diff options
author | ligi <ligi@ligi.de> | 2018-05-09 07:13:53 +0800 |
---|---|---|
committer | Felix Lange <fjl@users.noreply.github.com> | 2018-05-09 07:13:53 +0800 |
commit | eab6e5a317acf67409f82bc5c1f4d959413dfd47 (patch) | |
tree | 8ffb7cd4b55ff925ba77e82677ae31e208581fae | |
parent | c4a4613d9504db43a26a3c79dda8bf6be0d1237a (diff) | |
download | dexon-eab6e5a317acf67409f82bc5c1f4d959413dfd47.tar.gz dexon-eab6e5a317acf67409f82bc5c1f4d959413dfd47.tar.zst dexon-eab6e5a317acf67409f82bc5c1f4d959413dfd47.zip |
build: specify the key to use when invoking gpg:sign-and-deploy-file (#16696)
-rw-r--r-- | build/ci.go | 21 | ||||
-rw-r--r-- | internal/build/pgp.go | 12 |
2 files changed, 25 insertions, 8 deletions
diff --git a/build/ci.go b/build/ci.go index 204c20675..79dcc146c 100644 --- a/build/ci.go +++ b/build/ci.go @@ -755,14 +755,18 @@ func doAndroidArchive(cmdline []string) { os.Rename(archive, meta.Package+".aar") if *signer != "" && *deploy != "" { // Import the signing key into the local GPG instance - if b64key := os.Getenv(*signer); b64key != "" { - key, err := base64.StdEncoding.DecodeString(b64key) - if err != nil { - log.Fatalf("invalid base64 %s", *signer) - } - gpg := exec.Command("gpg", "--import") - gpg.Stdin = bytes.NewReader(key) - build.MustRun(gpg) + b64key := os.Getenv(*signer) + key, err := base64.StdEncoding.DecodeString(b64key) + if err != nil { + log.Fatalf("invalid base64 %s", *signer) + } + gpg := exec.Command("gpg", "--import") + gpg.Stdin = bytes.NewReader(key) + build.MustRun(gpg) + + keyID, err := build.PGPKeyID(string(key)) + if err != nil { + log.Fatal(err) } // Upload the artifacts to Sonatype and/or Maven Central repo := *deploy + "/service/local/staging/deploy/maven2" @@ -771,6 +775,7 @@ func doAndroidArchive(cmdline []string) { } build.MustRunCommand("mvn", "gpg:sign-and-deploy-file", "-e", "-X", "-settings=build/mvn.settings", "-Durl="+repo, "-DrepositoryId=ossrh", + "-Dgpg.keyname="+keyID, "-DpomFile="+meta.Package+".pom", "-Dfile="+meta.Package+".aar") } } diff --git a/internal/build/pgp.go b/internal/build/pgp.go index 79ab9c06f..c7d0d2339 100644 --- a/internal/build/pgp.go +++ b/internal/build/pgp.go @@ -57,3 +57,15 @@ func PGPSignFile(input string, output string, pgpkey string) error { // Generate the signature and return return openpgp.ArmoredDetachSign(out, keys[0], in, nil) } + +// PGPKeyID parses an armored key and returns the key ID. +func PGPKeyID(pgpkey string) (string, error) { + keys, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(pgpkey)) + if err != nil { + return "", err + } + if len(keys) != 1 { + return "", fmt.Errorf("key count mismatch: have %d, want %d", len(keys), 1) + } + return keys[0].PrimaryKey.KeyIdString(), nil +} |