From afd3f0f861ebe7f8957eb6abc6e19f92c7b5896a Mon Sep 17 00:00:00 2001 From: Linnea Gräf Date: Fri, 12 Apr 2024 14:32:41 +0200 Subject: Add in-game updater (#1050) Co-authored-by: IRONM00N <64110067+IRONM00N@users.noreply.github.com> --- buildSrc/generate-public-key.sh | 4 +- buildSrc/moulsign.sh | 2 +- buildSrc/moulsign.sh.asc | 3 ++ buildSrc/signhash.sh | 34 +++++++++++++++++ buildSrc/src/main/kotlin/neubs/customSign.kt | 55 ++++++++++++++++++++++++++++ buildSrc/src/main/kotlin/neubs/versioning.kt | 17 +++++++-- 6 files changed, 108 insertions(+), 7 deletions(-) create mode 100644 buildSrc/moulsign.sh.asc create mode 100755 buildSrc/signhash.sh create mode 100644 buildSrc/src/main/kotlin/neubs/customSign.kt (limited to 'buildSrc') diff --git a/buildSrc/generate-public-key.sh b/buildSrc/generate-public-key.sh index 3f778c53..d02fde94 100755 --- a/buildSrc/generate-public-key.sh +++ b/buildSrc/generate-public-key.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Copyright (C) 2022 NotEnoughUpdates contributors # @@ -19,7 +19,7 @@ # -output="$(dirname $(dirname $(readlink -f "$0")))/src/main/resources/moulberry.key" +output="$(dirname $(dirname $(readlink -f "$0")))/src/main/resources/trusted_team_members/$(basename "$2").key" echo processing rsa input key from $1, and outputting to $output diff --git a/buildSrc/moulsign.sh b/buildSrc/moulsign.sh index dacb8ec3..b5980353 100755 --- a/buildSrc/moulsign.sh +++ b/buildSrc/moulsign.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Copyright (C) 2022 NotEnoughUpdates contributors # diff --git a/buildSrc/moulsign.sh.asc b/buildSrc/moulsign.sh.asc new file mode 100644 index 00000000..0c9538b8 --- /dev/null +++ b/buildSrc/moulsign.sh.asc @@ -0,0 +1,3 @@ +QJ'D½ =eCGs7kz =qC[ +n+#7tu.X)ΕUJQZuj iGzgR(.F{AO̢cvLMPSKCqVٻN^8ɴ!#79cl*=jF ҥ)`y#(r4 +SDǚ11kc0s ah[UzW:@o0arkỶ9Pmdаr%mg>5T|@)C14٬|x [ \ No newline at end of file diff --git a/buildSrc/signhash.sh b/buildSrc/signhash.sh new file mode 100755 index 00000000..48172852 --- /dev/null +++ b/buildSrc/signhash.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# +# Copyright (C) 2024 NotEnoughUpdates contributors +# +# This file is part of NotEnoughUpdates. +# +# NotEnoughUpdates is free software: you can redistribute it +# and/or modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation, either +# version 3 of the License, or (at your option) any later version. +# +# NotEnoughUpdates is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with NotEnoughUpdates. If not, see . +# + +if [[ $# -ne 3 ]]; then + echo "Usage: " + exit 1 +fi + +echo use key $1, label $2, signing hash $3 +work=$(mktemp) +echo $work +echo "$3" | tr '[:lower:]' '[:upper:]' |tr -d '\n ' > "$work" +openssl dgst -sign "$1" "$work" > "_$2.asc" +echo signature saved to "_$2.asc" + + + diff --git a/buildSrc/src/main/kotlin/neubs/customSign.kt b/buildSrc/src/main/kotlin/neubs/customSign.kt new file mode 100644 index 00000000..8140d71b --- /dev/null +++ b/buildSrc/src/main/kotlin/neubs/customSign.kt @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2024 NotEnoughUpdates contributors + * + * This file is part of NotEnoughUpdates. + * + * NotEnoughUpdates is free software: you can redistribute it + * and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation, either + * version 3 of the License, or (at your option) any later version. + * + * NotEnoughUpdates is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with NotEnoughUpdates. If not, see . + */ + +package neubs + +import org.gradle.api.DefaultTask +import org.gradle.api.tasks.TaskAction +import java.security.KeyFactory +import java.security.Signature +import java.security.spec.PKCS8EncodedKeySpec + +abstract class CustomSignTask : DefaultTask() { + + @TaskAction + fun run() { + println("Hash to sign: ") + val hash = readLine()!!.trim().toUpperCase() + require(hash.matches("[A-F0-9]{64}".toRegex())) { "Please provide a valid sha256 hash" } + val secrets = project.file("secrets").listFiles()?.toList() + ?.filter { !it.name.startsWith(".") } ?: emptyList() + + if (secrets.isEmpty()) error("Could not find any secret files.") + secrets.forEach { require(it.name.endsWith(".der")) { "Invalid secret file ${it.name}" } } + project.file("build/signatures").mkdirs() + for (secret in secrets) { + val keySpec = PKCS8EncodedKeySpec(secret.readBytes()) + val signature = Signature.getInstance("SHA256withRSA") + signature.initSign(KeyFactory.getInstance("RSA").generatePrivate(keySpec)) + signature.update(hash.encodeToByteArray()) + val file = project.file("build/signatures/_${secret.nameWithoutExtension}.asc") + file.writeBytes(signature.sign()) + println("Generated signature at ${file.absolutePath}") + } + } + + init { + outputs.upToDateWhen { false } + } +} diff --git a/buildSrc/src/main/kotlin/neubs/versioning.kt b/buildSrc/src/main/kotlin/neubs/versioning.kt index 9294e164..24e6cc05 100644 --- a/buildSrc/src/main/kotlin/neubs/versioning.kt +++ b/buildSrc/src/main/kotlin/neubs/versioning.kt @@ -22,15 +22,24 @@ package neubs import org.gradle.api.Project import java.io.ByteArrayOutputStream -fun Project.setVersionFromEnvironment(baseVersion: String) { +fun Project.setVersionFromEnvironment(): String { + val baseVersion = run { + val baos = ByteArrayOutputStream() + exec { + commandLine("git", "describe", "--tags", "--abbrev=0") + standardOutput = baos + isIgnoreExitValue = true + } + (baos.toByteArray()).decodeToString().trim() + } val buildExtra = mutableListOf() val buildVersion = properties["BUILD_VERSION"] as? String if (buildVersion != null) buildExtra.add(buildVersion) - if (System.getenv("CI") == "true") buildExtra.add("ci") + if (System.getenv("CI") == "true" && System.getenv("NEU_RELEASE") != "true") buildExtra.add("ci") val stdout = ByteArrayOutputStream() val execResult = exec { - commandLine("git", "describe", "--always", "--first-parent", "--abbrev=7") + commandLine("git", "rev-parse", "--short", "HEAD") standardOutput = stdout isIgnoreExitValue = true } @@ -49,6 +58,6 @@ fun Project.setVersionFromEnvironment(baseVersion: String) { } version = baseVersion + (if (buildExtra.isEmpty()) "" else buildExtra.joinToString(prefix = "+", separator = ".")) - + return baseVersion } -- cgit