aboutsummaryrefslogtreecommitdiff
path: root/buildSrc
diff options
context:
space:
mode:
Diffstat (limited to 'buildSrc')
-rwxr-xr-xbuildSrc/generate-public-key.sh4
-rwxr-xr-xbuildSrc/moulsign.sh2
-rw-r--r--buildSrc/moulsign.sh.asc3
-rwxr-xr-xbuildSrc/signhash.sh34
-rw-r--r--buildSrc/src/main/kotlin/neubs/customSign.kt55
-rw-r--r--buildSrc/src/main/kotlin/neubs/versioning.kt17
6 files changed, 108 insertions, 7 deletions
diff --git a/buildSrc/generate-public-key.sh b/buildSrc/generate-public-key.sh
index 3f778c53..d02fde94 100755
--- a/buildSrc/generate-public-key.sh
+++ b/buildSrc/generate-public-key.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Copyright (C) 2022 NotEnoughUpdates contributors
#
@@ -19,7 +19,7 @@
#
-output="$(dirname $(dirname $(readlink -f "$0")))/src/main/resources/moulberry.key"
+output="$(dirname $(dirname $(readlink -f "$0")))/src/main/resources/trusted_team_members/$(basename "$2").key"
echo processing rsa input key from $1, and outputting to $output
diff --git a/buildSrc/moulsign.sh b/buildSrc/moulsign.sh
index dacb8ec3..b5980353 100755
--- a/buildSrc/moulsign.sh
+++ b/buildSrc/moulsign.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Copyright (C) 2022 NotEnoughUpdates contributors
#
diff --git a/buildSrc/moulsign.sh.asc b/buildSrc/moulsign.sh.asc
new file mode 100644
index 00000000..0c9538b8
--- /dev/null
+++ b/buildSrc/moulsign.sh.asc
@@ -0,0 +1,3 @@
+QJ'D½ =eCGs7kz =qC[
+n+#7tu.X)ΕUJQZuj iGzgR(.F{AO̢cvLMPSKCqVٻN^8ɴ!#79cl*=jF ҥ)`y#(r4
+SDǚ11kc0s ah[UzW:@o0arkỶ9Pmdаr%mg>5T|@)C14٬|x [ \ No newline at end of file
diff --git a/buildSrc/signhash.sh b/buildSrc/signhash.sh
new file mode 100755
index 00000000..48172852
--- /dev/null
+++ b/buildSrc/signhash.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+#
+# Copyright (C) 2024 NotEnoughUpdates contributors
+#
+# This file is part of NotEnoughUpdates.
+#
+# NotEnoughUpdates is free software: you can redistribute it
+# and/or modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+#
+# NotEnoughUpdates is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with NotEnoughUpdates. If not, see <https://www.gnu.org/licenses/>.
+#
+
+if [[ $# -ne 3 ]]; then
+ echo "Usage: <keypath> <key name> <hash>"
+ exit 1
+fi
+
+echo use key $1, label $2, signing hash $3
+work=$(mktemp)
+echo $work
+echo "$3" | tr '[:lower:]' '[:upper:]' |tr -d '\n ' > "$work"
+openssl dgst -sign "$1" "$work" > "_$2.asc"
+echo signature saved to "_$2.asc"
+
+
+
diff --git a/buildSrc/src/main/kotlin/neubs/customSign.kt b/buildSrc/src/main/kotlin/neubs/customSign.kt
new file mode 100644
index 00000000..8140d71b
--- /dev/null
+++ b/buildSrc/src/main/kotlin/neubs/customSign.kt
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2024 NotEnoughUpdates contributors
+ *
+ * This file is part of NotEnoughUpdates.
+ *
+ * NotEnoughUpdates is free software: you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * NotEnoughUpdates is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with NotEnoughUpdates. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package neubs
+
+import org.gradle.api.DefaultTask
+import org.gradle.api.tasks.TaskAction
+import java.security.KeyFactory
+import java.security.Signature
+import java.security.spec.PKCS8EncodedKeySpec
+
+abstract class CustomSignTask : DefaultTask() {
+
+ @TaskAction
+ fun run() {
+ println("Hash to sign: ")
+ val hash = readLine()!!.trim().toUpperCase()
+ require(hash.matches("[A-F0-9]{64}".toRegex())) { "Please provide a valid sha256 hash" }
+ val secrets = project.file("secrets").listFiles()?.toList()
+ ?.filter { !it.name.startsWith(".") } ?: emptyList()
+
+ if (secrets.isEmpty()) error("Could not find any secret files.")
+ secrets.forEach { require(it.name.endsWith(".der")) { "Invalid secret file ${it.name}" } }
+ project.file("build/signatures").mkdirs()
+ for (secret in secrets) {
+ val keySpec = PKCS8EncodedKeySpec(secret.readBytes())
+ val signature = Signature.getInstance("SHA256withRSA")
+ signature.initSign(KeyFactory.getInstance("RSA").generatePrivate(keySpec))
+ signature.update(hash.encodeToByteArray())
+ val file = project.file("build/signatures/_${secret.nameWithoutExtension}.asc")
+ file.writeBytes(signature.sign())
+ println("Generated signature at ${file.absolutePath}")
+ }
+ }
+
+ init {
+ outputs.upToDateWhen { false }
+ }
+}
diff --git a/buildSrc/src/main/kotlin/neubs/versioning.kt b/buildSrc/src/main/kotlin/neubs/versioning.kt
index 9294e164..24e6cc05 100644
--- a/buildSrc/src/main/kotlin/neubs/versioning.kt
+++ b/buildSrc/src/main/kotlin/neubs/versioning.kt
@@ -22,15 +22,24 @@ package neubs
import org.gradle.api.Project
import java.io.ByteArrayOutputStream
-fun Project.setVersionFromEnvironment(baseVersion: String) {
+fun Project.setVersionFromEnvironment(): String {
+ val baseVersion = run {
+ val baos = ByteArrayOutputStream()
+ exec {
+ commandLine("git", "describe", "--tags", "--abbrev=0")
+ standardOutput = baos
+ isIgnoreExitValue = true
+ }
+ (baos.toByteArray()).decodeToString().trim()
+ }
val buildExtra = mutableListOf<String>()
val buildVersion = properties["BUILD_VERSION"] as? String
if (buildVersion != null) buildExtra.add(buildVersion)
- if (System.getenv("CI") == "true") buildExtra.add("ci")
+ if (System.getenv("CI") == "true" && System.getenv("NEU_RELEASE") != "true") buildExtra.add("ci")
val stdout = ByteArrayOutputStream()
val execResult = exec {
- commandLine("git", "describe", "--always", "--first-parent", "--abbrev=7")
+ commandLine("git", "rev-parse", "--short", "HEAD")
standardOutput = stdout
isIgnoreExitValue = true
}
@@ -49,6 +58,6 @@ fun Project.setVersionFromEnvironment(baseVersion: String) {
}
version = baseVersion + (if (buildExtra.isEmpty()) "" else buildExtra.joinToString(prefix = "+", separator = "."))
-
+ return baseVersion
}