This is an automated email from the ASF dual-hosted git repository.
hboutemy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-dist-tool.git
The following commit(s) were added to refs/heads/master by this push:
new dab8645 add check PGP KEYS
dab8645 is described below
commit dab864534f92459168e76b75f4f0848f0051202e
Author: Hervé Boutemy <[email protected]>
AuthorDate: Wed Feb 23 21:58:13 2022 +0100
add check PGP KEYS
---
pom.xml | 1 +
.../maven/dist/tools/DistCheckErrorsReport.java | 4 +-
.../maven/dist/tools/pgp/CheckPgpKeysReport.java | 150 +++++++++++++++++++++
src/site/site.xml | 1 +
4 files changed, 155 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index a0e6023..d5d42b4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -261,6 +261,7 @@
<report>list-master-jobs</report>
<report>list-branches</report>
<report>memory-check</report>
+ <report>check-pgp-keys</report>
</reports>
</reportSet>
<reportSet>
diff --git
a/src/main/java/org/apache/maven/dist/tools/DistCheckErrorsReport.java
b/src/main/java/org/apache/maven/dist/tools/DistCheckErrorsReport.java
index 271e5c5..be84000 100644
--- a/src/main/java/org/apache/maven/dist/tools/DistCheckErrorsReport.java
+++ b/src/main/java/org/apache/maven/dist/tools/DistCheckErrorsReport.java
@@ -24,6 +24,7 @@ import java.io.IOException;
import java.util.Locale;
import org.apache.maven.dist.tools.index.DistCheckIndexPageReport;
+import org.apache.maven.dist.tools.pgp.CheckPgpKeysReport;
import org.apache.maven.dist.tools.site.DistCheckSiteReport;
import org.apache.maven.dist.tools.source.DistCheckSourceReleaseReport;
import org.apache.maven.doxia.sink.impl.SinkEventAttributeSet;
@@ -41,7 +42,8 @@ public class DistCheckErrorsReport
extends AbstractDistCheckReport
{
private static final String[] FAILURES_FILENAMES = {
DistCheckSourceReleaseReport.FAILURES_FILENAME,
- DistCheckSiteReport.FAILURES_FILENAME,
DistCheckIndexPageReport.FAILURES_FILENAME };
+ DistCheckSiteReport.FAILURES_FILENAME,
DistCheckIndexPageReport.FAILURES_FILENAME,
+ CheckPgpKeysReport.FAILURES_FILENAME };
private static final String EOL = System.getProperty( "line.separator" );
diff --git
a/src/main/java/org/apache/maven/dist/tools/pgp/CheckPgpKeysReport.java
b/src/main/java/org/apache/maven/dist/tools/pgp/CheckPgpKeysReport.java
new file mode 100644
index 0000000..040a038
--- /dev/null
+++ b/src/main/java/org/apache/maven/dist/tools/pgp/CheckPgpKeysReport.java
@@ -0,0 +1,150 @@
+package org.apache.maven.dist.tools.pgp;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.PrintWriter;
+import java.io.Reader;
+import java.io.StringWriter;
+import java.net.URL;
+import java.util.Locale;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.maven.dist.tools.AbstractDistCheckReport;
+import org.apache.maven.dist.tools.ConfigurationLineInfo;
+import org.apache.maven.doxia.sink.Sink;
+import org.apache.maven.plugin.MojoExecutionException;
+import org.apache.maven.plugins.annotations.Mojo;
+import org.apache.maven.reporting.MavenReportException;
+
+/**
+ * Check PGP KEYS files.
+ */
+@Mojo( name = "check-pgp-keys", requiresProject = false )
+public class CheckPgpKeysReport
+ extends AbstractDistCheckReport
+{
+ public static final String FAILURES_FILENAME = "check-pgp-keys.log";
+
+ public static final String PROJECT_KEYS_URL =
"https://svn.apache.org/repos/asf/maven/project/KEYS";;
+
+ public static final String DIST_KEYS_URL =
"https://dist.apache.org/repos/dist/release/maven/KEYS";;
+
+ @Override
+ protected String getFailuresFilename()
+ {
+ return FAILURES_FILENAME;
+ }
+
+ @Override
+ public String getName( Locale locale )
+ {
+ return "Dist Tool> Check PGP KEYS";
+ }
+
+ @Override
+ public String getDescription( Locale locale )
+ {
+ return "Verification of PGP KEYS files";
+ }
+
+ @Override
+ protected boolean isIndexPageCheck()
+ {
+ return false;
+ }
+
+ @Override
+ protected void executeReport( Locale locale )
+ throws MavenReportException
+ {
+ String projectKeys = fetchUrl( PROJECT_KEYS_URL );
+ String distKeys = fetchUrl( DIST_KEYS_URL );
+
+ if ( !projectKeys.equals( distKeys ) )
+ {
+ File failure = new File( outputDirectory, FAILURES_FILENAME );
+ try ( PrintWriter output = new PrintWriter( new FileWriter(
failure ) ) )
+ {
+ output.println( "PGP KEYS files content is different: " +
DIST_KEYS_URL + " vs " + PROJECT_KEYS_URL );
+ }
+ catch ( Exception e )
+ {
+ getLog().error( "Cannot append to " + getFailuresFilename() );
+ }
+ }
+
+ Sink sink = getSink();
+ sink.head();
+ sink.title();
+ sink.text( "Check PGP KEYS files" );
+ sink.title_();
+ sink.head_();
+
+ sink.body();
+ sink.section1();
+ sink.paragraph();
+ sink.rawText( "Check that official Maven PGP KEYS file from
distribution area " + DIST_KEYS_URL
+ + " matches intermediate one in Maven Subvefrsion tree " +
PROJECT_KEYS_URL );
+ sink.paragraph_();
+ sink.paragraph();
+ if ( projectKeys.equals( distKeys ) )
+ {
+ iconSuccess( sink );
+ }
+ else
+ {
+ iconError( sink );
+ }
+ sink.paragraph_();
+ sink.verbatim( true );
+ sink.rawText( distKeys );
+ sink.verbatim_();
+ sink.section1_();
+ sink.body_();
+ sink.close();
+ }
+
+ @Override
+ protected void checkArtifact( ConfigurationLineInfo request, String
repoBase )
+ throws MojoExecutionException
+ {
+ }
+
+ private String fetchUrl( String url )
+ throws MavenReportException
+ {
+ try ( InputStream in = new URL( url ).openStream();
+ Reader reader = new InputStreamReader( in, "UTF-8" );
+ StringWriter writer = new StringWriter() )
+ {
+ IOUtils.copy( reader, writer );
+ return writer.toString();
+ }
+ catch ( IOException ioe )
+ {
+ throw new MavenReportException( "cannot fetch " + url, ioe );
+ }
+ }
+}
diff --git a/src/site/site.xml b/src/site/site.xml
index eac8912..09a921b 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -32,6 +32,7 @@ under the License.
<item name="Check Source Release"
href="dist-tool-check-source-release.html" />
<item name="Check Sites" href="dist-tool-check-site.html" />
<item name="Check Index Pages"
href="dist-tool-check-index-page.html" />
+ <item name="Check PGP KEYS" href="dist-tool-check-pgp-keys.html" />
<item name="Check Errors" href="dist-tool-check-errors.html" />
</menu>
<menu name="Dist Tool Informations">
