Changeset 6dc3cd9 for build.xml


Ignore:
Timestamp:
Nov 12, 2014 2:51:27 PM (6 years ago)
Author:
kytv <kytv@…>
Branches:
master
Children:
962f5ef
Parents:
f19ec4bd
Message:

build.xml: signing

  • move signing to ant macros so they can be used by multiple build targets
  • add support for signed devbuilds
  • add support for generating i2pseeds.su3 (for testing)
File:
1 edited

Legend:

Unmodified
Added
Removed
  • build.xml

    rf19ec4bd r6dc3cd9  
    2424        <echo message="  updater:   Package the built files in i2pupdate.zip (extracts safely over existing installs)" />
    2525        <echo message="  updater200: Updater compressed with pack200 (creates i2pupdate200.zip, 60% smaller)" />
     26        <echo message="  signed-updater200: Signed updater compressed with pack200 (creates i2pupdate.su3, 60% smaller)" />
    2627        <echo message="  updaterWithJavadoc: updater including the javadocs, for display in the console" />
    2728        <echo message="  updater200WithJavadoc: updater including the javadocs, for display in the console (creates i2pupdate200.zip)" />
     29        <echo message="  signed-updater200WithJavadoc: Signed updater including the javadocs, for display in the console (creates i2pupdate.su3)" />
    2830        <echo message="  updaterWithJavadocAndJetty: updater including the javadocs, for display in the console, and Jetty " />
    2931        <echo message="  updater200WithJavadocAndJetty: updater including the javadocs, for display in the console, and Jetty (creates i2pupdate200.zip)" />
     32        <echo message="  signed-updater200WithJavadocAndJetty: Signed updater including the javadocs, for display in the console, and Jetty (creates i2pupdate.su3)" />
    3033        <echo message="  updaterWithJetty: Updater including Jetty" />
    3134        <echo message="  updater200withJetty: Updater including Jetty" />
     35        <echo message="  updater200withJetty: Updater including Jetty" />
     36        <echo message="  signed-updater200withJetty: Signed updater including Jetty" />
    3237        <echo message="  updaterWithJettyFixes: updater including local jetty patches" />
    3338        <echo message="  updaterWithGeoIP: updater including GeoIP Files" />
     
    116121    </macrodef>
    117122
     123    <macrodef name="sudsign">
     124        <attribute name="infile" />
     125        <attribute name="outfile" />
     126        <sequential>
     127            <input message="Enter private signing key file:" addproperty="release.privkey" />
     128            <fail message="You must enter an existing file path." >
     129                <condition>
     130                    <or>
     131                        <equals arg1="${release.privkey}" arg2=""/>
     132                        <not>
     133                            <length file="${release.privkey}" when="greater" length="0" />
     134                        </not>
     135                    </or>
     136                </condition>
     137            </fail>
     138            <echo message="Key file is ${release.privkey}" />
     139            <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
     140                <classpath>
     141                    <pathelement location="build/i2p.jar" />
     142                </classpath>
     143                <arg value="sign" />
     144                <arg value="@{infile}" />
     145                <arg value="@{outfile}" />
     146                <arg value="${release.privkey}" />
     147                <arg value="${release.number}" />
     148            </java>
     149            <echo message="Verify version and VALID signature:" />
     150            <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
     151                <classpath>
     152                    <pathelement location="build/i2p.jar" />
     153                </classpath>
     154                <arg value="verifysig" />
     155                <arg value="@{outfile}" />
     156            </java>
     157            <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
     158                <classpath>
     159                    <pathelement location="build/i2p.jar" />
     160                </classpath>
     161                <arg value="verifyversion" />
     162                <arg value="@{outfile}" />
     163            </java>
     164            <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
     165                <classpath>
     166                    <pathelement location="build/i2p.jar" />
     167                </classpath>
     168                <arg value="showversion" />
     169                <arg value="@{outfile}" />
     170            </java>
     171        </sequential>
     172    </macrodef>
     173
     174    <macrodef name="su3sign">
     175        <attribute name="infile" />
     176        <attribute name="outfile" />
     177        <attribute name="sigtype" />
     178        <sequential>
     179        <input message="Enter su3 private signing key store:" addproperty="release.privkey.su3" />
     180        <fail message="You must enter an existing file path." >
     181            <condition>
     182                <or>
     183                    <equals arg1="${release.privkey.su3}" arg2=""/>
     184                    <not>
     185                        <length file="${release.privkey.su3}" when="greater" length="0" />
     186                    </not>
     187                </or>
     188            </condition>
     189        </fail>
     190        <input message="Enter key name (you@mail.i2p):" addproperty="release.signer.su3" />
     191        <fail message="You must enter a name." >
     192            <condition>
     193                <equals arg1="${release.signer.su3}" arg2=""/>
     194            </condition>
     195        </fail>
     196        <input message="Enter key password for ${release.signer.su3}:" addproperty="release.password.su3" />
     197        <fail message="You must enter a password." >
     198            <condition>
     199                <equals arg1="${release.password.su3}" arg2=""/>
     200            </condition>
     201        </fail>
     202            <java classname="net.i2p.crypto.SU3File" inputstring="${release.password.su3}" fork="true" failonerror="true">
     203                <classpath>
     204                    <pathelement location="build/i2p.jar" />
     205                </classpath>
     206                <arg value="sign" />
     207                <arg value="-c" />
     208                <arg value="@{sigtype}" />
     209                <arg value="-t" />
     210                <arg value="RSA_SHA512_4096" />
     211                <arg value="@{infile}" />
     212                <arg value="@{outfile}" />
     213                <arg value="${release.privkey.su3}" />
     214                <arg value="${release.number}" />
     215                <arg value="${release.signer.su3}" />
     216            </java>
     217            <echo message="Verify version and VALID signature:" />
     218            <java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
     219                <classpath>
     220                    <pathelement location="build/i2p.jar" />
     221                </classpath>
     222                <!-- set base dir so it can find the pubkey cert -->
     223                <jvmarg value="-Di2p.dir.base=installer/resources" />
     224                <arg value="verifysig" />
     225                <arg value="@{outfile}" />
     226            </java>
     227            <java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
     228                <classpath>
     229                    <pathelement location="build/i2p.jar" />
     230                </classpath>
     231                <!-- set base dir so it can find the pubkey cert -->
     232                <jvmarg value="-Di2p.dir.base=installer/resources" />
     233                <arg value="showversion" />
     234                <arg value="@{outfile}" />
     235            </java>
     236        </sequential>
     237    </macrodef>
    118238    <target name="dist" depends="pkg, javadoc" />
    119239    <target name="dist200" depends="pkg200, javadoc" />
     
    10701190
    10711191    <target name="prepRouterInfos" depends="buildrouter, buildTools" unless="no.bundle.routerInfos">
     1192        <delete dir="pkg-temp/netDb" />
    10721193        <mkdir dir="pkg-temp/netDb" />
    10731194        <java classname="net.i2p.router.networkdb.kademlia.BundleRouterInfos" fork="true" failonerror="true">
     
    10841205            <arg value="${bundle.routerInfos.count}" />
    10851206        </java>
     1207    </target>
     1208
     1209    <target name="-areRouterInfosEnabled">
     1210        <fail message="Option requires &quot;bundle.routerInfos&quot; to be configured. Please read &quot;build.properties&quot; for more info." >
     1211            <condition>
     1212                <isfalse value="${bundle.routerInfos}" />
     1213            </condition>
     1214        </fail>
     1215    </target>
     1216
     1217    <target name="i2pseeds" depends="-areRouterInfosEnabled, prepRouterInfos">
     1218        <delete file="i2pseeds.zip" />
     1219        <delete file="i2pseeds.su3" />
     1220        <zip destfile="i2pseeds.zip" basedir="pkg-temp/netDb" whenempty="fail" />
     1221        <su3sign infile="i2pseeds.zip" sigtype="RESEED" outfile="i2pseeds.su3" />
    10861222    </target>
    10871223
     
    11481284    <target name="updaterRouter" depends="prepupdateRouter, zipit" />
    11491285
    1150     <target name="zipit" depends="getReleaseNumber" >
     1286    <target name="-sign-update" depends="buildrouter">
     1287        <su3sign infile="i2pupdate200.zip" sigtype="ROUTER" outfile="i2pupdate.su3" />
     1288    </target>
     1289
     1290    <target name="signed-updater200" depends="updater200, -sign-update" />
     1291    <target name="signed-updater200WithJetty" depends="updater200WithJetty, -sign-update" />
     1292    <target name="signed-updater200WithJettyAndGeoIP" depends="updater200WithJettyAndGeoIP, -sign-update" />
     1293    <target name="signed-updater200WithJavadoc" depends="updater200WithJavadoc, -sign-update" />
     1294    <target name="signed-updater200WithJavadocAndJetty" depends="updater200WithJavadocAndJetty, -sign-update" />
     1295
     1296    <target name="zipit" depends="getReleaseNumber">
    11511297        <!--
    11521298             As of release 0.8.8, the router will enforce a zipfile comment equal to the
     
    16031749        <delete file="i2pupdate.su2" />
    16041750        <!-- make this a lot easier by putting release.privkey=/path/to/privkey in override.properties -->
    1605         <input message="Enter private signing key file:" addproperty="release.privkey" />
    1606         <fail message="You must enter an existing file path." >
    1607             <condition>
    1608                 <or>
    1609                     <equals arg1="${release.privkey}" arg2=""/>
    1610                     <not>
    1611                         <length file="${release.privkey}" when="greater" length="0" />
    1612                     </not>
    1613                 </or>
    1614             </condition>
    1615         </fail>
    1616         <echo message="Key file is ${release.privkey}" />
    1617         <!-- now build and verify the unpacked sud from the unpacked zip -->
    1618         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
    1619             <classpath>
    1620                 <pathelement location="build/i2p.jar" />
    1621             </classpath>
    1622             <arg value="sign" />
    1623             <arg value="i2pupdate.zip" />
    1624             <arg value="i2pupdate.sud" />
    1625             <arg value="${release.privkey}" />
    1626             <arg value="${release.number}" />
    1627         </java>
    1628         <echo message="Verify version and VALID signature:" />
    1629         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
    1630             <classpath>
    1631                 <pathelement location="build/i2p.jar" />
    1632             </classpath>
    1633             <arg value="verifysig" />
    1634             <arg value="i2pupdate.sud" />
    1635         </java>
    1636         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
    1637             <classpath>
    1638                 <pathelement location="build/i2p.jar" />
    1639             </classpath>
    1640             <arg value="verifyversion" />
    1641             <arg value="i2pupdate.sud" />
    1642         </java>
    1643         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
    1644             <classpath>
    1645                 <pathelement location="build/i2p.jar" />
    1646             </classpath>
    1647             <arg value="showversion" />
    1648             <arg value="i2pupdate.sud" />
    1649         </java>
     1751
     1752        <!-- now build and verify the packed sud from the packed zip -->
     1753        <sudsign infile="i2pupdate.zip" outfile="i2pupdate.sud" />
     1754
    16501755        <!-- now build and verify the packed su2 from the packed zip -->
    1651         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
    1652             <classpath>
    1653                 <pathelement location="build/i2p.jar" />
    1654             </classpath>
    1655             <arg value="sign" />
    1656             <arg value="i2pupdate200.zip" />
    1657             <arg value="i2pupdate.su2" />
    1658             <arg value="${release.privkey}" />
    1659             <arg value="${release.number}" />
    1660         </java>
    1661         <echo message="Verify version and VALID signature:" />
    1662         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
    1663             <classpath>
    1664                 <pathelement location="build/i2p.jar" />
    1665             </classpath>
    1666             <arg value="verifysig" />
    1667             <arg value="i2pupdate.su2" />
    1668         </java>
    1669         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
    1670             <classpath>
    1671                 <pathelement location="build/i2p.jar" />
    1672             </classpath>
    1673             <arg value="verifyversion" />
    1674             <arg value="i2pupdate.su2" />
    1675         </java>
    1676         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
    1677             <classpath>
    1678                 <pathelement location="build/i2p.jar" />
    1679             </classpath>
    1680             <arg value="showversion" />
    1681             <arg value="i2pupdate.su2" />
    1682         </java>
     1756        <sudsign infile="i2pupdate200.zip" outfile="i2pupdate.su2" />
    16831757        <!-- now build and verify the packed su3 from the packed zip -->
    1684         <input message="Enter su3 private signing key store:" addproperty="release.privkey.su3" />
    1685         <fail message="You must enter an existing file path." >
    1686             <condition>
    1687                 <or>
    1688                     <equals arg1="${release.privkey.su3}" arg2=""/>
    1689                     <not>
    1690                         <length file="${release.privkey.su3}" when="greater" length="0" />
    1691                     </not>
    1692                 </or>
    1693             </condition>
    1694         </fail>
    1695         <input message="Enter key name (you@mail.i2p):" addproperty="release.signer.su3" />
    1696         <fail message="You must enter a name." >
    1697             <condition>
    1698                 <equals arg1="${release.signer.su3}" arg2=""/>
    1699             </condition>
    1700         </fail>
    1701         <input message="Enter key password for ${release.signer.su3}:" addproperty="release.password.su3" />
    1702         <fail message="You must enter a password." >
    1703             <condition>
    1704                 <equals arg1="${release.password.su3}" arg2=""/>
    1705             </condition>
    1706         </fail>
    1707         <java classname="net.i2p.crypto.SU3File" inputstring="${release.password.su3}" fork="true" failonerror="true">
    1708             <classpath>
    1709                 <pathelement location="build/i2p.jar" />
    1710             </classpath>
    1711             <arg value="sign" />
    1712             <arg value="-c" />
    1713             <arg value="ROUTER" />
    1714             <arg value="-t" />
    1715             <arg value="RSA_SHA512_4096" />
    1716             <arg value="i2pupdate200.zip" />
    1717             <arg value="i2pupdate.su3" />
    1718             <arg value="${release.privkey.su3}" />
    1719             <arg value="${release.number}" />
    1720             <arg value="${release.signer.su3}" />
    1721         </java>
    1722         <echo message="Verify version and VALID signature:" />
    1723         <java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
    1724             <classpath>
    1725                 <pathelement location="build/i2p.jar" />
    1726             </classpath>
    1727             <!-- set base dir so it can find the pubkey cert -->
    1728             <jvmarg value="-Di2p.dir.base=installer/resources" />
    1729             <arg value="verifysig" />
    1730             <arg value="i2pupdate.su3" />
    1731         </java>
    1732         <java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
    1733             <classpath>
    1734                 <pathelement location="build/i2p.jar" />
    1735             </classpath>
    1736             <!-- set base dir so it can find the pubkey cert -->
    1737             <jvmarg value="-Di2p.dir.base=installer/resources" />
    1738             <arg value="showversion" />
    1739             <arg value="i2pupdate.su3" />
    1740         </java>
     1758        <su3sign infile="i2pupdate200.zip" sigtype="ROUTER" outfile="i2pupdate.su3" />
    17411759        <!-- this will use the monotonerc file in the current workspace -->
    17421760        <echo message="Checking out fresh copy into ../i2p-${release.number} for tarballing:" />
Note: See TracChangeset for help on using the changeset viewer.