl_Qryaj2z3wlR8{hE9
zla8JDhv|==pZ#R*hWVv`9v0d<^|m!X>D^p-X4=ElqN5*Mdh8=_F7GnE_QdPc-h1ey
zIp@EzXYQsaKU*VheDKOwAASnYZ>fFw^dIa??|QlM#@%zzwk}wB(|0ZmJBmB^z5MCN
zci(c(ZBLPlT|1t--MX^*$AMQLK=DOk&0dLD9y>X6_wJ&5Ub9hXy!}Ym8#mv7%IWX_
z!Jz%<&K*~7zcahq_UjjxKlv%<`TNsbh5)V8h75L^keMR@)`^VgKVL{Sio<XM{D(tQ
zNbhhN>0ExoFo^+$mdDT-$OxAOb05c-5&cN>j^!tRC0%O21lDn|qs4wyK%5JOL*O%W
z93cMdK#-gHe-q>^!+Qg;e#RHW`Y2TL$zc}-LDUnRKk0M?=;S(}lgsB1pTjsZIdlr+
z>Ew#{(aVl@hIE%VgpYSl-!r#o+miBl8#i?+(mk@>lV*Gwn_T{3fAg5<A6)X;zWxs$
zT)D*3_aoyu&)R>z#%Vq&vvS?6pV$u5Hjn9lx5x9r`o|yFXtnP=7dvPF?Dh9v@XmGn
z(s!Tw;frrCxOdgbE6%uf(Vsum%y?_gp7rLpx^BE-)so$ht)DXeSEv1U`*RNmE}sAR
z@A$mNc<r&1FY6tQTwVOuPaV;|Yd8Gz=UbQFXzn?t^dH|g&EIix>iaz>-4vN&KVr$_
zKc05<vcJ6i$ahv0e|P(S{c7<iu3fw7>pxt-E?RXzU|(~5=*nmQ*88hJuUeIV+!}hj
z{@k6HU$Q*7{r4X3($fgT&#r!C>jm!@j-NL9obOyZ^E%Bh6!O%+ptn9Hd~fp|zn}cj
zJ?kDl_4b#P+Ij9X=FHO%c3uVgv<iORfGoS>e+X_n4>kj%zq44k>`mmT5l4CYME#7B
z!qg7rxRJv2$@*@9X~1a2X3(2Wa90^QarEgVJ$NDamF8{yVDU8<)8y9u8}Gbr|H>zR
z^#F4EXd{#UIOLcyzwx+vjQ;^XDH0fM+N~!M9O;@et^GrhiBm!RhQD`qc1~CdmTa`#
zaV|2o{mYT5<LgfwYw%zQK#K{Xs~=LxPVFw8DY)bMSszc?JZ)3zZ#l>9A3d_=XLoe(
z#a6G%c~1TO;*Y0vlqrncdPna+I(^^$$wKYcfkV9)yp(+5sNJU-bfH`C4Zan8c-}Kx
zU&!o#vhV!OKkmM3#jj@1n_`~%QDOfNAG2Qd+otZLmp1LcBHs1b$Cpib`Zwk?6WsHY
z&w28Uo8oV59ayyCXUWJX@8x^^$80;VcYg?{pFaQW-CehLpP$|H%z5h;pSJCLv#xml
z7T1(jXEiqF>i(@g+xBeP^w~AfooiV5>>rFbpZtTDesr?`-pUahukLom-oD?zb^4l3
ue>?l-ZTl`;6S}nP<Hwi09NwZYtPY~fe>%9~;^6+*-`KoRa=jAWNBkEYeQ72D

literal 0
HcmV?d00001

diff --git a/signingscript/src/signingscript/data/orgmozillafirefoxdeveloperedition.provisionprofile b/signingscript/src/signingscript/data/orgmozillafirefoxdeveloperedition.provisionprofile
new file mode 100644
index 0000000000000000000000000000000000000000..26da37f7782a8d857a7118fa35d5738aa86905d1
GIT binary patch
literal 12503
zcmdUV3Ahv0*+2KP?<&ZmA^}m<aLHs(WSuRONis<$nXFbcnVC!`naQ3^5*6X9SV8Mj
z)T)Rm+ERDL4Y3rLy4DTF3M#ek7I3SUDq6oY$z4Ie_IsZH)9?G==b0z>%sF$`_x-)U
z_k9o44ZS*I^r@?ys}79s7}>d@8+sDzhPHQhbm+%Iqel$aP8iyG%<v&l_e{CJS;vO%
znahTC&x|izQkNx7jW3nOd~VTf{d{P)hR?BiPRt35W``I@mu>cv#bXxE!h9$b^W&O=
zB$g{0e+coAsAhJTP6rnX60g%?45smW$RMKuedu(!ceZABx>6~erqd~kGC!fVn$PBC
zwP9K3FXan-snYO(&bq({^SKH)8w}I#eb98kTTWyvi^q&!nB^Ob!EhwzP00L0omvEM
z%aszC>|%#l;#2v$2IFfuCsx367V3Jc`ahLKHlbFL9G|O*DUmPv!B=9vud_s{lo;5n
z$q3VSqs3{r4D3zU*G!!QTH;%sVu?!stT<3uY=8{LF1@}B(lZAAX=dYT21|UQu2t1D
zC%=@ar1B;CunF|7%NLCP^w4BE3eJkB61jxHbA6qp5>lDh^==v15nfXF8wFbq77ez5
zFZZ?WUCQW%U|xyE6iGVD85BiaMFCbw1Qtj#jG47M7vrh>Xa%EVE_XgorfaMhrg0BK
z!wS#f6$&jAus(#tijoZwVM9Dpudzh9LE;il;$Df(1qyLl%EY39LegLo=x7*95cWnQ
z8ZcAAnBszCSeT|g7@|j5CsK|F5iA~cL5WDb5HmQyuf0m*4n0SJk!1-2V=@$ix5h*T
z#Z5;MB}s&YV8op9WN;4!XIphhnnJ^2N^z!HFO?w`s!1sn6N9`M2}N4(ScS^Kbx;Q$
zTp!7xNS?tH6e19)AO~G}nX!rWELbarX6Pmz#?4eSPWqTwoo*rsB6!0HOi{jUK;q<Z
zIcY>BRzzF@6ltv^5%H!uLaHS*d4Y-8Es03I90O}h8eIx_+I1qF_hMco#AKV^tYG$v
z**e~Y1MR-chmGsR;6%GFPvMZh#>-MUN#Fu)us2w+r#*XIN1L##-7dz!QkVf}i;x-E
ziwN0bIx7-(1wz2O95C!dVcG_(^{C(m|Ko5yWTfpbKJAM+YET*pnb3SxF*g0O&tc$6
z(4bf_1uaxWa&ZQ))m5~WOR^x6x`4;v$xBR?OH|F(NZjX&x~yq`s%+-Csx20B8Ayhz
zvAnNTkFpL}%I17>sOq#iEh6c{*i70Ob#rzKE^Fm{gO=ciXyP3XArf`v!WCU98)a)c
z7;6@kaygc>!{AJWFho!x%HoZ4NhGOQqIxszx0o@4CnB|K(PgfBVTVp{jl)pA!6ccq
zWQ<!Qd5_7RFNGR)otDVfpg11kNGg&Gav1FrEjqg)gu9(c-4hjA1i}a_%egqeheGNm
z*vy1HKAkZV;uu+$3g!ThlruKkmT`yD37V|4Si<L0OchJkRU-1mO3bN?>0)JBiWO)Q
zgJ~Gan@ALIq9`ob6ik)-0K~wwQ-{E$0%LGWJu_#J!U+tH2uL96&>F<1y>64;IBoJb
zwCM&^wpFQU7(-x05K4%EI}n-$XGud824ozLk!~f1Aauw{!35zV(h%o_EuMzG7BhMk
zkL*xbqAq!4Z!H;YzoRg!5(j#lh|r1`=sz5QRQ=&dI0*iy6+yshRX)Icd-R{n#NiM^
zkxngmumSTxVW2}5p@Ee3E-6V!>7?wHNCN1uGmuY2DIsPEH-JvaZQTe7v0PS&Ma*W>
ziKGEem`TFXWR2lUTx}ciX5vu<0`(by3AMP00Ne-(00*R`2-*XzQ2U9=b%}I()pprf
z)RhHeNvy1Ig1)M86v-qF<}AP(fIVjL&MuSAa5ElM4x0<mAGJSq4z2GF!yqTp0CNI(
z1lFXE7Y#_sNVv*5sVarV2vo&EI^;kAb~?mDo^u8ipJ=ObM$UN1zJqo3<6As30Na8#
z#UZrhLTbx}qM$<mnZgRdGrCppLy#Cae0Mx*x0zz;sNZhQ-~mShNG(oEHE)`NO|5gp
z6dchhKyMY&DYRrP-^KugHw)w^jUYIMHG%9fq~c}B28Dr9z!S;93?d9_3vj<Bs}3Nm
zhhRy$2TO3+8@DukSkqvW>JVKp7im5fLvoz9E|((Jydxhr1}GuU2V!(65cP%YDK=jf
zO$~>(VvbNqz@T-<16p$-$Up_z;>GeZR*V^0Qm<{8;kuK<B}=aALbP0t%?3hEW7<Pu
zXuO7{v2up9z#JFQyHZS;bqDcS*4QvwTxdb0Vz_Lp8Jr=zF&y)01A1>b5?~wdLR`xw
z!(}aOAp=+>osl73n2II{jw5uGUM8}(24?ViQ46ML*hm_&Co4sLQ<P+1k<Iw)sARTP
zk*eMhbV5+A?5rqNhH4~?3d&NjnKM|JimQmTg_uiBqZTylNQpYcfH};fIqbw-+Av1g
z@EmQ?an)+lz!xeeCd$M4JZ3BeVA(*G<cPlLrmRGcUbLu19}=o*?<FBUOaj9LUAW5J
zc&-c3tCT1WA|ox!?hW;6uWG$nG*6OVnn6*FfmGD5V@>r$B_W*^kT^}@FhCX<18ATq
z1R5+7K{9E?Xxs@Wz`GiR3xdZ?#Yoi7z(82I2$1NeYN^3@2nEa{Dglj)ghNTFUf|>q
z3a8~Fu-X*rK*~UKWMBa+6da;p$j(GCn89GPi`A!rwgx07;;6<VoD_#~1V~yOLjp7_
z+YO1Rx2452u%s%}P&JWNrMn4p7+l9#Io!6Y*#P(rMKOkKQVgz2cHIjO#w+C&r=a-4
zL^z!cN!fVB++rE=C<)M5aSyV@890T(=@8J)3L`rzaav)1(u%j*N~+a&1#ojZ83|E%
zHeLYp0qYb5b*_O(pwMOmYQJU&??ga-o81Hm2NVymUN45%0g4+{HbON?1JJ-UhH&cI
z0b<sr03kIwr>hXl0R{#3I_#7bFfSs2OTj?M8v;xWY;k*h5-@^z!(2%k3xy<6PkZFv
z`J}V)XdIxkT>)n%#R;j^m-;OMwX8!Q>k38y!nN6(#7amb4j37aspp-CD991;F_a;Q
zWepUnP>3TO4u)vTMa0Zr*_HJ&g3%M9^%TZdycpZ`HuPdlj;B45kjY0-CNC2f!LPx`
zz*Y<i;{)b2i2VUeppXJBu%U*VBF#a!RvWYw6fSD^1)wTcE%_^U43-K>m@_&;6*P$1
zREvcJd2pz6=YX|qqqJ8MQWTJNLJ@dK2??qNuvhw#dGOjjkwNl7c?L7UDv;ltNA6=_
zRlso7{i*T905&Lxdn}Jhp=c#Dc)S7aL^Gty*`Z?|!a5b7py>abK8*1QS&8Lbz~TVC
z5X}k~aRG})RT74<*%R@C`L)k87Eus5WmDV$<kh;EA)QV{OqI69^)@{bu8}l`6}Acc
zfL;tbYmZnIz@HT`0+d#n3@i6}3m!IV6TKcs&>U)8E#NIQGZ3&mloD^^NeXE*bATzq
zUe+Fx?KKWXFggfVNStl{$2<ZCupLbG2!uM2K|{+UXl4h$%OE)_P*w=l;?gvRA+BBz
zC73kWA>iF0Bnk<ECRKN3U|>yEkDyFBLv5DzFTI}trQq$p-56Zx?c0@<0i&SH3fitC
zaK#l4H4y{ARRU=MET&9$fU^V=tRe^ui?D%&5m%<*Y3gCN$W*coS3?L;tTBLwZEPgN
z<eaPnNyf2iL`H%IW87IuF_{cgt=I8NRHt`ZV~v<(bXj77B-2FvcsLL1!s!_1j_R>S
z-HSjh!*Ru^WaesAxLI+V^;QzA#j0T@9xcdOpM<-qgck)?V=z1MR25^<5u;3EqCgho
z#*)QuvFH+wMzBP|wiY|V+w8<a!C-YjCb2gA@wb@<jj8LT;5=Yg?R5jwg24s>ric(q
z(I{qNow!3XC87)+Gw{Zmoltx*9`{te+D0JlbYME8%;y{Ff?V?{f<Kh=N0@ppXi8MH
zMY0b1AoQ}B#@u??7-DP&FWt02qU@6>gEf=n^3jTcPBk2qtc|5b4$FER`kE({5GV^G
zU}lTE;Z|*AH3l%pRmlUh2h$`ls+8AS6LkzBR1cjyMX+_E3CG*ALIFF`BP$M9Eor0$
z8kkm35OGpXT&7UE<;kLo!u9G4J%~XA?@~k%E*i)KJSuR`f!<@D0)(T*_JJo}jWtY%
zdxeMz*ht(6Y)%7s!Qi19l#~bWz%NGDRpnQiAmzv_Y^HxcK!5w@6EXsuM1+CvN>%Wi
z>$Pbu-N5MogkHocgc_t5y|Mx;fUiJ6H{f`w;E2~!aa#^zO@>T?1f)+N^2z~sBOb`h
zsgjFyT19(U@Ed)uqNOf5Jq>HkXQ7b_j57geJ>e=EgdCcc#A;MVWV=7*C}xBd3v3FA
zj3@&=xsU?JRXNEa-dxaH_FB>r%ty+_pj+lF+8ST28Or5sv561^yeQS1vrw3zcn2_l
z)tht6|DHD&YehuD4Hct61SLl`VPng)4A=nGhpQCY5ZpyLpBCeNUP{d9D)-yMmUr0l
zumDE@av8|PB5V_Qjg2HAd#%1`6Ydb`5TE5OJ~AJ6;er?_8?>2vKFc?0%q?esT$cfc
zp<<g)#tcBd(>UOoA^1=|fekFsaT=wN5LJv>iIO>9NLcukG29HndZ}EJJfRqs@NiYs
zSWkHBXtXKFRd1=xdu<d;=lCM;6H|r~r;tjFp#)nnr_;vR28bAvaZGRE^+XmD$QoBN
z3uM7r*E0pZ(Zh&!u^7>nV=g0J@auz&qN9opVCyhM^^AcG^hU;TB2~rYV!aX}53zOR
z|6yH$d4~cufIL8|w+D0_@GvQ%zVkL=J;lIk9pG$8g2GL8cLvV);uIMMDB~c7kQ49=
zS!!|pM8upU9SD%KIN+EeA!LwpNm;4_TmL_b&_x*4(`12Hn(_H*5=7R7p8qKXQM@P&
z2dG-e<Mf)O6dcVfo>UHw1+{!B8FB<+Ys6BB7Nd~1UNneu7<FZ7)>roF<Jn}@ZD|Bt
zDSxb-rm&DDZ!$zsz+Cd_gcwYDav&OmFe--$mH(Y+j3r>ro5XY|8$?}1GimV?V!-N!
zsbYdrqk)5>F<=h?x1jqy_f|9}^6%=e7jSSKM06-ch{t-PF-QhPSHvcG`h2;bNQ|?r
z@B_vIky|B6*Gpj{U0@r?;Ale-_#F)dN;VJ?L{;>xA)F<NuqkG!ga0KpdJ7^T@fwI^
z${dKiw0xEvC4jSr02TnhOaT!X8;Ihzqpqqv#GT;`h=Qn*oU8}<9UxlUwmTqVk~9D=
zs`Al>X)rf{O%5TP^9OBux{5Zn5iQulL|I4KbhV#|T=@H<mmqS1A*zph7;d021aJeV
zQ4%k3DK;1hS|E2uju15u@8{}n*4^;w8g?;-nj$vB9j=<Nnim$4yr4~?6_$%}bdmSg
z5o1{j1qo83L#9ZWC2Zkxu+HmiZq}0_P?%Hgy))SIb)BaFyZWw><UpKKBls~gPQsB8
zh#vwyqftTNvkK8CPikx+ivjLA*ym?pwr}r2<QSzxb*!#N)u}qbj8^o#$6qZDYRAxZ
zCj%#elTV-#lnBBO307#pkwS2u9>nQT3bhR!(}iHTh@gm>w8V@#9|}o23oMkan8?<{
z5>}F|ac9&TkkWXA<sytW0myl9(Ac!C9$*lx&#tuM7Ziw!n%Z2lT?Ua@5(ZH*5c^Ou
zrxh6ooRdTV^K>FYsDud=inL-QgX;ldclYCz%2NYGOYT7IIjzPx0@|Vhc4>`ll}|E$
zm$?Ci4Yfpl0-ZCY{AA7#D6a@7Arb=Y3npxk&!bo!Web(3yd=#;1fiaBB%FSfC<Kk7
zEi4R(0F7?{^~8U0kkG0~ybKas{mGr4%o%7nMs3{6pn)V@PdZLb%Jn3~y2QSWSZ`*i
zF9X$|1Dl^O3G?MV2z^P3`KflojqA-W@rPyIeqz|ZFXk(JvMX82D`mbkzfetr$#j8)
zS{Ga5TeC?>{d1|5s;!LHpguuk7NB^pE5WjSx!fg`^3_7$>PIi^%WZ+B_v8WxEaub!
zdA0s<nz~OvwpsnNuJ8%@-`lVL0n~Wiz%(XaFNmd|%o>{XU3#d?VEw7A;g97%|7S<j
zk^~SYtchykw+u@X$P$WR6MJ`jVef{wS~6hC{W;UVHhueh`0n;EeZbcC_4Q*5pxSb!
zLGz_TzP&dCJ5e*Oj41O=-XqrfLz`l*!V7$9vBhkK7V3ISJvtEzkyzhkdjue5w<I~U
z&DzD8A#0b(YP5DGlc_`(Z?myBvpH#FE%rml4Y%{-eO>hqqaQG0@A)p&wUXG2H*`<<
z4b(j>1a%Kxv|(sxM`!2c1<O~A`SjJ!n?Bt4<~6&XyW`|_Ux;g=@qJnOj<Fz3pKN9A
zhlYlYnA8~x>L)=*jsS%*lg702>>4u1&exv=%~4;DoiwBUvOlj2&Qb$cE9rbmtTgmf
zpvh{xp_9h9+XeFZiU!!m<EM@{Kzf7TqPH7uW=nkPc%xc`+JAAVs>dLt_2sw)?Jpzw
zlEf(hBh>VIJDIEr@E~`s3XkTe##iqjsPi1xNtpXqGH&2XdRnyB3UznP9=IDF!-ov*
z?wAN}E_96P?C$6oa^o4hXCD0a(U;w`7e4*^N#9OA@YRjSFXoO+UH93tZMU0#ciX&K
zxz~?hJL|%EmB%I=k+^Lk>ss!5@0sfBFFn3)l=JM&mQ(J1Hue28tEaqj->`+<kF1d1
z{b5XL?;ZbKkauodzvf8ls&nr<`*L09ao+F9ZGXx?;M-PzYWJS|UU+s_>c|E0Pe$YA
zi~X;8-%Sr+zPq~4-Er6M_g<1K)SlqWJCCt-pZ4+%@11eV+4rve>nU@`9z5%uRYx8C
zJn0+pk>{0}yX5uz%e(8d#@|rb<%nE<rf|VyWo68!Wb(ng3ahqOPq_Hb#@|1@<+bn6
zKglp=!JI2k*W9%372S$y*T21R>_-oLzi&lk;?(s^v=`0YdZ2S?$B>SVD?fu)?t_j3
z8#`lCN5>DtMnNOMPiMyvXr}t^gkjU5DJv#xUlxhAwbB3lDtqbtrN2HvQ0I+W24N#c
zX-9MnA3n09W0(!HK&IX@)UoR1p353}wp<u+TSF~E#;$~VeWL`#hfP59)nR51n+u%?
zov>lnhMB8o^nA*eqyb;5t>=SR&<wTxgke*LO`g8ynoC`$C+d-}ZvC10sMYpS@7+^{
zCaBdD)s+kbS~3DUV#Ju%Wfqnj(b+Mq6R5;s4FNLIF(m$^`Q}|8j#(eLc}Vwc<%N>&
z@^5C}J^92x-Zlm~>&nM}SDmrf^W4!NEYB`IV%fpd@yhtmo9F)giWm2=Ymkd~O#3su
zIl6wtsEeF$FTMMOo%{FBJL`kJx14v}C+p6CeeIc^q<yvbu1S}ki$46;vOBg-Tl(dP
z6X%^V>6c%e&2M@<?cDRj{a0T<?x4Z4e*O5X&a{nLbM=m+q=(jw{l%Xa@5^`G_9BI!
z_2vb|RPuxAJoLiqAMoJ8+`*qK=o3!%n*;Rb(z3?8;g=rWdchW3ynfe_&cN33<~3{g
z{IPOf`fKv6wRe2EY4g#mE`Rxt5W4Es4+@?1{VTU`y5_aN{`H<qMlb!$_RITTm_2l_
zfb!4a09dvHVA<FPmX6MWdo=t%ha##B8O#Q~2{N`&#0(iAdr$E{f@J>+GTy)9x1(oX
z@#gV_fA8@9%NiGS?X}z-@r3rRnSSw}Z`{(?BX6G#b$&c;@jv{dUp)`r^s8@Pc`mhX
zPWH%`H*S6Z*i)aFdDZ&nxLb%dr@uDEYJC35iPVde#aEu4Ui$is2|Ld_^ZGAO9QsJ;
zGU|-+UvTCVj&>g%o3VNAfxoX?|C0Za$D)4WvQhVI4m^LyJWamv;F1pLl84ZjCf=~<
zZ(8!?W1jiviw|s>uxr_IuRp)&fz$5%YT|?;SB|}R)|B~`oeRgmnVfR_#^RMkF!b2n
zI(YLx4!&1-;lqs{eECdI)_*m8@spM0*dxw|FEXxPc`p>*7awN0B)$2v8GHEh55hA3
zQSy!2jmF9RP0HG5yV{V^-O&UfT02bDCaS8}0+Hd+P@sVWRP{&k<6i<ycZX`NW@v_W
zcZ>of4g=4S9`nX>!#kjrUqYw$Voqnrl;c(4C?9r1tOYh~LI<sUqOWl$wDQ4YR&EA1
zM@-~cUIXl0B`uaUZ2y%eO|qd$<Qken0$eQ9B+BKg%$GGPGb~iv-=x4dy!zxc>KK6f
zCM8}|2DMzG#AzygNd_O}I1QW6waIK*lTT@?Wq#hEfeLx>tvVQJ**CswdJCllTLCOe
z?X%LR;`0wt%@%z9%yO-#tNzgbORj(GZ_4#w)^;e6@3EN|o`2!7*DfNgU;g&`rN5Z>
z+P#+_^~ScZ%GZCogPZt#!)JQq=EdLCf5<*Fa^Jc3^VbA5uiBox_xIQN#$<ocei!@A
z@X_Z?T^c^}_{ysftvO)<v2ka9&bxbGd8qK`iTGdUKKF%O-~Z7AQ>SivYx!*Rb0_ZH
zHSzWAYd6n1;m89w-EmoY<ylW1d-`bImG}JvbAEo7ZT-<-FFHxktTtv2jPHJF&)$u?
zZ-SZAx$Ue`IdIy@dEvdgC(fF%`;qc=-vhfW=RI~&XxDG9-C{rvzOl2oe)&y-hmQT-
zFOfM%o%-~|84ptHma)&cS4{QawtDC8_rH62^hoPH)#@y$d-xgvVdXY_9dR@`m1$3%
zZoR#6<^1ci+s+)gWhy87U*aPwO)@|>$Y9XxZIBJnB!dOA839uQMQa=ifQyUsfV>YI
zI_^X&!D@U#O;ppzsllB@wV>wVH9=9xf%5+Y4)o<oXGBK<Kr#M&f_2a3Bi`?xdH38M
zLr)K69=Z65Q@=W{`<w3Inn@$yOTPK|D{mQx%$k47)9B4Rkhf=?J8Hz<@X2epZA9)k
zHn-@-iC2F#*L=#YlP>yT`+<&=k6)bL@CoTcH~(eMu`}Ko{m7Y_uh(y$S^V}W=Eae>
ztowD>w%oI$9wrx0e{{vMTi#kV#`OB*Z;blz!Oth1`Q}%Xw?6URy8J^AT)Ok&r&0N_
z+Go$aV_$K{tBp7BoV>ugaM6wDoEvf!_8ffmn=kIXdC4tL<EJ}!KYgopP4h3Qo%h4&
z;*jP*o>v|{QM~iZf@?;zk!!rSWz3s5-FMO{``$5VKfitVrMqs=thGJ$(yAxELEL|P
z=CK|?>$E}LohE2pAAog2gZa;oQjJ0{oB;mAK}o2qw+wZzn$=5UfI^oC&=`>9C<*5I
z9AAR;ea$;oo%r9<rS?a_I(B!o*pCW`lR@DK@QfP-i2pnk<i`E~338U+y#cU(>W{;E
zKUDIGUKa&|)DxUJ>=X#l$qj%`uA13<4ui;K&nXP1ldJc^7fvS_-9-)Ii#?;inmqgE
zWu?J3ZsZDRV&8TT8~amia@A-4<}oiku<W~o{{0WES!S7kjd96y_NUen<~ib;4dZ`p
zJ4)L;#{a==_x?@Ww`;W8_n(h0`F_Htd(L|Q+Josk=YICedkgQm<iypdUcLC^&opD-
zo%Gcv^Sfhixc-u5Up~5N#OObq{HI;dKO8u3=JvOFS!2BV*x?s;b%(Dg{OmW5$o#7}
zKY7=SD{e5)KBoBlvrRL1pO?IB_M98TW9?IxZU5D%=_@~Zb;~)c3vb{0y?(9qYv<lC
zsp~%5v>{S;-EUuaJag%@pLYG><4Z1)w_BO_>d)VP(fO-_yZ-FvE;t!8{Pv11FP^n8
zcl@Z~OU}7q+_jqDDfrw^;EhiUzu0!$pNBtq_l8I2-nv7no#8rl(hPlf=jA}3E&+GO
zp_Lc^FTri+;bx%!_WFjEZ$Z=g9OcnN^<(=ABRinu`U<0m>n8%3HtO}NLu)pI`_|A2
z{k6mNzzdo7S;w;S)V<2Qhri#me9z*ek6FNNgih&iWYQl89W&tO{7nP=58#tRf&Qiw
z^*Dq=V@8Z>U%wwZ5{O^#|DBzkLskGw)?e;e3XN>v#~(TP{mBCj9vA|k#gJ*&S+?DI
z%C@D)zPo>D_QF5hIpd0tulwWg7rnc`So;0W6<1v|<)fh|oipYS?|*8IUhve4Z<OiZ
zZgtJM_Li%+Pjfvpea9WOEk}R5_lk*)CDVrJKi(1k_M<tQmd@>BZ!kZ5uVrPlkQn)N
z?$amNue;+R<>BkDly7{F9~K$0^olG0s{3l!f{St&t)cGzdds-t->&+Q-rrriaPhfQ
zul{~Se%G(MA9F1TKk)Y}&fT?RL)HLAx+i`3UHt{?ys1C@GvOIt8M1Ksk=}DVK3snL
zIS*y8c^Tdpes<S2<2?1m<Xe2Mx!gO^pKsZE!>Q)jU(VZn`a9IDJBKWpJaK&YjSrtj
Y?l>^RGGeIv?gzhLzBKs3c;D9l0(#_vvj6}9

literal 0
HcmV?d00001

diff --git a/signingscript/src/signingscript/script.py b/signingscript/src/signingscript/script.py
index 8e23c5602..a60a3991d 100755
--- a/signingscript/src/signingscript/script.py
+++ b/signingscript/src/signingscript/script.py
@@ -143,33 +143,33 @@ def setup_apple_signing_credentials(context):
     if len(scope_credentials) != 1:
         raise SigningScriptError("There should only be 1 scope credential, %s found." % len(scope_credentials))
 
-    context.apple_app_signing_creds_path = os.path.join(
+    context.apple_app_signing_pkcs12_path = os.path.join(
         os.path.dirname(context.config["apple_signing_configs"]),
         "apple_app_signing_creds.p12",
     )
-    unlink(context.apple_app_signing_creds_path)
-    context.apple_installer_signing_creds_path = os.path.join(
+    unlink(context.apple_app_signing_pkcs12_path)
+    context.apple_installer_signing_pkcs12_path = os.path.join(
         os.path.dirname(context.config["apple_signing_configs"]),
         "apple_installer_signing_creds.p12",
     )
-    unlink(context.apple_installer_signing_creds_path)
-    context.apple_signing_creds_pass_path = os.path.join(
+    unlink(context.apple_installer_signing_pkcs12_path)
+    context.apple_signing_pkcs12_pass_path = os.path.join(
         os.path.dirname(context.config["apple_signing_configs"]),
         "apple_signing_creds_pass.passwd",
     )
-    unlink(context.apple_signing_creds_pass_path)
+    unlink(context.apple_signing_pkcs12_pass_path)
 
     # Convert dataclass to dict so json module can read it
     creds_config = asdict(scope_credentials[0])
-    _write_text(context.apple_app_signing_creds_path, base64.b64decode(creds_config["app_credentials"]))
+    _write_text(context.apple_app_signing_pkcs12_path, base64.b64decode(creds_config["app_pkcs12_bundle"]))
 
     # Defaults to using the app credentials (ie: on Try)
-    if creds_config.get("installer_credentials"):
-        _write_text(context.apple_installer_signing_creds_path, base64.b64decode(creds_config["installer_credentials"]))
+    if creds_config.get("installer_pkcs12_bundle"):
+        _write_text(context.apple_installer_signing_pkcs12_path, base64.b64decode(creds_config["installer_pkcs12_bundle"]))
     else:
-        context.apple_installer_signing_creds_path = context.apple_app_signing_creds_path
+        context.apple_installer_signing_pkcs12_path = context.apple_app_signing_pkcs12_path
 
-    _write_text(context.apple_signing_creds_pass_path, creds_config["password"])
+    _write_text(context.apple_signing_pkcs12_pass_path, creds_config["pkcs12_password"])
 
 
 def main():
diff --git a/signingscript/src/signingscript/sign.py b/signingscript/src/signingscript/sign.py
index dfb7dc6c0..f16ce5f42 100644
--- a/signingscript/src/signingscript/sign.py
+++ b/signingscript/src/signingscript/sign.py
@@ -1657,12 +1657,13 @@ async def apple_app_hardened_sign(context, path, *args, **kwargs):
     for file in os.scandir(signing_dir):
         if file.is_dir() and file.name.endswith(".app"):
             # Developer ID Application certificate
-            creds = context.apple_app_signing_creds_path
+            creds = context.apple_app_signing_pkcs12_path
         elif file.is_file() and file.name.endswith(".pkg"):
             # Use installer credentials
-            creds = context.apple_installer_signing_creds_path
+            creds = context.apple_installer_signing_pkcs12_path
         else:
             # If not pkg AND not a directory (.app) - then skip file
+            log.info(f"Skipping unsupported file at root: {file.path}")
             continue
 
         bundle_path = os.path.join(signing_dir, file.path)
@@ -1679,7 +1680,7 @@ async def apple_app_hardened_sign(context, path, *args, **kwargs):
             context.config["work_dir"],
             bundle_path,
             creds,
-            context.apple_signing_creds_pass_path,
+            context.apple_signing_pkcs12_pass_path,
             hardened_sign_config,
         )
         signed = True
diff --git a/signingscript/src/signingscript/utils.py b/signingscript/src/signingscript/utils.py
index 46f42e775..26e51d3bf 100644
--- a/signingscript/src/signingscript/utils.py
+++ b/signingscript/src/signingscript/utils.py
@@ -38,9 +38,9 @@ class AppleNotarization:
 class AppleSigning:
     """Apple signing configuration object."""
 
-    app_credentials: str
-    installer_credentials: str
-    password: str
+    app_pkcs12_bundle: str
+    installer_pkcs12_bundle: str
+    pkcs12_password: str
 
 
 def mkdir(path):
diff --git a/signingscript/tests/conftest.py b/signingscript/tests/conftest.py
index 5e785e29e..79cd744dd 100644
--- a/signingscript/tests/conftest.py
+++ b/signingscript/tests/conftest.py
@@ -59,8 +59,8 @@ def context(tmpdir):
     context.config["apple_signing_configs"] = APPLE_CONFIG_PATH
     context.autograph_configs = load_autograph_configs(SERVER_CONFIG_PATH)
     context.apple_credentials_path = os.path.join(tmpdir, "fakepath")
-    context.apple_app_signing_creds_path = os.path.join(tmpdir, "apple_app.p12")
-    context.apple_installer_signing_creds_path = os.path.join(tmpdir, "apple_installer.p12")
+    context.apple_app_signing_pkcs12_path = os.path.join(tmpdir, "apple_app.p12")
+    context.apple_installer_signing_pkcs12_path = os.path.join(tmpdir, "apple_installer.p12")
     context.apple_signing_creds_path = os.path.join(tmpdir, "apple_p12.passwd")
     mkdir(context.config["work_dir"])
     mkdir(context.config["artifact_dir"])
diff --git a/signingscript/tests/example_apple_signing_config.json b/signingscript/tests/example_apple_signing_config.json
index 1ce2d7fa7..cedc23862 100644
--- a/signingscript/tests/example_apple_signing_config.json
+++ b/signingscript/tests/example_apple_signing_config.json
@@ -1,7 +1,7 @@
 {
   "project:releng:signing:cert:dep-signing": [{
-    "app_credentials": "abcdef",
-    "installer_credentials": "abcdef",
-    "password": "verysecret"
+    "app_pkcs12_bundle": "abcdef",
+    "installer_pkcs12_bundle": "abcdef",
+    "pkcs12_password": "verysecret"
   }]
 }
diff --git a/signingscript/tests/test_rcodesign.py b/signingscript/tests/test_rcodesign.py
index b42e642bf..1ed0f80b5 100644
--- a/signingscript/tests/test_rcodesign.py
+++ b/signingscript/tests/test_rcodesign.py
@@ -179,8 +179,8 @@ async def test_rcodesign_sign(context, mocker):
     app_path.mkdir()
     (app_path / "samplefile").touch()
     (app_path / "samplefile2").touch()
-    context.apple_app_signing_creds_path = workdir / "test_cred.p12"
-    context.apple_signing_creds_pass_path = workdir / "test_cred.passwd"
+    context.apple_app_signing_pkcs12_path = workdir / "test_cred.p12"
+    context.apple_signing_pkcs12_pass_path = workdir / "test_cred.passwd"
     entitlement_file = workdir / "test.xml"
     entitlement_file.touch()
 
@@ -204,8 +204,8 @@ async def test_rcodesign_sign(context, mocker):
     await rcodesign.rcodesign_sign(
         context.config["work_dir"],
         str(app_path),
-        context.apple_app_signing_creds_path,
-        context.apple_signing_creds_pass_path,
+        context.apple_app_signing_pkcs12_path,
+        context.apple_signing_pkcs12_pass_path,
         hardened_sign_config,
     )
     download.assert_called_once()