From 4a7854a948cdbceddd7dc3caf743450bac393271 Mon Sep 17 00:00:00 2001 From: Nikolay Krasko Date: Tue, 19 May 2020 17:34:50 +0300 Subject: [PATCH] Sign and generate hash for compiler and plugin zip --- build.gradle.kts | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/build.gradle.kts b/build.gradle.kts index 8db9fe4b3cb..6fc47f9a63d 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,4 +1,5 @@ import com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar +import org.gradle.crypto.checksum.Checksum import org.gradle.plugins.ide.idea.model.IdeaModel import org.jetbrains.kotlin.gradle.tasks.KotlinCompile import proguard.gradle.ProGuardTask @@ -42,6 +43,8 @@ plugins { idea id("jps-compatible") id("org.jetbrains.gradle.plugin.idea-ext") + id("org.gradle.crypto.checksum") version "1.2.0" + signing } pill { @@ -834,6 +837,33 @@ val zipPlugin by task { } } +fun Project.secureZipTask(zipTask: TaskProvider): RegisteringDomainObjectDelegateProviderWithAction { + val checkSumTask = tasks.register("${zipTask.name}Checksum", Checksum::class) { + dependsOn(zipTask) + val compilerFile = zipTask.get().outputs.files.singleFile + files = files(compilerFile) + outputDir = compilerFile.parentFile + algorithm = Checksum.Algorithm.SHA256 + } + + val signTask = tasks.register("${zipTask.name}Sign", Sign::class) { + description = "Signs the archive produced by the '" + zipTask.name + "' task." + sign(zipTask.get()) + } + + return tasks.registering { + dependsOn(checkSumTask) + dependsOn(signTask) + } +} + +signing { + useGpgCmd() +} + +val zipCompilerWithSignature by secureZipTask(zipCompiler) +val zipPluginWithSignature by secureZipTask(zipPlugin) + configure { module { excludeDirs = files(