Git commit 900d4ba9ec15f06f85721cbe2faad160de32ef87 by Harald Sitter. Committed on 05/06/2016 at 08:57. Pushed by sitter into branch 'master'.
implement signing of archives all release archives are signed by default with the default key of the user probably could use some improvements WRT specfiying which key to use etc CCMAIL: [email protected] CCMAIL: [email protected] A +34 -0 lib/archive_signer.rb M +2 -0 lib/release.rb M +1 -1 lib/requirement_checker.rb A +- -- test/data/keyring/private-keys-v1.d/3BF251A99E11FF6775E40E728275619C431E2267.key A +- -- test/data/keyring/private-keys-v1.d/76257CD89318E4D3DA24CC22055BE47E6D575BF5.key A +- -- test/data/keyring/pubring.kbx A +- -- test/data/keyring/trustdb.gpg M +5 -0 test/lib/testme.rb A +43 -0 test/test_archive_signer.rb M +1 -0 test/test_release.rb http://commits.kde.org/releaseme/900d4ba9ec15f06f85721cbe2faad160de32ef87 diff --git a/lib/archive_signer.rb b/lib/archive_signer.rb new file mode 100644 index 0000000..4b4f076 --- /dev/null +++ b/lib/archive_signer.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true +# +# Copyright (C) 2016 Harald Sitter <[email protected]> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License or (at your option) version 3 or any later version +# accepted by the membership of KDE e.V. (or its successor approved +# by the membership of KDE e.V.), which shall act as a proxy +# defined in Section 14 of version 3 of the license. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +class ArchiveSigner + attr_reader :signature + + def initalize + @signature = nil + end + + def sign(archive) + file = archive.filename + sigfile = "#{file}.sig" + system("gpg2 --armor --detach-sign -o #{sigfile} #{file}") || raise + @signature = File.absolute_path(sigfile) + end +end diff --git a/lib/release.rb b/lib/release.rb index 4e832d0..8ed9878 100644 --- a/lib/release.rb +++ b/lib/release.rb @@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. #++ +require_relative 'archive_signer' require_relative 'documentation' require_relative 'l10n' require_relative 'logable' @@ -89,5 +90,6 @@ class Release source.clean(project.vcs) @archive_.directory = source.target @archive_.create + ArchiveSigner.new.sign(@archive_) end end diff --git a/lib/requirement_checker.rb b/lib/requirement_checker.rb index c7995ac..c2ba63c 100644 --- a/lib/requirement_checker.rb +++ b/lib/requirement_checker.rb @@ -1,6 +1,6 @@ class RequirementChecker COMPATIBLE_RUBIES = %w(2.1.0 2.2.0 2.3.0) - REQUIRED_BINARIES = %w(svn git tar xz msgfmt) + REQUIRED_BINARIES = %w(svn git tar xz msgfmt gpg2) def initialize @ruby_version = RUBY_VERSION diff --git a/test/data/keyring/private-keys-v1.d/3BF251A99E11FF6775E40E728275619C431E2267.key b/test/data/keyring/private-keys-v1.d/3BF251A99E11FF6775E40E728275619C431E2267.key new file mode 100644 index 0000000..fd87924 Binary files /dev/null and b/test/data/keyring/private-keys-v1.d/3BF251A99E11FF6775E40E728275619C431E2267.key differ diff --git a/test/data/keyring/private-keys-v1.d/76257CD89318E4D3DA24CC22055BE47E6D575BF5.key b/test/data/keyring/private-keys-v1.d/76257CD89318E4D3DA24CC22055BE47E6D575BF5.key new file mode 100644 index 0000000..c32eda3 Binary files /dev/null and b/test/data/keyring/private-keys-v1.d/76257CD89318E4D3DA24CC22055BE47E6D575BF5.key differ diff --git a/test/data/keyring/pubring.kbx b/test/data/keyring/pubring.kbx new file mode 100644 index 0000000..7171e11 Binary files /dev/null and b/test/data/keyring/pubring.kbx differ diff --git a/test/data/keyring/trustdb.gpg b/test/data/keyring/trustdb.gpg new file mode 100644 index 0000000..4b0a711 Binary files /dev/null and b/test/data/keyring/trustdb.gpg differ diff --git a/test/lib/testme.rb b/test/lib/testme.rb index f1c9da5..4ee3cd2 100644 --- a/test/lib/testme.rb +++ b/test/lib/testme.rb @@ -30,6 +30,10 @@ class Testme < Test::Unit::TestCase `git config --global --unset user.name` unless @git_config_name.nil? end + def setup_env + ENV['GNUPGHOME'] = data('keyring') + end + def priority_setup ENV['RELEASEME_SHUTUP'] = 'true' @tmpdir = Dir.mktmpdir("testme-#{self.class}") @@ -38,6 +42,7 @@ class Testme < Test::Unit::TestCase @pwdir = Dir.pwd Dir.chdir(@tmpdir) setup_git + setup_env end def priority_teardown diff --git a/test/test_archive_signer.rb b/test/test_archive_signer.rb new file mode 100644 index 0000000..7a3dbe2 --- /dev/null +++ b/test/test_archive_signer.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true +# +# Copyright (C) 2016 Harald Sitter <[email protected]> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License or (at your option) version 3 or any later version +# accepted by the membership of KDE e.V. (or its successor approved +# by the membership of KDE e.V.), which shall act as a proxy +# defined in Section 14 of version 3 of the license. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +require 'fileutils' + +require_relative 'lib/testme' +require_relative '../lib/archive_signer' +require_relative '../lib/xzarchive' + +class TestArchiveSigner < Testme + def test_sign + Dir.mkdir('wroom') + archive = XzArchive.new + archive.directory = 'wroom' + archive.create + assert_path_exist(archive.filename) + Dir.delete('wroom') + system("tar -xf #{archive.filename}") + assert_path_exist('wroom') + + signer = ArchiveSigner.new + signer.sign(archive) + assert_path_exist(signer.signature) + assert(system("gpg2 --verify #{signer.signature}")) + end +end diff --git a/test/test_release.rb b/test/test_release.rb index 8f69a4f..cbb2837 100644 --- a/test/test_release.rb +++ b/test/test_release.rb @@ -98,6 +98,7 @@ class TestRelease < Testme assert(!File.exist?("#{@dir}.tar.xz")) r.archive assert(File.exist?("#{@dir}.tar.xz")) + assert_path_exist("#{@dir}.tar.xz.sig") assert(File.exist?(@dir)) r.source.cleanup _______________________________________________ release-team mailing list [email protected] https://mail.kde.org/mailman/listinfo/release-team
