Skip to content

Latest commit

 

History

History
169 lines (122 loc) · 4.89 KB

readme.md

File metadata and controls

169 lines (122 loc) · 4.89 KB

KeyMaster

A Simple Gradle plugin to help you sign your jars.


Getting Started

To get started, you will a GPG key. If you already have this, you can skip it.

In a terminal, or in command line, run the following commands:

# generate the keys
gpg --gen-key

#export the private key with the specified id to a file
gpg --output {private key file name and path} --armor --export-secret-keys {key-id}

#export the public key with the specified id to a file
gpg --output {public key file name and path} --armor --export {key-id}

Answer the required questions, and your file will be generated once completed.

Copy this file to a safe directory, somewhere you can access it easily. KEEP IT OUT OF YOUR GIT REPO

Installing the plugin

Groovy DSL To use this plugin inside your project, first you have to add our maven.

To do this, open up settings.gradle and add the following:

pluginManagement {
    repositories {
        gradlePluginPortal()
        maven {
            url "https://maven.firstdark.dev/releases"
        }
    }
}

Next, in your build.gradle add:

badge

plugins {
    id "dev.firstdark.keymaster" version "VERSION"
}

Replace VERSION with the version above.

Finally, add the following to build.gradle file:

import dev.firstdark.keymaster.tasks.SignJarTask

// This is optional. These values can be configured on the task
keymaster {
    // GPG Password
    gpgPassword = "123456"
    // GPG Key file, or String.
    gpgKey = System.getenv("GPG_KEY")
    // Generate a .sig file for signed jars, to be used for verification
    generateSignature = true
}

// Register a custom task to sign your jar
tasks.register('signJar', SignJarTask) {
    // Depend on the task used to build your project
    dependsOn jar

    // The input artifact. This can be a Task, File or File Name
    artifactInput = jar

    // Optional. Set the output name of the signed jar. This defaults to the artifactInput file name, and will overwrite it
    outputFileName = "testsign"

    // GPG Private key file or string. Not required when the extension is used
    gpgKey = System.getenv("GPG_KEY")

    // GPG Private Key password. Not required when extension is used
    gpgPassword = "123456"

    // Should the task generate a .sig file. Defaults to true, and not required when extension is used
    generateSignature = false
}

That's all there is to it. You can use this custom task as an input for maven publishing, modpublisher or any other task that takes in a file

Kotlin DSL To use this plugin inside your project, first you have to add our maven.

To do this, open up settings.gradle.kts and add the following:

pluginManagement {
    repositories {
        gradlePluginPortal()
        maven {
            url = uri("https://maven.firstdark.dev/releases")
        }
    }
}

Next, in your build.gradle.kts add:

badge

plugins {
    id("com.hypherionmc.modutils.modpublisher") version "VERSION"
}

Replace VERSION with the version above.

Finally, add the following to build.gradle.kts file:

import dev.firstdark.keymaster.tasks.SignJarTask
import org.gradle.kotlin.dsl.register

// This is optional. These values can be configured on the task
extensions.configure<KeymasterExtension>("keymaster") {
    // GPG Password
    gpgPassword = "123456"
    // GPG Key file, or String.
    gpgKey = System.getenv("GPG_KEY")
    // Generate a .sig file for signed jars, to be used for verification
    generateSignature = true
}

// Register a custom task to sign your jar
tasks.register("signJar", SignJarTask::class) {
    // Depend on the task used to build your project
    dependsOn(tasks.jar)

    // The input artifact. This can be a Task, File or File Name
    artifactInput = tasks.jar

    // Optional. Set the output name of the signed jar. This defaults to the artifactInput file name, and will overwrite it
    outputFileName = "testsign"

    // GPG Private key file or string. Not required when the extension is used
    gpgKey = System.getenv("GPG_KEY")

    // GPG Private Key password. Not required when extension is used
    gpgPassword = "123456"

    // Should the task generate a .sig file. Defaults to true, and not required when extension is used
    generateSignature = false
}

That's all there is to it. You can use this custom task as an input for maven publishing, modpublisher or any other task that takes in a file


If you need any other help, open an issue, or visit us on Discord