use of org.jreleaser.model.Signing in project jreleaser by jreleaser.
the class Signer method collectArtifacts.
private static List<FilePair> collectArtifacts(JReleaserContext context, boolean forceSign, Function<FilePair, Boolean> validator) {
List<FilePair> files = new ArrayList<>();
Signing signing = context.getModel().getSigning();
Path signaturesDirectory = context.getSignaturesDirectory();
String extension = ".sig";
if (signing.getMode() != Signing.Mode.COSIGN) {
extension = signing.isArmored() ? ".asc" : ".sig";
}
if (signing.isFiles()) {
for (Artifact artifact : Artifacts.resolveFiles(context)) {
if (!artifact.isActive() || artifact.extraPropertyIsTrue(KEY_SKIP_SIGNING))
continue;
Path input = artifact.getEffectivePath(context);
Path output = signaturesDirectory.resolve(input.getFileName().toString().concat(extension));
FilePair pair = new FilePair(input, output);
if (!forceSign)
pair.setValid(validator.apply(pair));
files.add(pair);
}
}
if (signing.isArtifacts()) {
for (Distribution distribution : context.getModel().getActiveDistributions()) {
if (distribution.extraPropertyIsTrue(KEY_SKIP_SIGNING))
continue;
for (Artifact artifact : distribution.getArtifacts()) {
if (!artifact.isActive() || artifact.extraPropertyIsTrue(KEY_SKIP_SIGNING))
continue;
Path input = artifact.getEffectivePath(context, distribution);
Path output = signaturesDirectory.resolve(input.getFileName().toString().concat(extension));
FilePair pair = new FilePair(input, output);
if (!forceSign)
pair.setValid(validator.apply(pair));
files.add(pair);
}
}
}
if (signing.isChecksums()) {
for (Algorithm algorithm : context.getModel().getChecksum().getAlgorithms()) {
Path checksums = context.getChecksumsDirectory().resolve(context.getModel().getChecksum().getResolvedName(context, algorithm));
if (Files.exists(checksums)) {
Path output = signaturesDirectory.resolve(checksums.getFileName().toString().concat(extension));
FilePair pair = new FilePair(checksums, output);
if (!forceSign)
pair.setValid(validator.apply(pair));
files.add(pair);
}
}
}
return files;
}
use of org.jreleaser.model.Signing in project jreleaser by jreleaser.
the class AbstractReleaserBuilder method configureWith.
@Override
public ReleaserBuilder<R> configureWith(JReleaserContext context) {
this.context = context;
GitService service = context.getModel().getRelease().getGitService();
if (!service.resolveUploadAssetsEnabled(context.getModel().getProject())) {
return this;
}
List<Asset> assets = new ArrayList<>();
Checksum checksum = context.getModel().getChecksum();
if (service.isFiles()) {
for (Artifact artifact : Artifacts.resolveFiles(context)) {
if (!artifact.isActive() || artifact.extraPropertyIsTrue(KEY_SKIP_RELEASE))
continue;
Path path = artifact.getEffectivePath(context);
assets.add(Asset.file(Artifact.of(path, artifact.getExtraProperties())));
if (service.isChecksums() && isIndividual(context, artifact) && !artifact.extraPropertyIsTrue(KEY_SKIP_CHECKSUM)) {
for (Algorithm algorithm : checksum.getAlgorithms()) {
assets.add(Asset.checksum(Artifact.of(context.getChecksumsDirectory().resolve(path.getFileName() + "." + algorithm.formatted()))));
}
}
}
}
if (service.isArtifacts()) {
for (Distribution distribution : context.getModel().getActiveDistributions()) {
if (distribution.extraPropertyIsTrue(KEY_SKIP_RELEASE)) {
continue;
}
for (Artifact artifact : distribution.getArtifacts()) {
if (!artifact.isActive() || artifact.extraPropertyIsTrue(KEY_SKIP_RELEASE))
continue;
Path path = artifact.getEffectivePath(context, distribution);
assets.add(Asset.file(Artifact.of(path, artifact.getExtraProperties()), distribution));
if (service.isChecksums() && isIndividual(context, distribution, artifact)) {
for (Algorithm algorithm : checksum.getAlgorithms()) {
assets.add(Asset.checksum(Artifact.of(context.getChecksumsDirectory().resolve(distribution.getName()).resolve(path.getFileName() + "." + algorithm.formatted()))));
}
}
}
}
}
if (service.isChecksums()) {
for (Algorithm algorithm : checksum.getAlgorithms()) {
Path checksums = context.getChecksumsDirectory().resolve(checksum.getResolvedName(context, algorithm));
if (Files.exists(checksums)) {
assets.add(Asset.checksum(Artifact.of(checksums)));
}
}
}
Signing signing = context.getModel().getSigning();
if (signing.isEnabled() && service.isSignatures()) {
boolean signaturesAdded = false;
List<Asset> assetsCopy = new ArrayList<>(assets);
for (Asset asset : assetsCopy) {
if (asset.getArtifact().extraPropertyIsTrue(KEY_SKIP_SIGNING) || asset.getArtifact().extraPropertyIsTrue(KEY_SKIP_RELEASE_SIGNATURES))
continue;
Path signature = context.getSignaturesDirectory().resolve(asset.getFilename() + (signing.getSignatureExtension()));
if (Files.exists(signature)) {
assets.add(Asset.signature(Artifact.of(signature)));
signaturesAdded = true;
}
}
if (signaturesAdded && signing.getMode() == Signing.Mode.COSIGN) {
Path publicKeyFile = signing.getCosign().getResolvedPublicKeyFilePath(context);
assets.add(Asset.signature(Artifact.of(publicKeyFile)));
}
}
assets.forEach(this::addReleaseAsset);
return this;
}
use of org.jreleaser.model.Signing in project jreleaser by jreleaser.
the class SigningValidator method validateSigning.
public static void validateSigning(JReleaserContext context, JReleaserContext.Mode mode, Errors errors) {
if (!mode.validateConfig()) {
return;
}
context.getLogger().debug("signing");
Signing signing = context.getModel().getSigning();
if (!signing.resolveEnabled(context.getModel().getProject()))
return;
if (!signing.isArmoredSet()) {
signing.setArmored(true);
}
boolean cosign = signing.resolveMode() == Signing.Mode.COSIGN;
signing.setPassphrase(checkProperty(context, cosign ? COSIGN_PASSWORD : GPG_PASSPHRASE, "signing.passphrase", signing.getPassphrase(), errors, context.isDryrun()));
if (signing.resolveMode() == Signing.Mode.COMMAND) {
signing.getCommand().setExecutable(checkProperty(context, GPG_EXECUTABLE, "signing.command.executable", signing.getCommand().getExecutable(), "gpg" + (PlatformUtils.isWindows() ? ".exe" : "")));
signing.getCommand().setHomeDir(checkProperty(context, GPG_HOMEDIR, "signing.command.homeDir", signing.getCommand().getHomeDir(), ""));
signing.getCommand().setKeyName(checkProperty(context, GPG_KEYNAME, "signing.command.keyName", signing.getCommand().getKeyName(), ""));
signing.getCommand().setPublicKeyring(checkProperty(context, GPG_PUBLIC_KEYRING, "signing.command.publicKeyRing", signing.getCommand().getPublicKeyring(), ""));
} else if (signing.resolveMode() == Signing.Mode.COSIGN) {
if (isBlank(signing.getCosign().getVersion())) {
errors.configuration(RB.$("validation_is_missing", "signing.cosign.version"));
}
signing.getCosign().setPrivateKeyFile(checkProperty(context, COSIGN_PRIVATE_KEY, "signing.cosign.privateKeyFile", signing.getCosign().getPrivateKeyFile(), ""));
signing.getCosign().setPublicKeyFile(checkProperty(context, COSIGN_PUBLIC_KEY, "signing.cosign.publicKeyFile", signing.getCosign().getPublicKeyFile(), ""));
} else {
signing.setPublicKey(checkProperty(context, GPG_PUBLIC_KEY, "signing.publicKey", signing.getPublicKey(), errors, context.isDryrun()));
signing.setSecretKey(checkProperty(context, GPG_SECRET_KEY, "signing.secretKey", signing.getSecretKey(), errors, context.isDryrun()));
}
}
use of org.jreleaser.model.Signing in project jreleaser by jreleaser.
the class AbstractArtifactUploader method collectArtifacts.
protected List<Artifact> collectArtifacts() {
List<Artifact> artifacts = new ArrayList<>();
List<String> keys = getUploader().resolveSkipKeys();
Checksum checksum = context.getModel().getChecksum();
boolean uploadChecksums = getUploader().isChecksums() && !(getUploader() instanceof Artifactory);
if (getUploader().isFiles()) {
for (Artifact artifact : Artifacts.resolveFiles(context)) {
if (!artifact.isActive())
continue;
Path path = artifact.getEffectivePath(context);
if (isSkip(artifact, keys))
continue;
if (Files.exists(path) && 0 != path.toFile().length()) {
artifacts.add(artifact);
if (uploadChecksums && isIndividual(context, artifact) && !artifact.extraPropertyIsTrue(KEY_SKIP_CHECKSUM)) {
for (Algorithm algorithm : checksum.getAlgorithms()) {
artifacts.add(Artifact.of(context.getChecksumsDirectory().resolve(path.getFileName() + "." + algorithm.formatted())));
}
}
}
}
}
if (getUploader().isArtifacts()) {
for (Distribution distribution : context.getModel().getActiveDistributions()) {
if (isSkip(distribution, keys))
continue;
for (Artifact artifact : distribution.getArtifacts()) {
if (!artifact.isActive())
continue;
Path path = artifact.getEffectivePath(context, distribution);
if (isSkip(artifact, keys))
continue;
if (Files.exists(path) && 0 != path.toFile().length()) {
String platform = artifact.getPlatform();
String platformReplaced = distribution.getPlatform().applyReplacements(platform);
if (isNotBlank(platformReplaced)) {
artifact.getExtraProperties().put("platformReplaced", platformReplaced);
}
artifacts.add(artifact);
if (uploadChecksums && isIndividual(context, distribution, artifact)) {
for (Algorithm algorithm : checksum.getAlgorithms()) {
artifacts.add(Artifact.of(context.getChecksumsDirectory().resolve(distribution.getName()).resolve(path.getFileName() + "." + algorithm.formatted())));
}
}
}
}
}
}
if (uploadChecksums) {
for (Algorithm algorithm : checksum.getAlgorithms()) {
Path checksums = context.getChecksumsDirectory().resolve(checksum.getResolvedName(context, algorithm));
if (Files.exists(checksums)) {
artifacts.add(Artifact.of(checksums));
}
}
}
Signing signing = context.getModel().getSigning();
if (getUploader().isSignatures() && signing.isEnabled()) {
String extension = signing.getSignatureExtension();
List<Artifact> signatures = new ArrayList<>();
for (Artifact artifact : artifacts) {
if (artifact.extraPropertyIsTrue(KEY_SKIP_SIGNING))
continue;
Path signaturePath = context.getSignaturesDirectory().resolve(artifact.getEffectivePath(context).getFileName() + extension);
if (Files.exists(signaturePath) && 0 != signaturePath.toFile().length()) {
signatures.add(Artifact.of(signaturePath, artifact.getExtraProperties()));
}
}
if (!signatures.isEmpty() && signing.getMode() == Signing.Mode.COSIGN) {
Path publicKeyFile = signing.getCosign().getResolvedPublicKeyFilePath(context);
signatures.add(Artifact.of(publicKeyFile));
}
artifacts.addAll(signatures);
}
return artifacts;
}
use of org.jreleaser.model.Signing in project jreleaser by jreleaser.
the class Signer method cosignSign.
private static void cosignSign(JReleaserContext context) throws SigningException {
Signing signing = context.getModel().getSigning();
Cosign cosign = new Cosign(context, signing.getCosign().getVersion());
try {
if (!cosign.setup()) {
context.getLogger().warn(RB.$("tool_unavailable", "cosign"));
return;
}
} catch (ToolException e) {
throw new SigningException(e.getMessage(), e);
}
String privateKey = signing.getCosign().getResolvedPrivateKeyFile();
String publicKey = signing.getCosign().getResolvedPublicKeyFile();
Path privateKeyFile = isNotBlank(privateKey) ? context.getBasedir().resolve(privateKey) : null;
Path publicKeyFile = isNotBlank(publicKey) ? context.getBasedir().resolve(publicKey) : null;
byte[] password = (signing.getResolvedCosignPassword() + System.lineSeparator()).getBytes();
boolean forceSign = false;
if (null == privateKeyFile) {
privateKeyFile = signing.getCosign().getResolvedPrivateKeyFilePath(context);
publicKeyFile = privateKeyFile.resolveSibling("cosign.pub");
if (!Files.exists(privateKeyFile)) {
privateKeyFile = cosign.generateKeyPair(password);
forceSign = true;
}
}
Path thePublicKeyFile = publicKeyFile;
List<FilePair> files = collectArtifacts(context, forceSign, pair -> isValid(context, cosign, thePublicKeyFile, pair));
if (files.isEmpty()) {
context.getLogger().info(RB.$("signing.no.match"));
return;
}
files = files.stream().filter(FilePair::isInvalid).collect(Collectors.toList());
if (files.isEmpty()) {
context.getLogger().info(RB.$("signing.up.to.date"));
return;
}
if (!cosign.checkPassword(privateKeyFile, password)) {
context.getLogger().warn(RB.$("WARN_cosign_password_does_not_match", "cosign"));
return;
}
sign(context, files, cosign, privateKeyFile, password);
verify(context, files, cosign, publicKeyFile);
}
Aggregations