From cbcf9fae1d518699dc77fb181ba5c015393bb6fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 12:55:07 +0000 Subject: [PATCH 1/2] Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.7 Bumps [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 3.1.0 to 3.2.7. - [Release notes](https://github.com/apache/maven-gpg-plugin/releases) - [Commits](https://github.com/apache/maven-gpg-plugin/compare/maven-gpg-plugin-3.1.0...maven-gpg-plugin-3.2.7) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-gpg-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- tycho-gpg-plugin/pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 5e18df16da..9851922114 100644 --- a/pom.xml +++ b/pom.xml @@ -638,7 +638,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.1.0 + 3.2.7 sign-artifacts diff --git a/tycho-gpg-plugin/pom.xml b/tycho-gpg-plugin/pom.xml index 6ed43672d1..c15c3d0f85 100644 --- a/tycho-gpg-plugin/pom.xml +++ b/tycho-gpg-plugin/pom.xml @@ -44,7 +44,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.1.0 + 3.2.7 org.eclipse.platform From ebeedec99d7249385336046b015783cccf63c36f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20L=C3=A4ubrich?= Date: Mon, 4 Nov 2024 14:21:42 +0100 Subject: [PATCH 2/2] Adopt to new GPG Mojo --- tycho-gpg-plugin/pom.xml | 4 ++++ .../plugins/gpg/AbstractGpgMojoExtension.java | 12 +++++++++--- .../gpg/ProxySignerWithPublicKeyAccess.java | 12 +++++++++++- .../eclipse/tycho/gpg/BouncyCastleSigner.java | 18 ++++++++++++++++++ .../tycho/gpg/SignRepositoryArtifactsMojo.java | 2 +- 5 files changed, 43 insertions(+), 5 deletions(-) diff --git a/tycho-gpg-plugin/pom.xml b/tycho-gpg-plugin/pom.xml index c15c3d0f85..e53e7cfade 100644 --- a/tycho-gpg-plugin/pom.xml +++ b/tycho-gpg-plugin/pom.xml @@ -25,6 +25,10 @@ ${minimal-maven-version} + + org.apache.maven + maven-core + org.apache.maven maven-plugin-api diff --git a/tycho-gpg-plugin/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojoExtension.java b/tycho-gpg-plugin/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojoExtension.java index 67c7184b93..bc141d1449 100644 --- a/tycho-gpg-plugin/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojoExtension.java +++ b/tycho-gpg-plugin/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojoExtension.java @@ -11,18 +11,24 @@ import java.io.File; -import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.plugin.MojoFailureException; import org.apache.maven.project.MavenProject; public abstract class AbstractGpgMojoExtension extends AbstractGpgMojo { @Override - protected ProxySignerWithPublicKeyAccess newSigner(MavenProject project) - throws MojoExecutionException, MojoFailureException { + protected ProxySignerWithPublicKeyAccess newSigner(MavenProject project) throws MojoFailureException { return new ProxySignerWithPublicKeyAccess(super.newSigner(project), getSigner(), getPGPInfo(), getSecretKeys()); } + @Override + protected AbstractGpgSigner createSigner(String name) throws MojoFailureException { + //due to legacy reasons we actually used a GpgSigner as a delegate + //(see org.apache.maven.plugins.gpg.ProxySignerWithPublicKeyAccess.getSigner(File, File)) + //it would be better to actually create the BouncyCastleSigner already here! + return super.createSigner(GpgSigner.NAME); + } + protected String getSigner() { return "gpg"; } diff --git a/tycho-gpg-plugin/src/main/java/org/apache/maven/plugins/gpg/ProxySignerWithPublicKeyAccess.java b/tycho-gpg-plugin/src/main/java/org/apache/maven/plugins/gpg/ProxySignerWithPublicKeyAccess.java index c444624f5d..f3915bc28b 100644 --- a/tycho-gpg-plugin/src/main/java/org/apache/maven/plugins/gpg/ProxySignerWithPublicKeyAccess.java +++ b/tycho-gpg-plugin/src/main/java/org/apache/maven/plugins/gpg/ProxySignerWithPublicKeyAccess.java @@ -42,7 +42,7 @@ public ProxySignerWithPublicKeyAccess(AbstractGpgSigner delegate, String signer, this.delegate = delegate; this.setLog(delegate.getLog()); // The pgpInfo is used only for testing purposes. - if ("bc".equals(signer) || pgpInfo != null || secretKeys != null) { + if (BouncyCastleSigner.NAME.equals(signer) || pgpInfo != null || secretKeys != null) { try { this.signer = getSigner(pgpInfo, secretKeys); } catch (MojoExecutionException | MojoFailureException | IOException | PGPException e) { @@ -216,4 +216,14 @@ private String getKeys(boolean isPublic) throws MojoExecutionException { throw new MojoExecutionException("Unable to execute gpg command", e); } } + + @Override + public String signerName() { + return signer.signerName(); + } + + @Override + public String getKeyInfo() { + return signer.getKeyInfo(); + } } diff --git a/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/BouncyCastleSigner.java b/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/BouncyCastleSigner.java index c3b1ce2c8e..6a544a2525 100644 --- a/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/BouncyCastleSigner.java +++ b/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/BouncyCastleSigner.java @@ -26,6 +26,7 @@ import java.security.Security; import java.util.ArrayList; import java.util.Date; +import java.util.Iterator; import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.plugins.gpg.AbstractGpgSigner; @@ -57,6 +58,7 @@ import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider; import org.bouncycastle.openpgp.operator.bc.BcPGPKeyPair; import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder; +import org.bouncycastle.util.encoders.Hex; public class BouncyCastleSigner extends AbstractGpgSigner { @@ -74,6 +76,8 @@ public class BouncyCastleSigner extends AbstractGpgSigner { private PGPPrivateKey privateKey; + public static final String NAME = "bc"; + /** * Create an empty instance that needs to be configured before it is used. * @@ -349,4 +353,18 @@ public static void main(String[] args) throws Exception { signer.generateSignature(target.toFile()); } } + + @Override + public String signerName() { + return NAME; + } + + @Override + public String getKeyInfo() { + Iterator userIds = secretKey.getPublicKey().getUserIDs(); + if (userIds.hasNext()) { + return userIds.next(); + } + return Hex.toHexString(secretKey.getPublicKey().getFingerprint()); + } } diff --git a/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java b/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java index 840d41fc70..0b521c7d12 100644 --- a/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java +++ b/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java @@ -166,7 +166,7 @@ protected File getSecretKeys() { } @Override - public void execute() throws MojoExecutionException, MojoFailureException { + public void doExecute() throws MojoExecutionException, MojoFailureException { var signer = newSigner(project); var keys = KeyStore.create();