From 1661cff3647cefc7c41a5c0a8e174d29a2b21f25 Mon Sep 17 00:00:00 2001 From: ligi Date: Mon, 7 May 2018 16:37:51 +0200 Subject: [PATCH 1/2] build: Specify the key to use This way I could locally upload to maven central after the initial problem that the wrong key was used to sign This should fix #16433 --- build/ci.go | 20 ++++++++++++-------- internal/build/pgp.go | 12 ++++++++++++ 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/build/ci.go b/build/ci.go index 204c2067528b..24c41355f34d 100644 --- a/build/ci.go +++ b/build/ci.go @@ -755,14 +755,17 @@ func doAndroidArchive(cmdline []string) { os.Rename(archive, meta.Package+".aar") if *signer != "" && *deploy != "" { // Import the signing key into the local GPG instance - if b64key := os.Getenv(*signer); b64key != "" { - key, err := base64.StdEncoding.DecodeString(b64key) - if err != nil { - log.Fatalf("invalid base64 %s", *signer) - } - gpg := exec.Command("gpg", "--import") - gpg.Stdin = bytes.NewReader(key) - build.MustRun(gpg) + b64key := os.Getenv(*signer) + key, err := base64.StdEncoding.DecodeString(b64key) + if err != nil { + log.Fatalf("invalid base64 %s", *signer) + } + gpg := exec.Command("gpg", "--import") + gpg.Stdin = bytes.NewReader(key) + build.MustRun(gpg) + keyID, err := build.PGPKeyID(string(key)) + if err != nil { + log.Fatal(err) } // Upload the artifacts to Sonatype and/or Maven Central repo := *deploy + "/service/local/staging/deploy/maven2" @@ -771,6 +774,7 @@ func doAndroidArchive(cmdline []string) { } build.MustRunCommand("mvn", "gpg:sign-and-deploy-file", "-e", "-X", "-settings=build/mvn.settings", "-Durl="+repo, "-DrepositoryId=ossrh", + "-Dgpg.keyname="+keyID, "-DpomFile="+meta.Package+".pom", "-Dfile="+meta.Package+".aar") } } diff --git a/internal/build/pgp.go b/internal/build/pgp.go index 79ab9c06f1b5..c7d0d2339746 100644 --- a/internal/build/pgp.go +++ b/internal/build/pgp.go @@ -57,3 +57,15 @@ func PGPSignFile(input string, output string, pgpkey string) error { // Generate the signature and return return openpgp.ArmoredDetachSign(out, keys[0], in, nil) } + +// PGPKeyID parses an armored key and returns the key ID. +func PGPKeyID(pgpkey string) (string, error) { + keys, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(pgpkey)) + if err != nil { + return "", err + } + if len(keys) != 1 { + return "", fmt.Errorf("key count mismatch: have %d, want %d", len(keys), 1) + } + return keys[0].PrimaryKey.KeyIdString(), nil +} From 220426442a4fbd83b8eb0bb0576d3b89ca4aef25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Szil=C3=A1gyi?= Date: Tue, 8 May 2018 21:38:38 +0300 Subject: [PATCH 2/2] build: fix nitpick without annoying others :D --- build/ci.go | 1 + 1 file changed, 1 insertion(+) diff --git a/build/ci.go b/build/ci.go index 24c41355f34d..79dcc146c309 100644 --- a/build/ci.go +++ b/build/ci.go @@ -763,6 +763,7 @@ func doAndroidArchive(cmdline []string) { gpg := exec.Command("gpg", "--import") gpg.Stdin = bytes.NewReader(key) build.MustRun(gpg) + keyID, err := build.PGPKeyID(string(key)) if err != nil { log.Fatal(err)