Commit 900d4ba9 authored by Harald Sitter's avatar Harald Sitter
Browse files

implement signing of archives

all release archives are signed by default with the default key of the user
probably could use some improvements WRT specfiying which key to use etc

CCMAIL: release-team@kde.org
CCMAIL: jr@jriddell.org
parent b105f771
# frozen_string_literal: true
#
# Copyright (C) 2016 Harald Sitter <sitter@kde.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of
# the License or (at your option) version 3 or any later version
# accepted by the membership of KDE e.V. (or its successor approved
# by the membership of KDE e.V.), which shall act as a proxy
# defined in Section 14 of version 3 of the license.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class ArchiveSigner
attr_reader :signature
def initalize
@signature = nil
end
def sign(archive)
file = archive.filename
sigfile = "#{file}.sig"
system("gpg2 --armor --detach-sign -o #{sigfile} #{file}") || raise
@signature = File.absolute_path(sigfile)
end
end
......@@ -18,6 +18,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
require_relative 'archive_signer'
require_relative 'documentation'
require_relative 'l10n'
require_relative 'logable'
......@@ -89,5 +90,6 @@ class Release
source.clean(project.vcs)
@archive_.directory = source.target
@archive_.create
ArchiveSigner.new.sign(@archive_)
end
end
class RequirementChecker
COMPATIBLE_RUBIES = %w(2.1.0 2.2.0 2.3.0)
REQUIRED_BINARIES = %w(svn git tar xz msgfmt)
REQUIRED_BINARIES = %w(svn git tar xz msgfmt gpg2)
def initialize
@ruby_version = RUBY_VERSION
......
......@@ -30,6 +30,10 @@ class Testme < Test::Unit::TestCase
`git config --global --unset user.name` unless @git_config_name.nil?
end
def setup_env
ENV['GNUPGHOME'] = data('keyring')
end
def priority_setup
ENV['RELEASEME_SHUTUP'] = 'true'
@tmpdir = Dir.mktmpdir("testme-#{self.class}")
......@@ -38,6 +42,7 @@ class Testme < Test::Unit::TestCase
@pwdir = Dir.pwd
Dir.chdir(@tmpdir)
setup_git
setup_env
end
def priority_teardown
......
# frozen_string_literal: true
#
# Copyright (C) 2016 Harald Sitter <sitter@kde.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of
# the License or (at your option) version 3 or any later version
# accepted by the membership of KDE e.V. (or its successor approved
# by the membership of KDE e.V.), which shall act as a proxy
# defined in Section 14 of version 3 of the license.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
require 'fileutils'
require_relative 'lib/testme'
require_relative '../lib/archive_signer'
require_relative '../lib/xzarchive'
class TestArchiveSigner < Testme
def test_sign
Dir.mkdir('wroom')
archive = XzArchive.new
archive.directory = 'wroom'
archive.create
assert_path_exist(archive.filename)
Dir.delete('wroom')
system("tar -xf #{archive.filename}")
assert_path_exist('wroom')
signer = ArchiveSigner.new
signer.sign(archive)
assert_path_exist(signer.signature)
assert(system("gpg2 --verify #{signer.signature}"))
end
end
......@@ -98,6 +98,7 @@ class TestRelease < Testme
assert(!File.exist?("#{@dir}.tar.xz"))
r.archive
assert(File.exist?("#{@dir}.tar.xz"))
assert_path_exist("#{@dir}.tar.xz.sig")
assert(File.exist?(@dir))
r.source.cleanup
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment