Support gpg signatures for release artifacts in ant build

2017-04-16 20:11:48 +08:00 · 2017-04-16 20:11:48 +08:00 · a400331148
parent b30e17f442
commit a400331148
3 changed files with 26 additions and 6 deletions
--- a/build.xml
+++ b/build.xml
@ -47,6 +47,19 @@
 	</macrodef>


+	<!-- sign with gpg macro -->
+	<macrodef name="gpg-sign">
+		<element name="filesets" implicit="yes" />
+		<sequential>
+			<apply executable="gpg">
+				<arg line="--verbose --batch --yes --local-user ${package.maintainer} --sign" />
+				<srcfile />
+				<filesets />
+			</apply>
+		</sequential>
+	</macrodef>
+
+
 	<target name="resolve" description="Retrieve dependencies with Apache Ivy">
 		<delete dir="${dir.lib}/ivy" />
 		<ivy:retrieve pattern="${dir.lib}/ivy/[type]/[artifact].[ext]" />
@ -648,7 +661,7 @@
 	<target name="portable" description="Build portable package" depends="revision">
 		<tar destfile="${dir.dist}/${release}-portable.tar.xz" compression="xz" longfile="posix" encoding="utf-8">
 			<tarfileset file="${path.fatjar}" fullpath="FileBot.jar" />
-			<tarfileset dir="${dir.installer}/portable" includes="*.exe, *.ini, *.cmd, *.pub" />
+			<tarfileset dir="${dir.installer}/portable" includes="*.exe, *.ini, *.cmd" />
 			<tarfileset dir="${dir.installer}/portable" includes="*.sh" filemode="755" />

 			<!-- include native libraries for all supported platforms -->
@ -656,6 +669,9 @@
 			<tarfileset prefix="lib/aarch64" dir="${dir.lib}/native/linux-armv8" includes="*.so" />
 			<tarfileset prefix="lib/i686" dir="${dir.lib}/native/linux-i686" includes="*.so" />
 			<tarfileset prefix="lib/x86_64" dir="${dir.lib}/native/linux-amd64" includes="*.so" />
+
+			<!-- include maintainer public key -->
+			<tarfileset dir="${dir.installer}/gpg" includes="maintainer.pub" />
 		</tar>
 	</target>

@ -968,9 +984,13 @@


 	<target name="deploy-beta-jar" depends="fatjar" description="Build and deploy the latest jar">
-		<xz src="${path.fatjar}" destfile="${path.fatjar}.xz" />
-		<scp file="${path.fatjar}.xz" remoteTofile="${deploy.release}/HEAD/filebot-r${revision}.jar.xz" trust="yes" verbose="true" sftp="true" keyfile="${deploy.keyfile}" />
-		<scp file="${path.fatjar}.xz" remoteTofile="${deploy.release}/HEAD/FileBot.jar.xz" trust="yes" verbose="true" sftp="true" keyfile="${deploy.keyfile}" />
+		<xz src="${path.fatjar}" destfile="${dir.release}/FileBot.jar.xz" />
+		<gpg-sign>
+			<fileset dir="${dir.release}" includes="*.jar.xz" />
+		</gpg-sign>
+		<scp todir="${deploy.release}/HEAD" trust="yes" verbose="true" sftp="true" keyfile="${deploy.keyfile}">
+			<fileset dir="${dir.release}" includes="*.jar.xz.gpg" />
+		</scp>
 	</target>


--- a/installer/portable/filebot.pub
+++ b/installer/portable/filebot.pub
--- a/installer/portable/update-filebot.sh
+++ b/installer/portable/update-filebot.sh
@ -22,7 +22,7 @@ cd "$WORKING_DIR"


 # update core application files
-PACKAGE_NAME="FileBot.jar.xz.sig"
+PACKAGE_NAME="FileBot.jar.xz.gpg"
 PACKAGE_FILE="$APP_ROOT/$PACKAGE_NAME"
 PACKAGE_URL="https://sourceforge.net/projects/filebot/files/filebot/HEAD/$PACKAGE_NAME"

@ -59,7 +59,7 @@ GPG_HOME="$APP_ROOT/data/.gpg"
 JAR_XZ_FILE="$APP_ROOT/FileBot.jar.xz"

 if [ ! -d "$GPG_HOME" ]; then
-	mkdir -p "$GPG_HOME" && chmod 700 "$GPG_HOME" && gpg --homedir "$GPG_HOME" --import "$APP_ROOT/filebot.pub"
+	mkdir -p "$GPG_HOME" && chmod 700 "$GPG_HOME" && gpg --homedir "$GPG_HOME" --import "$APP_ROOT/maintainer.pub"
 fi

 # verify signature and extract jar