NEW: Ivy can now generate OpenPGP compatible ASCII armored detached s…

…ignatures when publishing artifacts. git-svn-id: https://svn.apache.org/repos/asf/ant/ivy/core/trunk@991108 13f79535-47bb-0310-9956-ffa450edef68
apache · Aug 31, 2010 · a53e942 · a53e942
1 parent 0cd41d8
commit a53e942
Show file tree

Hide file tree

Showing 15 changed files with 304 additions and 30 deletions.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -115,6 +115,7 @@ for detailed view of each issue, please consult http://issues.apache.org/jira/br
 - DOCUMENTATION: Grammar, spelling, and clarity of Settings File documentation (IVY-1216) (thanks to Steve Miller)
 - DOCUMENTATION: Grammar, spelling, and clarity of Tutorial documentation (IVY-1222) (thanks to Steve Miller)
 
+- NEW: Ivy can now generate OpenPGP compatible ASCII armored detached signatures when publishing artifacts.
 
 - IMPROVEMENT: the <artifact> child of ivy:publish now accepts any attribute
 - IMPROVEMENT: Handle attributes in description subelements (IVY-1214) (thanks to Jean-Louis Boudart)

diff --git a/README b/README
@@ -53,9 +53,11 @@ code and source code.
 The following provides more details on the included cryptographic
 software:
 
-For the Ivy ssh resolver requires the JSch 
-<http://www.jcraft.com/jsch/index.html> library. 
+The Ivy ssh resolver requires the JSch library
+<http://www.jcraft.com/jsch/index.html>. 
 The sftp and https resolvers requires the Java Cryptography extensions
 <http://java.sun.com/javase/technologies/security/>.
+The PGP signature generator requires the BouncyCastle Java cryptography APIs
+<http://www.bouncycastle.org/java.html>.
 
 
diff --git a/build-release.xml b/build-release.xml
@@ -18,6 +18,7 @@
 -->
 <project name="IvyRelease" default="snapshot" 
 		xmlns:ivy="antlib:org.apache.ivy.ant"
+        xmlns:ivy2="antlib:org.apache.ivy.ant_2"
 		xmlns:xooki="antlib:xooki"
 		xmlns:openpgp="antlib:org.apache.commons.openpgp.ant">
 	<import file="build.xml"/>
@@ -471,10 +472,20 @@
         </fail>
     </target>	
 
-    <target name="upload-nexus" depends="release-version, init-ivy">
-        <ivy:settings id="upload.settingsId" file="ivysettings-release.xml" />
-        <ivy:resolve file="${basedir}/build/artifact/ivy.xml" transitive="false" />
-        <ivy:publish organisation="org.apache.ivy"
+    <target name="upload-nexus" depends="release-version, init-ivy, jar">
+        <ivy:retrieve conf="default" pattern="${build.dir}/lib/[artifact]-[revision].[ext]" />
+
+        <taskdef resource="org/apache/ivy/ant/antlib.xml"
+                uri="antlib:org.apache.ivy.ant_2">
+            <classpath>
+                <fileset dir="${artifacts.build.dir}/jars" includes="${final.name}" />
+                <fileset dir="${build.dir}/lib" excludes="ant-*.jar" />
+            </classpath>
+        </taskdef>
+
+        <ivy2:settings id="upload.settingsId" file="ivysettings-release.xml" />
+        <ivy2:resolve file="${basedir}/build/artifact/ivy.xml" transitive="false" />
+        <ivy2:publish organisation="org.apache.ivy"
                      module="ivy"
                      revision="${build.version}"
                      srcivypattern="${basedir}/build/artifact/ivy.xml"
@@ -487,25 +498,7 @@
             <artifact name="ivy" ext="pom" type="ivy" />
             <artifact name="ivy" ext="jar" type="sources" classifier="sources" />
             <artifact name="ivy" ext="jar" type="javadoc" classifier="javadoc" />
-
-            <!-- The PGP signatures -->
-            <artifact name="ivy" ext="pom.asc" type="asc" />
-            <artifact name="ivy" ext="jar.asc" type="asc" />
-            <artifact name="ivy" ext="jar.asc" type="asc" classifier="sources" />
-            <artifact name="ivy" ext="jar.asc" type="asc" classifier="javadoc" />
-
-            <!-- The SHA1 checksums -->
-            <artifact name="ivy" ext="pom.sha1" type="sha1" />
-            <artifact name="ivy" ext="jar.sha1" type="sha1" />
-            <artifact name="ivy" ext="jar.sha1" type="sha1" classifier="sources" />
-            <artifact name="ivy" ext="jar.sha1" type="sha1" classifier="javadoc" />
-
-            <!-- The MD5 checksums -->
-            <artifact name="ivy" ext="pom.md5" type="md5" />
-            <artifact name="ivy" ext="jar.md5" type="md5" />
-            <artifact name="ivy" ext="jar.md5" type="md5" classifier="sources" />
-            <artifact name="ivy" ext="jar.md5" type="md5" classifier="javadoc" />
-        </ivy:publish>
+        </ivy2:publish>
     </target>
 
 	<target name="prepare-snapshot" 

diff --git a/doc/settings/resolvers.html b/doc/settings/resolvers.html
@@ -169,6 +169,11 @@ <h2>Attributes</h2>
         <td>No</td>
         <td>Yes</td>
     </tr>
+    <tr><td>signer</td><td>The name of the [[settings/signers detached signature generator]] to use when publishing artifacts. <span class="since">(since 2.2)</span></td>
+        <td>No, by default published artifacts will not get signed by Ivy.</td>
+        <td>No</td>
+        <td>Yes</td>
+    </tr>
 </tbody>
 </table>
 

diff --git a/doc/toc.json b/doc/toc.json
@@ -192,6 +192,13 @@
 
                             ]
                         },
+                        {
+                          "id":"settings/signers",
+                          "title":"signers",
+                          "children": [
+
+                            ]
+                        },
                         {
                           "id":"settings/lock-strategies",
                           "title":"lock-strategies",

diff --git a/ivy.xml b/ivy.xml
@@ -50,6 +50,7 @@
 		<dependency org="oro" name="oro" rev="2.0.8" conf="default,oro->default"/>
 		<dependency org="commons-vfs" name="commons-vfs" rev="1.0" conf="default,vfs->default" />
 		<dependency org="com.jcraft" name="jsch" rev="0.1.31" conf="default,sftp->default" />
+		<dependency org="org.bouncycastle" name="bcpg-jdk14" rev="1.45" conf="default" />
 
 		<!-- Test dependencies -->
 		<dependency org="junit" name="junit" rev="3.8.2" conf="test->default" />

diff --git a/ivysettings-release.xml b/ivysettings-release.xml
@@ -17,16 +17,21 @@
    under the License.    
 -->
 <ivysettings>
-    <property name="upload.url" value="https://repository.apache.org/service/local/staging/deploy/maven2"/>
+    <property name="upload.url" value="https://repository.apache.org/service/local/staging/deploy/maven2" />
+    <property name="pgp.keyId" value="auto" override="false" />
     <credentials host="repository.apache.org" realm="Sonatype Nexus Repository Manager" username="${upload.user}" passwd="${upload.password}"/>
+
+    <signers>
+        <pgp name="apache-sig" secring="${user.home}/.gnupg/secring.gpg" password="${pgp.password}" keyId="${pgp.keyId}"/>
+    </signers>
 
     <settings defaultResolver="default" />
     <resolvers>
         <chain name="default">
             <ibiblio name="public" m2compatible="true" />
             <ibiblio name="snapshot" m2compatible="true" root="http://people.apache.org/repo/m2-snapshot-repository" />
         </chain>
-        <url name="nexus" m2compatible="true" checksums="">
+        <url name="nexus" m2compatible="true" signer="apache-sig">
           <artifact pattern="${upload.url}/[organisation]/[module]/[revision]/[artifact]-[revision](-[classifier]).[ext]" />
         </url>
     </resolvers>

diff --git a/optional.patterns b/optional.patterns
@@ -30,6 +30,7 @@ org/apache/ivy/plugins/resolver/SshResolver.java
 org/apache/ivy/plugins/resolver/VfsResolver.java
 org/apache/ivy/plugins/resolver/VsftpResolver.java
 org/apache/ivy/plugins/resolver/packager/*.java
+org/apache/ivy/plugins/signer/bouncycastle/**/*.java
 org/apache/ivy/util/url/HttpClientHandler.java
 
 #This section defines the resources to copy for ivy-optional.jar

diff --git a/src/java/org/apache/ivy/core/settings/IvySettings.java b/src/java/org/apache/ivy/core/settings/IvySettings.java
@@ -92,6 +92,7 @@
 import org.apache.ivy.plugins.resolver.DependencyResolver;
 import org.apache.ivy.plugins.resolver.DualResolver;
 import org.apache.ivy.plugins.resolver.ResolverSettings;
+import org.apache.ivy.plugins.signer.SignatureGenerator;
 import org.apache.ivy.plugins.trigger.Trigger;
 import org.apache.ivy.plugins.version.ChainVersionMatcher;
 import org.apache.ivy.plugins.version.ExactVersionMatcher;
@@ -155,6 +156,9 @@ public class IvySettings implements SortEngineSettings, PublishEngineSettings, P
 
     // Map (String name -> RepositoryCacheManager)
     private Map repositoryCacheManagers = new HashMap(); 
+
+    // Map (String name -> SignatureGenerator)
+    private Map signatureGenerators = new HashMap();
 
     // List (Trigger)
     private List triggers = new ArrayList(); 
@@ -684,6 +688,19 @@ public void addConfigured(DependencyResolver resolver) {
     public void addConfigured(ModuleDescriptorParser parser) {
         ModuleDescriptorParserRegistry.getInstance().addParser(parser);
     }
+
+    public void addConfigured(SignatureGenerator generator) {
+        addSignatureGenerator(generator);
+    }
+
+    public void addSignatureGenerator(SignatureGenerator generator) {
+        init(generator);
+        signatureGenerators.put(generator.getName(), generator);
+    }
+
+    public SignatureGenerator getSignatureGenerator(String name) {
+        return (SignatureGenerator) signatureGenerators.get(name);
+    }
 
     public void addResolver(DependencyResolver resolver) {
         if (resolver == null) {

diff --git a/src/java/org/apache/ivy/core/settings/XmlSettingsParser.java b/src/java/org/apache/ivy/core/settings/XmlSettingsParser.java
@@ -107,7 +107,7 @@ public Object clone() {
     private List configuratorTags = Arrays.asList(new String[] {"resolvers", "namespaces",
             "parsers", "latest-strategies", "conflict-managers", "outputters", "version-matchers",
             "statuses", "circular-dependency-strategies", "triggers", "lock-strategies",
-            "caches"});
+            "caches", "signers"});
 
     private IvySettings ivy;
 

diff --git a/src/java/org/apache/ivy/core/settings/typedef.properties b/src/java/org/apache/ivy/core/settings/typedef.properties
@@ -54,4 +54,6 @@ ant-build		= org.apache.ivy.ant.AntBuildTrigger
 ant-call		= org.apache.ivy.ant.AntCallTrigger
 log		        = org.apache.ivy.plugins.trigger.LogTrigger
 
-cache			= org.apache.ivy.core.cache.DefaultRepositoryCacheManager
+cache			= org.apache.ivy.core.cache.DefaultRepositoryCacheManager
+
+pgp             = org.apache.ivy.plugins.signer.bouncycastle.OpenPGPSignatureGenerator
diff --git a/src/java/org/apache/ivy/plugins/resolver/RepositoryResolver.java b/src/java/org/apache/ivy/plugins/resolver/RepositoryResolver.java
@@ -45,6 +45,7 @@
 import org.apache.ivy.plugins.resolver.util.ResolvedResource;
 import org.apache.ivy.plugins.resolver.util.ResolverHelper;
 import org.apache.ivy.plugins.resolver.util.ResourceMDParser;
+import org.apache.ivy.plugins.signer.SignatureGenerator;
 import org.apache.ivy.plugins.version.VersionMatcher;
 import org.apache.ivy.util.ChecksumHelper;
 import org.apache.ivy.util.FileUtil;
@@ -58,6 +59,8 @@ public class RepositoryResolver extends AbstractPatternsBasedResolver {
     private Repository repository;
 
     private Boolean alwaysCheckExactRevision = null;
+
+    private String signerName = null;
 
     public RepositoryResolver() {
     }
@@ -76,6 +79,10 @@ public void setName(String name) {
             ((AbstractRepository) repository).setName(name);
         }
     }
+
+    public void setSigner(String signerName) {
+        this.signerName = signerName;
+    }
 
     protected ResolvedResource findResourceUsingPattern(ModuleRevisionId mrid, String pattern,
             Artifact artifact, ResourceMDParser rmdparser, Date date) {
@@ -223,11 +230,15 @@ protected void put(Artifact artifact, File src, String dest, boolean overwrite)
                 throw new IllegalArgumentException("Unknown checksum algorithm: " + checksums[i]);
             }
         }
-        
+
         repository.put(artifact, src, dest, overwrite);
         for (int i = 0; i < checksums.length; i++) {
             putChecksum(artifact, src, dest, overwrite, checksums[i]);
         }
+
+        if (signerName != null) {
+            putSignature(artifact, src, dest, overwrite);
+        }
     }
 
     protected void putChecksum(Artifact artifact, File src, String dest, boolean overwrite,
@@ -243,6 +254,25 @@ protected void putChecksum(Artifact artifact, File src, String dest, boolean ove
         }
     }
 
+    protected void putSignature(Artifact artifact, File src, String dest, boolean overwrite) throws IOException {
+        SignatureGenerator gen = getSettings().getSignatureGenerator(signerName);
+        if (gen == null) {
+            throw new IllegalArgumentException("Couldn't sign the artifacts! " +
+                    "Unknown signer name: '" + signerName + "'");
+        }
+
+        File tempFile = File.createTempFile("ivytemp", gen.getExtension());
+
+        try {
+            gen.sign(src, tempFile);
+            repository.put(DefaultArtifact.cloneWithAnotherTypeAndExt(artifact, 
+                    gen.getExtension(), artifact.getExt() + "." + gen.getExtension()), 
+                    tempFile, dest + "." + gen.getExtension(), overwrite);
+        } finally {
+            tempFile.delete();
+        }
+    }
+
     public DownloadReport download(Artifact[] artifacts, DownloadOptions options) {
         EventManager eventManager = getEventManager();
         try {

diff --git a/src/java/org/apache/ivy/plugins/resolver/ResolverSettings.java b/src/java/org/apache/ivy/plugins/resolver/ResolverSettings.java
@@ -24,6 +24,7 @@
 import org.apache.ivy.plugins.latest.LatestStrategy;
 import org.apache.ivy.plugins.namespace.Namespace;
 import org.apache.ivy.plugins.parser.ParserSettings;
+import org.apache.ivy.plugins.signer.SignatureGenerator;
 import org.apache.ivy.plugins.version.VersionMatcher;
 
 public interface ResolverSettings extends ParserSettings {
@@ -51,5 +52,7 @@ public interface ResolverSettings extends ParserSettings {
     String getResolveMode(ModuleId moduleId);
 
     void filterIgnore(Collection names);
+
+    SignatureGenerator getSignatureGenerator(String name);
 
 }
diff --git a/src/java/org/apache/ivy/plugins/signer/SignatureGenerator.java b/src/java/org/apache/ivy/plugins/signer/SignatureGenerator.java
@@ -0,0 +1,31 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+package org.apache.ivy.plugins.signer;
+
+import java.io.File;
+import java.io.IOException;
+
+public interface SignatureGenerator {
+
+    String getName();
+
+    void sign(File src, File dest) throws IOException;
+
+    String getExtension();
+
+}