refactor: make gpg.ts generic, move Adoptium-specific constant to temurin distribution

This commit is contained in:
copilot-swe-agent[bot] 2026-06-17 14:35:08 +00:00 committed by GitHub
parent 70770c9dd2
commit b2f4bcbe5f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 19 additions and 19 deletions

View File

@ -4,7 +4,8 @@ import fs from 'fs';
import os from 'os';
import {
TemurinDistribution,
TemurinImplementation
TemurinImplementation,
ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
} from '../../src/distributions/temurin/installer';
import {JavaInstallerOptions} from '../../src/distributions/base-models';
import * as util from '../../src/util';
@ -334,7 +335,7 @@ describe('downloadTool', () => {
expect(spyVerifySignature).toHaveBeenCalledWith(
'/tmp/jdk.tar.gz',
'https://example.com/jdk.tar.gz.sig',
gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
);
});

View File

@ -61,10 +61,12 @@ describe('gpg tests', () => {
describe('verifyPackageSignature', () => {
it('downloads signature and verifies package', async () => {
const testFingerprint = '3B04D753C9050D9A5D343F39843C48A565F8F04B';
(tc.downloadTool as jest.Mock).mockResolvedValue('/tmp/jdk.tar.gz.sig');
await gpg.verifyPackageSignature(
'/tmp/jdk.tar.gz',
'https://example.com/jdk.tar.gz.sig'
'https://example.com/jdk.tar.gz.sig',
testFingerprint
);
expect(tc.downloadTool).toHaveBeenCalledWith(
@ -78,7 +80,7 @@ describe('gpg tests', () => {
'--keyserver',
'keyserver.ubuntu.com',
'--recv-keys',
gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
testFingerprint
],
expect.objectContaining({silent: true})
);

View File

@ -52067,7 +52067,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = exports.PRIVATE_KEY_FILE = void 0;
exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.PRIVATE_KEY_FILE = void 0;
const fs = __importStar(__nccwpck_require__(79896));
const path = __importStar(__nccwpck_require__(16928));
const io = __importStar(__nccwpck_require__(94994));
@ -52075,7 +52075,6 @@ const exec = __importStar(__nccwpck_require__(95236));
const tc = __importStar(__nccwpck_require__(33472));
const util = __importStar(__nccwpck_require__(54527));
exports.PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc');
exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = '3B04D753C9050D9A5D343F39843C48A565F8F04B';
const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/;
function importKey(privateKey) {
return __awaiter(this, void 0, void 0, function* () {
@ -52113,7 +52112,7 @@ function deleteKey(keyFingerprint) {
});
}
exports.deleteKey = deleteKey;
function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT) {
function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint) {
return __awaiter(this, void 0, void 0, function* () {
const signaturePath = yield tc.downloadTool(signatureUrl);
let gpgHome;
@ -52128,7 +52127,6 @@ function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = expo
const options = { silent: true, env };
yield exec.exec('gpg', [
'--batch',
// Adoptium release-signing docs recommend keyserver.ubuntu.com for key retrieval.
'--keyserver',
'keyserver.ubuntu.com',
'--recv-keys',

11
dist/setup/index.js vendored
View File

@ -80247,7 +80247,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.TemurinDistribution = exports.TemurinImplementation = void 0;
exports.TemurinDistribution = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = exports.TemurinImplementation = void 0;
const core = __importStar(__nccwpck_require__(37484));
const tc = __importStar(__nccwpck_require__(33472));
const fs_1 = __importDefault(__nccwpck_require__(79896));
@ -80260,6 +80260,7 @@ var TemurinImplementation;
(function (TemurinImplementation) {
TemurinImplementation["Hotspot"] = "Hotspot";
})(TemurinImplementation || (exports.TemurinImplementation = TemurinImplementation = {}));
exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = '3B04D753C9050D9A5D343F39843C48A565F8F04B';
class TemurinDistribution extends base_installer_1.JavaBase {
constructor(installerOptions, jvmImpl) {
super(`Temurin-${jvmImpl}`, installerOptions);
@ -80307,7 +80308,7 @@ class TemurinDistribution extends base_installer_1.JavaBase {
}
core.info(`Verifying Java package signature...`);
try {
yield gpg.verifyPackageSignature(javaArchivePath, javaRelease.signatureUrl, gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT);
yield gpg.verifyPackageSignature(javaArchivePath, javaRelease.signatureUrl, exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT);
}
catch (error) {
throw new Error(`Failed to verify signature for Temurin version ${javaRelease.version} from ${javaRelease.signatureUrl}: ${error.message}`);
@ -80624,7 +80625,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = exports.PRIVATE_KEY_FILE = void 0;
exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.PRIVATE_KEY_FILE = void 0;
const fs = __importStar(__nccwpck_require__(79896));
const path = __importStar(__nccwpck_require__(16928));
const io = __importStar(__nccwpck_require__(94994));
@ -80632,7 +80633,6 @@ const exec = __importStar(__nccwpck_require__(95236));
const tc = __importStar(__nccwpck_require__(33472));
const util = __importStar(__nccwpck_require__(54527));
exports.PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc');
exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = '3B04D753C9050D9A5D343F39843C48A565F8F04B';
const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/;
function importKey(privateKey) {
return __awaiter(this, void 0, void 0, function* () {
@ -80670,7 +80670,7 @@ function deleteKey(keyFingerprint) {
});
}
exports.deleteKey = deleteKey;
function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT) {
function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint) {
return __awaiter(this, void 0, void 0, function* () {
const signaturePath = yield tc.downloadTool(signatureUrl);
let gpgHome;
@ -80685,7 +80685,6 @@ function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = expo
const options = { silent: true, env };
yield exec.exec('gpg', [
'--batch',
// Adoptium release-signing docs recommend keyserver.ubuntu.com for key retrieval.
'--keyserver',
'keyserver.ubuntu.com',
'--recv-keys',

View File

@ -27,6 +27,9 @@ export enum TemurinImplementation {
Hotspot = 'Hotspot'
}
export const ADOPTIUM_SIGNATURE_KEY_FINGERPRINT =
'3B04D753C9050D9A5D343F39843C48A565F8F04B';
export class TemurinDistribution extends JavaBase {
constructor(
installerOptions: JavaInstallerOptions,
@ -93,7 +96,7 @@ export class TemurinDistribution extends JavaBase {
await gpg.verifyPackageSignature(
javaArchivePath,
javaRelease.signatureUrl,
gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
);
} catch (error) {
throw new Error(

View File

@ -7,8 +7,6 @@ import * as util from './util';
import {ExecOptions} from '@actions/exec/lib/interfaces';
export const PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc');
export const ADOPTIUM_SIGNATURE_KEY_FINGERPRINT =
'3B04D753C9050D9A5D343F39843C48A565F8F04B';
const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/;
@ -60,7 +58,7 @@ export async function deleteKey(keyFingerprint: string) {
export async function verifyPackageSignature(
archivePath: string,
signatureUrl: string,
keyFingerprint = ADOPTIUM_SIGNATURE_KEY_FINGERPRINT
keyFingerprint: string
) {
const signaturePath = await tc.downloadTool(signatureUrl);
let gpgHome: string;
@ -83,7 +81,6 @@ export async function verifyPackageSignature(
'gpg',
[
'--batch',
// Adoptium release-signing docs recommend keyserver.ubuntu.com for key retrieval.
'--keyserver',
'keyserver.ubuntu.com',
'--recv-keys',