diff options
Diffstat (limited to 'buildSrc')
-rwxr-xr-x | buildSrc/generate-public-key.sh | 4 | ||||
-rwxr-xr-x | buildSrc/moulsign.sh | 2 | ||||
-rw-r--r-- | buildSrc/moulsign.sh.asc | 3 | ||||
-rwxr-xr-x | buildSrc/signhash.sh | 34 | ||||
-rw-r--r-- | buildSrc/src/main/kotlin/neubs/customSign.kt | 55 | ||||
-rw-r--r-- | buildSrc/src/main/kotlin/neubs/versioning.kt | 17 |
6 files changed, 108 insertions, 7 deletions
diff --git a/buildSrc/generate-public-key.sh b/buildSrc/generate-public-key.sh index 3f778c53..d02fde94 100755 --- a/buildSrc/generate-public-key.sh +++ b/buildSrc/generate-public-key.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Copyright (C) 2022 NotEnoughUpdates contributors # @@ -19,7 +19,7 @@ # -output="$(dirname $(dirname $(readlink -f "$0")))/src/main/resources/moulberry.key" +output="$(dirname $(dirname $(readlink -f "$0")))/src/main/resources/trusted_team_members/$(basename "$2").key" echo processing rsa input key from $1, and outputting to $output diff --git a/buildSrc/moulsign.sh b/buildSrc/moulsign.sh index dacb8ec3..b5980353 100755 --- a/buildSrc/moulsign.sh +++ b/buildSrc/moulsign.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Copyright (C) 2022 NotEnoughUpdates contributors # diff --git a/buildSrc/moulsign.sh.asc b/buildSrc/moulsign.sh.asc new file mode 100644 index 00000000..0c9538b8 --- /dev/null +++ b/buildSrc/moulsign.sh.asc @@ -0,0 +1,3 @@ +QJ'D½ =eCGs7kz=qC[ +n+#7tu.X)ΕUJQZujiGzgR(.F{AO̢cvLMPSKCqVٻN^8ɴ!#79cl*=jF ҥ)`y#(r4 +SDǚ11kc0sah[UzW:@o0arkỶ9Pmdаr%mg>5T|@)C14٬|x [
\ No newline at end of file diff --git a/buildSrc/signhash.sh b/buildSrc/signhash.sh new file mode 100755 index 00000000..48172852 --- /dev/null +++ b/buildSrc/signhash.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# +# Copyright (C) 2024 NotEnoughUpdates contributors +# +# This file is part of NotEnoughUpdates. +# +# NotEnoughUpdates is free software: you can redistribute it +# and/or modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. +# +# NotEnoughUpdates is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with NotEnoughUpdates. If not, see <https://www.gnu.org/licenses/>. +# + +if [[ $# -ne 3 ]]; then + echo "Usage: <keypath> <key name> <hash>" + exit 1 +fi + +echo use key $1, label $2, signing hash $3 +work=$(mktemp) +echo $work +echo "$3" | tr '[:lower:]' '[:upper:]' |tr -d '\n ' > "$work" +openssl dgst -sign "$1" "$work" > "_$2.asc" +echo signature saved to "_$2.asc" + + + diff --git a/buildSrc/src/main/kotlin/neubs/customSign.kt b/buildSrc/src/main/kotlin/neubs/customSign.kt new file mode 100644 index 00000000..8140d71b --- /dev/null +++ b/buildSrc/src/main/kotlin/neubs/customSign.kt @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2024 NotEnoughUpdates contributors + * + * This file is part of NotEnoughUpdates. + * + * NotEnoughUpdates is free software: you can redistribute it + * and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation, either + * version 3 of the License, or (at your option) any later version. + * + * NotEnoughUpdates is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with NotEnoughUpdates. If not, see <https://www.gnu.org/licenses/>. + */ + +package neubs + +import org.gradle.api.DefaultTask +import org.gradle.api.tasks.TaskAction +import java.security.KeyFactory +import java.security.Signature +import java.security.spec.PKCS8EncodedKeySpec + +abstract class CustomSignTask : DefaultTask() { + + @TaskAction + fun run() { + println("Hash to sign: ") + val hash = readLine()!!.trim().toUpperCase() + require(hash.matches("[A-F0-9]{64}".toRegex())) { "Please provide a valid sha256 hash" } + val secrets = project.file("secrets").listFiles()?.toList() + ?.filter { !it.name.startsWith(".") } ?: emptyList() + + if (secrets.isEmpty()) error("Could not find any secret files.") + secrets.forEach { require(it.name.endsWith(".der")) { "Invalid secret file ${it.name}" } } + project.file("build/signatures").mkdirs() + for (secret in secrets) { + val keySpec = PKCS8EncodedKeySpec(secret.readBytes()) + val signature = Signature.getInstance("SHA256withRSA") + signature.initSign(KeyFactory.getInstance("RSA").generatePrivate(keySpec)) + signature.update(hash.encodeToByteArray()) + val file = project.file("build/signatures/_${secret.nameWithoutExtension}.asc") + file.writeBytes(signature.sign()) + println("Generated signature at ${file.absolutePath}") + } + } + + init { + outputs.upToDateWhen { false } + } +} diff --git a/buildSrc/src/main/kotlin/neubs/versioning.kt b/buildSrc/src/main/kotlin/neubs/versioning.kt index 9294e164..24e6cc05 100644 --- a/buildSrc/src/main/kotlin/neubs/versioning.kt +++ b/buildSrc/src/main/kotlin/neubs/versioning.kt @@ -22,15 +22,24 @@ package neubs import org.gradle.api.Project import java.io.ByteArrayOutputStream -fun Project.setVersionFromEnvironment(baseVersion: String) { +fun Project.setVersionFromEnvironment(): String { + val baseVersion = run { + val baos = ByteArrayOutputStream() + exec { + commandLine("git", "describe", "--tags", "--abbrev=0") + standardOutput = baos + isIgnoreExitValue = true + } + (baos.toByteArray()).decodeToString().trim() + } val buildExtra = mutableListOf<String>() val buildVersion = properties["BUILD_VERSION"] as? String if (buildVersion != null) buildExtra.add(buildVersion) - if (System.getenv("CI") == "true") buildExtra.add("ci") + if (System.getenv("CI") == "true" && System.getenv("NEU_RELEASE") != "true") buildExtra.add("ci") val stdout = ByteArrayOutputStream() val execResult = exec { - commandLine("git", "describe", "--always", "--first-parent", "--abbrev=7") + commandLine("git", "rev-parse", "--short", "HEAD") standardOutput = stdout isIgnoreExitValue = true } @@ -49,6 +58,6 @@ fun Project.setVersionFromEnvironment(baseVersion: String) { } version = baseVersion + (if (buildExtra.isEmpty()) "" else buildExtra.joinToString(prefix = "+", separator = ".")) - + return baseVersion } |