Skip to content

Commit a25e0c4

Browse files
committed
Add script to make it easier to verify lockfile signatures
1 parent feda045 commit a25e0c4

File tree

1 file changed

+73
-0
lines changed

1 file changed

+73
-0
lines changed
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
#!/usr/bin/env bash
2+
3+
set -eu
4+
5+
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
6+
cd "$SCRIPT_DIR"
7+
8+
refresh_all_keys_flag=false
9+
10+
print_usage() {
11+
echo "Usage:"
12+
echo " -r Refresh all keys, will remove all trusted keys and clear the keyring, allowing for old keys to removed and keys entries to be updated."
13+
echo " This result is not reproducible. Also make sure to do an additional normal run afterwards."
14+
echo " -h Show this help page."
15+
}
16+
17+
while getopts 'rh' flag; do
18+
case "${flag}" in
19+
r) refresh_all_keys_flag=true ;;
20+
*) print_usage
21+
exit 1 ;;
22+
esac
23+
done
24+
25+
# Disable daemon since it causes problems with the temp dir cleanup
26+
# regardless if stopped.
27+
GRADLE_OPTS="-Dorg.gradle.daemon=false"
28+
# We must provide a template for mktemp to work properly on macOS.
29+
GRADLE_USER_HOME=$(mktemp -d -t gradle-home-XXX)
30+
TEMP_GRADLE_PROJECT_CACHE_DIR=$(mktemp -d -t gradle-cache-XXX)
31+
# Task list to discover all tasks and their dependencies since
32+
# just running the suggested 'help' task isn't sufficient.
33+
GRADLE_TASKS=(
34+
"lint"
35+
)
36+
37+
export GRADLE_OPTS
38+
export GRADLE_USER_HOME
39+
40+
cd ../gradle/
41+
42+
function cleanup {
43+
echo "Cleaning up temp dirs..."
44+
rm -rf -- "$GRADLE_USER_HOME" "$TEMP_GRADLE_PROJECT_CACHE_DIR" verification-keyring.gpg
45+
}
46+
47+
trap cleanup EXIT
48+
49+
echo "### Configuration ###"
50+
echo "Gradle home: $GRADLE_USER_HOME"
51+
echo "Gradle cache: $TEMP_GRADLE_PROJECT_CACHE_DIR"
52+
echo ""
53+
54+
echo "Moving checksums to the side..."
55+
mv verification-metadata.xml verification-metadata.checksums.xml
56+
57+
echo "Moving keys to be active metadata file"
58+
mv verification-metadata.keys.xml verification-metadata.xml
59+
60+
echo "Generating new components..."
61+
# Using a loop here since providing all tasks at once result in gradle task dependency issues.
62+
for GRADLE_TASK in "${GRADLE_TASKS[@]}"; do
63+
echo "Gradle task: $GRADLE_TASK"
64+
../gradlew -q -p .. --project-cache-dir "$TEMP_GRADLE_PROJECT_CACHE_DIR" "$GRADLE_TASK"
65+
echo ""
66+
done
67+
68+
echo "Moving back keys verification metadata"
69+
mv verification-metadata.xml verification-metadata.keys.xml
70+
71+
echo ""
72+
echo "Moving back checksums to be active metadata file"
73+
mv verification-metadata.checksums.xml verification-metadata.xml

0 commit comments

Comments
 (0)