addon/buildr/gpg.rb - buildr - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements. See the NOTICE file distributed with this
 # work for additional information regarding copyright ownership. The ASF
 # licenses this file to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations under
 # the License.

 module Buildr

   # Signs the packages using gpg and uploads signatures as part of the upload process.
   #
   # Require explicitly using <code>require "buildr/apg"</code>. This will result in all
   # packages being signed. The user must specify the GPG_USER environment key to identify
   # the key to use and may specify GPG_PASS if the key needs a password to access. e.g.
   #
   #  $ GPG_USER=user@example.com GPG_PASSWD=secret buildr clean upload
   #
   module GPG
     class << self

       def sign_task(pkg)
         raise "ENV['GPG_USER'] not specified" unless ENV['GPG_USER']
         asc_filename = pkg.to_s + '.asc'
         return if file(asc_filename).prerequisites.include?(pkg.to_s)
         file(asc_filename => [pkg.to_s]) do
           info "GPG signing #{pkg.to_spec}"

           cmd = []
           cmd << 'gpg'
           cmd << '--local-user'
           cmd << ENV['GPG_USER']
           cmd << '--armor'
           cmd << '--output'
           cmd << pkg.to_s + '.asc'
           if ENV['GPG_PASS']
             cmd << '--passphrase'
             cmd << ENV['GPG_PASS']
           end
           cmd << '--detach-sig'
           cmd << '--batch'
           cmd << '--yes'
           cmd << pkg
           trace(cmd.join(' '))
           `#{cmd.join(' ')}`
           raise "Unable to generate signature for #{pkg}" unless File.exist?(asc_filename)
         end
       end

       def sign_and_upload(project, pkg)
         project.task(:upload).enhance do
           artifact = Buildr.artifact(pkg.to_spec_hash.merge(:type => "#{pkg.type}.asc"))
           artifact.from(sign_task(pkg))
           artifact.invoke
           artifact.upload
         end
       end

       def sign_and_upload_all_packages(project)
         project.packages.each { |pkg| Buildr::GPG.sign_and_upload(project, pkg) }
         project.packages.select {|pkg| pkg.respond_to?(:pom) }.map { |pkg| pkg.pom }.compact.uniq.each { |pom| Buildr::GPG.sign_and_upload(project, pom) }
       end
     end

     module ProjectExtension
       include Extension

       attr_writer :gpg

       def gpg?
         @gpg.nil? ? true : !!@gpg
       end

       after_define do |project|
         Buildr::GPG.sign_and_upload_all_packages(project) if project.gpg?
       end
     end
   end
 end

 class Buildr::Project
   include Buildr::GPG::ProjectExtension
 end
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with this
	# work for additional information regarding copyright ownership. The ASF
	# licenses this file to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	# License for the specific language governing permissions and limitations under
	# the License.

	module Buildr

	# Signs the packages using gpg and uploads signatures as part of the upload process.
	#
	# Require explicitly using <code>require "buildr/apg"</code>. This will result in all
	# packages being signed. The user must specify the GPG_USER environment key to identify
	# the key to use and may specify GPG_PASS if the key needs a password to access. e.g.
	#
	# $ GPG_USER=user@example.com GPG_PASSWD=secret buildr clean upload
	#
	module GPG
	class << self

	def sign_task(pkg)
	raise "ENV['GPG_USER'] not specified" unless ENV['GPG_USER']
	asc_filename = pkg.to_s + '.asc'
	return if file(asc_filename).prerequisites.include?(pkg.to_s)
	file(asc_filename => [pkg.to_s]) do
	info "GPG signing #{pkg.to_spec}"

	cmd = []
	cmd << 'gpg'
	cmd << '--local-user'
	cmd << ENV['GPG_USER']
	cmd << '--armor'
	cmd << '--output'
	cmd << pkg.to_s + '.asc'
	if ENV['GPG_PASS']
	cmd << '--passphrase'
	cmd << ENV['GPG_PASS']
	end
	cmd << '--detach-sig'
	cmd << '--batch'
	cmd << '--yes'
	cmd << pkg
	trace(cmd.join(' '))
	`#{cmd.join(' ')}`
	raise "Unable to generate signature for #{pkg}" unless File.exist?(asc_filename)
	end
	end

	def sign_and_upload(project, pkg)
	project.task(:upload).enhance do
	artifact = Buildr.artifact(pkg.to_spec_hash.merge(:type => "#{pkg.type}.asc"))
	artifact.from(sign_task(pkg))
	artifact.invoke
	artifact.upload
	end
	end

	def sign_and_upload_all_packages(project)
	project.packages.each { \|pkg\| Buildr::GPG.sign_and_upload(project, pkg) }
	project.packages.select {\|pkg\| pkg.respond_to?(:pom) }.map { \|pkg\| pkg.pom }.compact.uniq.each { \|pom\| Buildr::GPG.sign_and_upload(project, pom) }
	end
	end

	module ProjectExtension
	include Extension

	attr_writer :gpg

	def gpg?
	@gpg.nil? ? true : !!@gpg
	end

	after_define do \|project\|
	Buildr::GPG.sign_and_upload_all_packages(project) if project.gpg?
	end
	end
	end
	end

	class Buildr::Project
	include Buildr::GPG::ProjectExtension
	end