mirror of
https://github.com/actions/setup-java.git
synced 2026-07-08 22:31:49 +00:00
refactor: make gpg.ts generic, move Adoptium-specific constant to temurin distribution
This commit is contained in:
parent
70770c9dd2
commit
b2f4bcbe5f
@ -4,7 +4,8 @@ import fs from 'fs';
|
|||||||
import os from 'os';
|
import os from 'os';
|
||||||
import {
|
import {
|
||||||
TemurinDistribution,
|
TemurinDistribution,
|
||||||
TemurinImplementation
|
TemurinImplementation,
|
||||||
|
ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
|
||||||
} from '../../src/distributions/temurin/installer';
|
} from '../../src/distributions/temurin/installer';
|
||||||
import {JavaInstallerOptions} from '../../src/distributions/base-models';
|
import {JavaInstallerOptions} from '../../src/distributions/base-models';
|
||||||
import * as util from '../../src/util';
|
import * as util from '../../src/util';
|
||||||
@ -334,7 +335,7 @@ describe('downloadTool', () => {
|
|||||||
expect(spyVerifySignature).toHaveBeenCalledWith(
|
expect(spyVerifySignature).toHaveBeenCalledWith(
|
||||||
'/tmp/jdk.tar.gz',
|
'/tmp/jdk.tar.gz',
|
||||||
'https://example.com/jdk.tar.gz.sig',
|
'https://example.com/jdk.tar.gz.sig',
|
||||||
gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
|
ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@ -61,10 +61,12 @@ describe('gpg tests', () => {
|
|||||||
|
|
||||||
describe('verifyPackageSignature', () => {
|
describe('verifyPackageSignature', () => {
|
||||||
it('downloads signature and verifies package', async () => {
|
it('downloads signature and verifies package', async () => {
|
||||||
|
const testFingerprint = '3B04D753C9050D9A5D343F39843C48A565F8F04B';
|
||||||
(tc.downloadTool as jest.Mock).mockResolvedValue('/tmp/jdk.tar.gz.sig');
|
(tc.downloadTool as jest.Mock).mockResolvedValue('/tmp/jdk.tar.gz.sig');
|
||||||
await gpg.verifyPackageSignature(
|
await gpg.verifyPackageSignature(
|
||||||
'/tmp/jdk.tar.gz',
|
'/tmp/jdk.tar.gz',
|
||||||
'https://example.com/jdk.tar.gz.sig'
|
'https://example.com/jdk.tar.gz.sig',
|
||||||
|
testFingerprint
|
||||||
);
|
);
|
||||||
|
|
||||||
expect(tc.downloadTool).toHaveBeenCalledWith(
|
expect(tc.downloadTool).toHaveBeenCalledWith(
|
||||||
@ -78,7 +80,7 @@ describe('gpg tests', () => {
|
|||||||
'--keyserver',
|
'--keyserver',
|
||||||
'keyserver.ubuntu.com',
|
'keyserver.ubuntu.com',
|
||||||
'--recv-keys',
|
'--recv-keys',
|
||||||
gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
|
testFingerprint
|
||||||
],
|
],
|
||||||
expect.objectContaining({silent: true})
|
expect.objectContaining({silent: true})
|
||||||
);
|
);
|
||||||
|
|||||||
6
dist/cleanup/index.js
vendored
6
dist/cleanup/index.js
vendored
@ -52067,7 +52067,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|||||||
});
|
});
|
||||||
};
|
};
|
||||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||||
exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = exports.PRIVATE_KEY_FILE = void 0;
|
exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.PRIVATE_KEY_FILE = void 0;
|
||||||
const fs = __importStar(__nccwpck_require__(79896));
|
const fs = __importStar(__nccwpck_require__(79896));
|
||||||
const path = __importStar(__nccwpck_require__(16928));
|
const path = __importStar(__nccwpck_require__(16928));
|
||||||
const io = __importStar(__nccwpck_require__(94994));
|
const io = __importStar(__nccwpck_require__(94994));
|
||||||
@ -52075,7 +52075,6 @@ const exec = __importStar(__nccwpck_require__(95236));
|
|||||||
const tc = __importStar(__nccwpck_require__(33472));
|
const tc = __importStar(__nccwpck_require__(33472));
|
||||||
const util = __importStar(__nccwpck_require__(54527));
|
const util = __importStar(__nccwpck_require__(54527));
|
||||||
exports.PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc');
|
exports.PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc');
|
||||||
exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = '3B04D753C9050D9A5D343F39843C48A565F8F04B';
|
|
||||||
const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/;
|
const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/;
|
||||||
function importKey(privateKey) {
|
function importKey(privateKey) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
@ -52113,7 +52112,7 @@ function deleteKey(keyFingerprint) {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
exports.deleteKey = deleteKey;
|
exports.deleteKey = deleteKey;
|
||||||
function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT) {
|
function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
const signaturePath = yield tc.downloadTool(signatureUrl);
|
const signaturePath = yield tc.downloadTool(signatureUrl);
|
||||||
let gpgHome;
|
let gpgHome;
|
||||||
@ -52128,7 +52127,6 @@ function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = expo
|
|||||||
const options = { silent: true, env };
|
const options = { silent: true, env };
|
||||||
yield exec.exec('gpg', [
|
yield exec.exec('gpg', [
|
||||||
'--batch',
|
'--batch',
|
||||||
// Adoptium release-signing docs recommend keyserver.ubuntu.com for key retrieval.
|
|
||||||
'--keyserver',
|
'--keyserver',
|
||||||
'keyserver.ubuntu.com',
|
'keyserver.ubuntu.com',
|
||||||
'--recv-keys',
|
'--recv-keys',
|
||||||
|
|||||||
11
dist/setup/index.js
vendored
11
dist/setup/index.js
vendored
@ -80247,7 +80247,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|||||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||||
};
|
};
|
||||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||||
exports.TemurinDistribution = exports.TemurinImplementation = void 0;
|
exports.TemurinDistribution = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = exports.TemurinImplementation = void 0;
|
||||||
const core = __importStar(__nccwpck_require__(37484));
|
const core = __importStar(__nccwpck_require__(37484));
|
||||||
const tc = __importStar(__nccwpck_require__(33472));
|
const tc = __importStar(__nccwpck_require__(33472));
|
||||||
const fs_1 = __importDefault(__nccwpck_require__(79896));
|
const fs_1 = __importDefault(__nccwpck_require__(79896));
|
||||||
@ -80260,6 +80260,7 @@ var TemurinImplementation;
|
|||||||
(function (TemurinImplementation) {
|
(function (TemurinImplementation) {
|
||||||
TemurinImplementation["Hotspot"] = "Hotspot";
|
TemurinImplementation["Hotspot"] = "Hotspot";
|
||||||
})(TemurinImplementation || (exports.TemurinImplementation = TemurinImplementation = {}));
|
})(TemurinImplementation || (exports.TemurinImplementation = TemurinImplementation = {}));
|
||||||
|
exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = '3B04D753C9050D9A5D343F39843C48A565F8F04B';
|
||||||
class TemurinDistribution extends base_installer_1.JavaBase {
|
class TemurinDistribution extends base_installer_1.JavaBase {
|
||||||
constructor(installerOptions, jvmImpl) {
|
constructor(installerOptions, jvmImpl) {
|
||||||
super(`Temurin-${jvmImpl}`, installerOptions);
|
super(`Temurin-${jvmImpl}`, installerOptions);
|
||||||
@ -80307,7 +80308,7 @@ class TemurinDistribution extends base_installer_1.JavaBase {
|
|||||||
}
|
}
|
||||||
core.info(`Verifying Java package signature...`);
|
core.info(`Verifying Java package signature...`);
|
||||||
try {
|
try {
|
||||||
yield gpg.verifyPackageSignature(javaArchivePath, javaRelease.signatureUrl, gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT);
|
yield gpg.verifyPackageSignature(javaArchivePath, javaRelease.signatureUrl, exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT);
|
||||||
}
|
}
|
||||||
catch (error) {
|
catch (error) {
|
||||||
throw new Error(`Failed to verify signature for Temurin version ${javaRelease.version} from ${javaRelease.signatureUrl}: ${error.message}`);
|
throw new Error(`Failed to verify signature for Temurin version ${javaRelease.version} from ${javaRelease.signatureUrl}: ${error.message}`);
|
||||||
@ -80624,7 +80625,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|||||||
});
|
});
|
||||||
};
|
};
|
||||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||||
exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = exports.PRIVATE_KEY_FILE = void 0;
|
exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.PRIVATE_KEY_FILE = void 0;
|
||||||
const fs = __importStar(__nccwpck_require__(79896));
|
const fs = __importStar(__nccwpck_require__(79896));
|
||||||
const path = __importStar(__nccwpck_require__(16928));
|
const path = __importStar(__nccwpck_require__(16928));
|
||||||
const io = __importStar(__nccwpck_require__(94994));
|
const io = __importStar(__nccwpck_require__(94994));
|
||||||
@ -80632,7 +80633,6 @@ const exec = __importStar(__nccwpck_require__(95236));
|
|||||||
const tc = __importStar(__nccwpck_require__(33472));
|
const tc = __importStar(__nccwpck_require__(33472));
|
||||||
const util = __importStar(__nccwpck_require__(54527));
|
const util = __importStar(__nccwpck_require__(54527));
|
||||||
exports.PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc');
|
exports.PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc');
|
||||||
exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = '3B04D753C9050D9A5D343F39843C48A565F8F04B';
|
|
||||||
const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/;
|
const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/;
|
||||||
function importKey(privateKey) {
|
function importKey(privateKey) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
@ -80670,7 +80670,7 @@ function deleteKey(keyFingerprint) {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
exports.deleteKey = deleteKey;
|
exports.deleteKey = deleteKey;
|
||||||
function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT) {
|
function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
const signaturePath = yield tc.downloadTool(signatureUrl);
|
const signaturePath = yield tc.downloadTool(signatureUrl);
|
||||||
let gpgHome;
|
let gpgHome;
|
||||||
@ -80685,7 +80685,6 @@ function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = expo
|
|||||||
const options = { silent: true, env };
|
const options = { silent: true, env };
|
||||||
yield exec.exec('gpg', [
|
yield exec.exec('gpg', [
|
||||||
'--batch',
|
'--batch',
|
||||||
// Adoptium release-signing docs recommend keyserver.ubuntu.com for key retrieval.
|
|
||||||
'--keyserver',
|
'--keyserver',
|
||||||
'keyserver.ubuntu.com',
|
'keyserver.ubuntu.com',
|
||||||
'--recv-keys',
|
'--recv-keys',
|
||||||
|
|||||||
@ -27,6 +27,9 @@ export enum TemurinImplementation {
|
|||||||
Hotspot = 'Hotspot'
|
Hotspot = 'Hotspot'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export const ADOPTIUM_SIGNATURE_KEY_FINGERPRINT =
|
||||||
|
'3B04D753C9050D9A5D343F39843C48A565F8F04B';
|
||||||
|
|
||||||
export class TemurinDistribution extends JavaBase {
|
export class TemurinDistribution extends JavaBase {
|
||||||
constructor(
|
constructor(
|
||||||
installerOptions: JavaInstallerOptions,
|
installerOptions: JavaInstallerOptions,
|
||||||
@ -93,7 +96,7 @@ export class TemurinDistribution extends JavaBase {
|
|||||||
await gpg.verifyPackageSignature(
|
await gpg.verifyPackageSignature(
|
||||||
javaArchivePath,
|
javaArchivePath,
|
||||||
javaRelease.signatureUrl,
|
javaRelease.signatureUrl,
|
||||||
gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
|
ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
|
||||||
);
|
);
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
throw new Error(
|
throw new Error(
|
||||||
|
|||||||
@ -7,8 +7,6 @@ import * as util from './util';
|
|||||||
import {ExecOptions} from '@actions/exec/lib/interfaces';
|
import {ExecOptions} from '@actions/exec/lib/interfaces';
|
||||||
|
|
||||||
export const PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc');
|
export const PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc');
|
||||||
export const ADOPTIUM_SIGNATURE_KEY_FINGERPRINT =
|
|
||||||
'3B04D753C9050D9A5D343F39843C48A565F8F04B';
|
|
||||||
|
|
||||||
const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/;
|
const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/;
|
||||||
|
|
||||||
@ -60,7 +58,7 @@ export async function deleteKey(keyFingerprint: string) {
|
|||||||
export async function verifyPackageSignature(
|
export async function verifyPackageSignature(
|
||||||
archivePath: string,
|
archivePath: string,
|
||||||
signatureUrl: string,
|
signatureUrl: string,
|
||||||
keyFingerprint = ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
|
keyFingerprint: string
|
||||||
) {
|
) {
|
||||||
const signaturePath = await tc.downloadTool(signatureUrl);
|
const signaturePath = await tc.downloadTool(signatureUrl);
|
||||||
let gpgHome: string;
|
let gpgHome: string;
|
||||||
@ -83,7 +81,6 @@ export async function verifyPackageSignature(
|
|||||||
'gpg',
|
'gpg',
|
||||||
[
|
[
|
||||||
'--batch',
|
'--batch',
|
||||||
// Adoptium release-signing docs recommend keyserver.ubuntu.com for key retrieval.
|
|
||||||
'--keyserver',
|
'--keyserver',
|
||||||
'keyserver.ubuntu.com',
|
'keyserver.ubuntu.com',
|
||||||
'--recv-keys',
|
'--recv-keys',
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user