You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@buildr.apache.org by do...@apache.org on 2012/12/16 02:06:59 UTC

svn commit: r1422445 - in /buildr/trunk: CHANGELOG addon/buildr/gpg.rb

Author: donaldp
Date: Sun Dec 16 01:06:58 2012
New Revision: 1422445

URL: http://svn.apache.org/viewvc?rev=1422445&view=rev
Log:
Create a 'buildr/gpg' addon that signs and uploads signatures when uploading artifacts. Inspired by a similar extension in apache-ode project by Tammo van Lessen.

Added:
    buildr/trunk/addon/buildr/gpg.rb   (with props)
Modified:
    buildr/trunk/CHANGELOG

Modified: buildr/trunk/CHANGELOG
URL: http://svn.apache.org/viewvc/buildr/trunk/CHANGELOG?rev=1422445&r1=1422444&r2=1422445&view=diff
==============================================================================
--- buildr/trunk/CHANGELOG (original)
+++ buildr/trunk/CHANGELOG Sun Dec 16 01:06:58 2012
@@ -1,4 +1,7 @@
 1.4.10 (Pending)
+* Added:  Create a 'buildr/gpg' addon that signs and uploads signatures
+          when uploading artifacts. Inspired by a similar extension in
+          the Apache ODE project by Tammo van Lessen.
 * Change: Updated dependency versions;
           - jruby-openssl (0.8.2)
           - atoulme-Antwrap (0.7.4)

Added: buildr/trunk/addon/buildr/gpg.rb
URL: http://svn.apache.org/viewvc/buildr/trunk/addon/buildr/gpg.rb?rev=1422445&view=auto
==============================================================================
--- buildr/trunk/addon/buildr/gpg.rb (added)
+++ buildr/trunk/addon/buildr/gpg.rb Sun Dec 16 01:06:58 2012
@@ -0,0 +1,78 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with this
+# work for additional information regarding copyright ownership. The ASF
+# licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+module Buildr
+
+  # Signs the packages using gpg and uploads signatures as part of the upload process.
+  #
+  # Require explicitly using <code>require "buildr/apg"</code>. This will result in all
+  # packages being signed. The user must specify the GPG_USER environment key to identify
+  # the key to use and may specify GPG_PASS if the key needs a password to access. e.g.
+  #
+  #  $ GPG_USER=user@example.com GPG_PASSWD=secret buildr clean upload
+  #
+  module GPG
+    class << self
+
+      def sign_task(pkg)
+        raise "ENV['GPG_USER'] not specified" unless ENV['GPG_USER']
+        asc_filename = pkg.to_s + '.asc'
+        file(asc_filename => [pkg.to_s]) do
+          info "GPG signing #{pkg.to_spec}"
+
+          cmd = []
+          cmd << 'gpg'
+          cmd << '--local-user'
+          cmd << ENV['GPG_USER']
+          cmd << '--armor'
+          cmd << '--output'
+          cmd << pkg.to_s + '.asc'
+          if ENV['GPG_PASS']
+            cmd << '--passphrase'
+            cmd << ENV['GPG_PASS']
+          end
+          cmd << '--detach-sig'
+          cmd << pkg
+          trace(cmd.join(' '))
+          `#{cmd.join(' ')}`
+          raise "Unable to generate signature for #{pkg}" unless File.exist?(asc_filename)
+        end
+      end
+
+      def sign_and_upload(project, pkg)
+        sign = sign_task(pkg)
+        project.task(:upload).enhance([sign.name]) do
+          artifact = Buildr.artifact(pkg.to_spec_hash.merge(:type => "#{pkg.type}.asc"))
+          artifact.from(sign)
+          artifact.invoke
+          artifact.upload
+        end
+      end
+    end
+
+    module ProjectExtension
+      include Extension
+
+      after_define do |project|
+        project.packages.each { |pkg| Buildr::GPG.sign_and_upload(project, pkg) }
+        project.packages.map { |pkg| pkg.pom }.uniq.each { |pom| Buildr::GPG.sign_and_upload(project, pom) }
+      end
+    end
+  end
+end
+
+class Buildr::Project
+  include Buildr::GPG::ProjectExtension
+end
\ No newline at end of file

Propchange: buildr/trunk/addon/buildr/gpg.rb
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: buildr/trunk/addon/buildr/gpg.rb
------------------------------------------------------------------------------
    svn:mime-type = text/x-ruby