zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

build.xml: signing

Browse Source 
- move signing to ant macros so they can be used by multiple build targets
- add support for signed devbuilds
- add support for generating i2pseeds.su3 (for testing)
This commit is contained in:
kytv
2014-11-12 14:51:27 +00:00
parent f19ec4bd44
commit 6dc3cd9650
1 changed files with 153 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

288
build.xml
View File

@@ -23,12 +23,17 @@
<echo message=" tarball: tar the full install into i2p.tar.bz2 (extracts to build a new clean install)" />
<echo message=" updater: Package the built files in i2pupdate.zip (extracts safely over existing installs)" />
<echo message=" updater200: Updater compressed with pack200 (creates i2pupdate200.zip, 60% smaller)" />
<echo message=" signed-updater200: Signed updater compressed with pack200 (creates i2pupdate.su3, 60% smaller)" />
<echo message=" updaterWithJavadoc: updater including the javadocs, for display in the console" />
<echo message=" updater200WithJavadoc: updater including the javadocs, for display in the console (creates i2pupdate200.zip)" />
<echo message=" signed-updater200WithJavadoc: Signed updater including the javadocs, for display in the console (creates i2pupdate.su3)" />
<echo message=" updaterWithJavadocAndJetty: updater including the javadocs, for display in the console, and Jetty " />
<echo message=" updater200WithJavadocAndJetty: updater including the javadocs, for display in the console, and Jetty (creates i2pupdate200.zip)" />
<echo message=" signed-updater200WithJavadocAndJetty: Signed updater including the javadocs, for display in the console, and Jetty (creates i2pupdate.su3)" />
<echo message=" updaterWithJetty: Updater including Jetty" />
<echo message=" updater200withJetty: Updater including Jetty" />
<echo message=" updater200withJetty: Updater including Jetty" />
<echo message=" signed-updater200withJetty: Signed updater including Jetty" />
<echo message=" updaterWithJettyFixes: updater including local jetty patches" />
<echo message=" updaterWithGeoIP: updater including GeoIP Files" />
<echo message=" updaterWithJettyFixesAndGeoIP" />
@@ -115,6 +120,121 @@
</sequential>
</macrodef>
<macrodef name="sudsign">
<attribute name="infile" />
<attribute name="outfile" />
<sequential>
<input message="Enter private signing key file:" addproperty="release.privkey" />
<fail message="You must enter an existing file path." >
<condition>
<or>
<equals arg1="${release.privkey}" arg2=""/>
<not>
<length file="${release.privkey}" when="greater" length="0" />
</not>
</or>
</condition>
</fail>
<echo message="Key file is ${release.privkey}" />
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="sign" />
<arg value="@{infile}" />
<arg value="@{outfile}" />
<arg value="${release.privkey}" />
<arg value="${release.number}" />
</java>
<echo message="Verify version and VALID signature:" />
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="verifysig" />
<arg value="@{outfile}" />
</java>
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="verifyversion" />
<arg value="@{outfile}" />
</java>
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="showversion" />
<arg value="@{outfile}" />
</java>
</sequential>
</macrodef>
<macrodef name="su3sign">
<attribute name="infile" />
<attribute name="outfile" />
<attribute name="sigtype" />
<sequential>
<input message="Enter su3 private signing key store:" addproperty="release.privkey.su3" />
<fail message="You must enter an existing file path." >
<condition>
<or>
<equals arg1="${release.privkey.su3}" arg2=""/>
<not>
<length file="${release.privkey.su3}" when="greater" length="0" />
</not>
</or>
</condition>
</fail>
<input message="Enter key name (you@mail.i2p):" addproperty="release.signer.su3" />
<fail message="You must enter a name." >
<condition>
<equals arg1="${release.signer.su3}" arg2=""/>
</condition>
</fail>
<input message="Enter key password for ${release.signer.su3}:" addproperty="release.password.su3" />
<fail message="You must enter a password." >
<condition>
<equals arg1="${release.password.su3}" arg2=""/>
</condition>
</fail>
<java classname="net.i2p.crypto.SU3File" inputstring="${release.password.su3}" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="sign" />
<arg value="-c" />
<arg value="@{sigtype}" />
<arg value="-t" />
<arg value="RSA_SHA512_4096" />
<arg value="@{infile}" />
<arg value="@{outfile}" />
<arg value="${release.privkey.su3}" />
<arg value="${release.number}" />
<arg value="${release.signer.su3}" />
</java>
<echo message="Verify version and VALID signature:" />
<java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<!-- set base dir so it can find the pubkey cert -->
<jvmarg value="-Di2p.dir.base=installer/resources" />
<arg value="verifysig" />
<arg value="@{outfile}" />
</java>
<java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<!-- set base dir so it can find the pubkey cert -->
<jvmarg value="-Di2p.dir.base=installer/resources" />
<arg value="showversion" />
<arg value="@{outfile}" />
</java>
</sequential>
</macrodef>
<target name="dist" depends="pkg, javadoc" />
<target name="dist200" depends="pkg200, javadoc" />
<target name="build" depends="build2">
@@ -1069,6 +1189,7 @@
</condition>
<target name="prepRouterInfos" depends="buildrouter, buildTools" unless="no.bundle.routerInfos">
<delete dir="pkg-temp/netDb" />
<mkdir dir="pkg-temp/netDb" />
<java classname="net.i2p.router.networkdb.kademlia.BundleRouterInfos" fork="true" failonerror="true">
<classpath>
@@ -1085,6 +1206,21 @@
</java>
</target>
<target name="-areRouterInfosEnabled">
<fail message="Option requires &quot;bundle.routerInfos&quot; to be configured. Please read &quot;build.properties&quot; for more info." >
<condition>
<isfalse value="${bundle.routerInfos}" />
</condition>
</fail>
</target>
<target name="i2pseeds" depends="-areRouterInfosEnabled, prepRouterInfos">
<delete file="i2pseeds.zip" />
<delete file="i2pseeds.su3" />
<zip destfile="i2pseeds.zip" basedir="pkg-temp/netDb" whenempty="fail" />
<su3sign infile="i2pseeds.zip" sigtype="RESEED" outfile="i2pseeds.su3" />
</target>
<!-- this is no longer required, izpack 4.3.0 supports headless installs with java -jar i2pinstall.exe -console -->
<!-- and this is no longer used by the SlackBuild -->
<target name="tarball" depends="preppkg">
@@ -1147,7 +1283,17 @@
<target name="updaterSmall" depends="prepupdateSmall, zipit" />
<target name="updaterRouter" depends="prepupdateRouter, zipit" />
<target name="zipit" depends="getReleaseNumber" >
<target name="-sign-update" depends="buildrouter">
<su3sign infile="i2pupdate200.zip" sigtype="ROUTER" outfile="i2pupdate.su3" />
</target>
<target name="signed-updater200" depends="updater200, -sign-update" />
<target name="signed-updater200WithJetty" depends="updater200WithJetty, -sign-update" />
<target name="signed-updater200WithJettyAndGeoIP" depends="updater200WithJettyAndGeoIP, -sign-update" />
<target name="signed-updater200WithJavadoc" depends="updater200WithJavadoc, -sign-update" />
<target name="signed-updater200WithJavadocAndJetty" depends="updater200WithJavadocAndJetty, -sign-update" />
<target name="zipit" depends="getReleaseNumber">
<!--
As of release 0.8.8, the router will enforce a zipfile comment equal to the
version number in the sud/su2 header, since the version in the header is NOT
@@ -1602,142 +1748,14 @@
<delete file="i2pupdate.sud" />
<delete file="i2pupdate.su2" />
<!-- make this a lot easier by putting release.privkey=/path/to/privkey in override.properties -->
<input message="Enter private signing key file:" addproperty="release.privkey" />
<fail message="You must enter an existing file path." >
<condition>
<or>
<equals arg1="${release.privkey}" arg2=""/>
<not>
<length file="${release.privkey}" when="greater" length="0" />
</not>
</or>
</condition>
</fail>
<echo message="Key file is ${release.privkey}" />
<!-- now build and verify the unpacked sud from the unpacked zip -->
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="sign" />
<arg value="i2pupdate.zip" />
<arg value="i2pupdate.sud" />
<arg value="${release.privkey}" />
<arg value="${release.number}" />
</java>
<echo message="Verify version and VALID signature:" />
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="verifysig" />
<arg value="i2pupdate.sud" />
</java>
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="verifyversion" />
<arg value="i2pupdate.sud" />
</java>
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="showversion" />
<arg value="i2pupdate.sud" />
</java>
<!-- now build and verify the packed sud from the packed zip -->
<sudsign infile="i2pupdate.zip" outfile="i2pupdate.sud" />
<!-- now build and verify the packed su2 from the packed zip -->
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="sign" />
<arg value="i2pupdate200.zip" />
<arg value="i2pupdate.su2" />
<arg value="${release.privkey}" />
<arg value="${release.number}" />
</java>
<echo message="Verify version and VALID signature:" />
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="verifysig" />
<arg value="i2pupdate.su2" />
</java>
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="verifyversion" />
<arg value="i2pupdate.su2" />
</java>
<java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="showversion" />
<arg value="i2pupdate.su2" />
</java>
<sudsign infile="i2pupdate200.zip" outfile="i2pupdate.su2" />
<!-- now build and verify the packed su3 from the packed zip -->
<input message="Enter su3 private signing key store:" addproperty="release.privkey.su3" />
<fail message="You must enter an existing file path." >
<condition>
<or>
<equals arg1="${release.privkey.su3}" arg2=""/>
<not>
<length file="${release.privkey.su3}" when="greater" length="0" />
</not>
</or>
</condition>
</fail>
<input message="Enter key name (you@mail.i2p):" addproperty="release.signer.su3" />
<fail message="You must enter a name." >
<condition>
<equals arg1="${release.signer.su3}" arg2=""/>
</condition>
</fail>
<input message="Enter key password for ${release.signer.su3}:" addproperty="release.password.su3" />
<fail message="You must enter a password." >
<condition>
<equals arg1="${release.password.su3}" arg2=""/>
</condition>
</fail>
<java classname="net.i2p.crypto.SU3File" inputstring="${release.password.su3}" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<arg value="sign" />
<arg value="-c" />
<arg value="ROUTER" />
<arg value="-t" />
<arg value="RSA_SHA512_4096" />
<arg value="i2pupdate200.zip" />
<arg value="i2pupdate.su3" />
<arg value="${release.privkey.su3}" />
<arg value="${release.number}" />
<arg value="${release.signer.su3}" />
</java>
<echo message="Verify version and VALID signature:" />
<java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<!-- set base dir so it can find the pubkey cert -->
<jvmarg value="-Di2p.dir.base=installer/resources" />
<arg value="verifysig" />
<arg value="i2pupdate.su3" />
</java>
<java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
<classpath>
<pathelement location="build/i2p.jar" />
</classpath>
<!-- set base dir so it can find the pubkey cert -->
<jvmarg value="-Di2p.dir.base=installer/resources" />
<arg value="showversion" />
<arg value="i2pupdate.su3" />
</java>
<su3sign infile="i2pupdate200.zip" sigtype="ROUTER" outfile="i2pupdate.su3" />
<!-- this will use the monotonerc file in the current workspace -->
<echo message="Checking out fresh copy into ../i2p-${release.number} for tarballing:" />
<delete dir="../i2p-${release.number}" />