From b87e5f9ae4239c694c56bd10736e7dcae2308cbf Mon Sep 17 00:00:00 2001 From: Jinbo Wang Date: Fri, 12 May 2023 11:09:40 +0800 Subject: [PATCH 1/2] Add a task to sign maven artifacts with gpg --- scripts/publishMaven.js | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/scripts/publishMaven.js b/scripts/publishMaven.js index 1f960766c..ab786c6d0 100644 --- a/scripts/publishMaven.js +++ b/scripts/publishMaven.js @@ -1,7 +1,8 @@ /** * Usage: - * node publishMaven.js -task [upload|promote] + * node publishMaven.js -task [gpg][upload|promote] * + * gpg: Sign artifacts with GPG. * upload: Upload artifacts to a nexus staging repo. * promote: Promote a repo to get it picked up by Maven Central. */ @@ -33,7 +34,9 @@ main(configs, artifactFolder); function main() { const argv = process.argv; const task = argv[argv.indexOf("-task") + 1]; - if (task === "upload") { + if (task === "gpg") { + pgpSign(configs, artifactFolder); + } else if (task === "upload") { uploadToStaging(configs, artifactFolder); } else if (task === "promote") { promoteToCentral(configs); @@ -43,6 +46,27 @@ function main() { } } +/** + * Task gpg: Sign artifacts with GPG. + * + * Required binaries: + * - gpg + * + * Required Environment Variables: + * - artifactFolder: folder containing *.jar/*.pom files. + * - GPGPASS: passphrase of GPG key. + */ +function pgpSign(configs, artifactFolder) { + const props = ["artifactFolder", "gpgpass" ]; + for (const prop of props) { + if (!configs[prop]) { + console.error(`${prop} is not set.`); + process.exit(1); + } + } + addChecksumsAndGpgSignature(configs, artifactFolder); +} + /** * Task upload: Upload artifacts to a nexus staging repo. * @@ -141,7 +165,7 @@ function addChecksumsAndGpgSignature(configs, artifactFolder) { fs.readdirSync(modulePath) .filter(name => name.endsWith(".md5") || name.endsWith(".sha1") || name.endsWith(".asc")) .forEach(name => fs.unlinkSync(path.join(modulePath, name))); - + const files = fs.readdirSync(modulePath); for (let file of files) { // calc md5. @@ -153,7 +177,7 @@ function addChecksumsAndGpgSignature(configs, artifactFolder) { const sha1 = childProcess.execSync(`sha1sum "${path.join(modulePath, file)}"`); const sha1Match = /([a-z0-9]{40})/.exec(sha1.toString()); fs.writeFileSync(path.join(modulePath, file + ".sha1"), sha1Match[0]); - + // gpg sign. childProcess.execSync(`gpg --batch --pinentry-mode loopback --passphrase "${configs.gpgpass}" -ab "${path.join(modulePath, file)}"`) } From a8eea3f718aeb468be5d357a1f0e612df27d2805 Mon Sep 17 00:00:00 2001 From: Jinbo Wang Date: Fri, 12 May 2023 11:20:26 +0800 Subject: [PATCH 2/2] fix typo --- scripts/publishMaven.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/publishMaven.js b/scripts/publishMaven.js index ab786c6d0..deb75fb8b 100644 --- a/scripts/publishMaven.js +++ b/scripts/publishMaven.js @@ -35,7 +35,7 @@ function main() { const argv = process.argv; const task = argv[argv.indexOf("-task") + 1]; if (task === "gpg") { - pgpSign(configs, artifactFolder); + gpgSign(configs, artifactFolder); } else if (task === "upload") { uploadToStaging(configs, artifactFolder); } else if (task === "promote") { @@ -56,7 +56,7 @@ function main() { * - artifactFolder: folder containing *.jar/*.pom files. * - GPGPASS: passphrase of GPG key. */ -function pgpSign(configs, artifactFolder) { +function gpgSign(configs, artifactFolder) { const props = ["artifactFolder", "gpgpass" ]; for (const prop of props) { if (!configs[prop]) {