Support gpg signatures for release artifacts in ant build

This commit is contained in:
Reinhard Pointner 2017-04-16 20:11:48 +08:00
parent b30e17f442
commit a400331148
3 changed files with 26 additions and 6 deletions

View File

@ -47,6 +47,19 @@
</macrodef>
<!-- sign with gpg macro -->
<macrodef name="gpg-sign">
<element name="filesets" implicit="yes" />
<sequential>
<apply executable="gpg">
<arg line="--verbose --batch --yes --local-user ${package.maintainer} --sign" />
<srcfile />
<filesets />
</apply>
</sequential>
</macrodef>
<target name="resolve" description="Retrieve dependencies with Apache Ivy">
<delete dir="${dir.lib}/ivy" />
<ivy:retrieve pattern="${dir.lib}/ivy/[type]/[artifact].[ext]" />
@ -648,7 +661,7 @@
<target name="portable" description="Build portable package" depends="revision">
<tar destfile="${dir.dist}/${release}-portable.tar.xz" compression="xz" longfile="posix" encoding="utf-8">
<tarfileset file="${path.fatjar}" fullpath="FileBot.jar" />
<tarfileset dir="${dir.installer}/portable" includes="*.exe, *.ini, *.cmd, *.pub" />
<tarfileset dir="${dir.installer}/portable" includes="*.exe, *.ini, *.cmd" />
<tarfileset dir="${dir.installer}/portable" includes="*.sh" filemode="755" />
<!-- include native libraries for all supported platforms -->
@ -656,6 +669,9 @@
<tarfileset prefix="lib/aarch64" dir="${dir.lib}/native/linux-armv8" includes="*.so" />
<tarfileset prefix="lib/i686" dir="${dir.lib}/native/linux-i686" includes="*.so" />
<tarfileset prefix="lib/x86_64" dir="${dir.lib}/native/linux-amd64" includes="*.so" />
<!-- include maintainer public key -->
<tarfileset dir="${dir.installer}/gpg" includes="maintainer.pub" />
</tar>
</target>
@ -968,9 +984,13 @@
<target name="deploy-beta-jar" depends="fatjar" description="Build and deploy the latest jar">
<xz src="${path.fatjar}" destfile="${path.fatjar}.xz" />
<scp file="${path.fatjar}.xz" remoteTofile="${deploy.release}/HEAD/filebot-r${revision}.jar.xz" trust="yes" verbose="true" sftp="true" keyfile="${deploy.keyfile}" />
<scp file="${path.fatjar}.xz" remoteTofile="${deploy.release}/HEAD/FileBot.jar.xz" trust="yes" verbose="true" sftp="true" keyfile="${deploy.keyfile}" />
<xz src="${path.fatjar}" destfile="${dir.release}/FileBot.jar.xz" />
<gpg-sign>
<fileset dir="${dir.release}" includes="*.jar.xz" />
</gpg-sign>
<scp todir="${deploy.release}/HEAD" trust="yes" verbose="true" sftp="true" keyfile="${deploy.keyfile}">
<fileset dir="${dir.release}" includes="*.jar.xz.gpg" />
</scp>
</target>

View File

@ -22,7 +22,7 @@ cd "$WORKING_DIR"
# update core application files
PACKAGE_NAME="FileBot.jar.xz.sig"
PACKAGE_NAME="FileBot.jar.xz.gpg"
PACKAGE_FILE="$APP_ROOT/$PACKAGE_NAME"
PACKAGE_URL="https://sourceforge.net/projects/filebot/files/filebot/HEAD/$PACKAGE_NAME"
@ -59,7 +59,7 @@ GPG_HOME="$APP_ROOT/data/.gpg"
JAR_XZ_FILE="$APP_ROOT/FileBot.jar.xz"
if [ ! -d "$GPG_HOME" ]; then
mkdir -p "$GPG_HOME" && chmod 700 "$GPG_HOME" && gpg --homedir "$GPG_HOME" --import "$APP_ROOT/filebot.pub"
mkdir -p "$GPG_HOME" && chmod 700 "$GPG_HOME" && gpg --homedir "$GPG_HOME" --import "$APP_ROOT/maintainer.pub"
fi
# verify signature and extract jar