mirror of
https://github.com/saymrwulf/onnxruntime.git
synced 2026-05-27 22:45:57 +00:00
Revert "Jar Maven Signing - GnuPG and sha256" (#22273)
Reverts microsoft/onnxruntime#22217
This commit is contained in:
Jian Chen
GitHub
parent
ebcf2fcd16
commit
40bcb7664d
5 changed files with 0 additions and 137 deletions
|
|
@ -58,10 +58,6 @@ stages:
|
|||
showWarnings: true
|
||||
workingDirectory: '$(Build.BinariesDirectory)\java-artifact'
|
||||
|
||||
- template: ../templates/jar-maven-signing-win.yml
|
||||
parameters:
|
||||
JarFileDirectory: '$(Build.BinariesDirectory)\java-artifact\onnxruntime-java-win-x64'
|
||||
|
||||
- task: CopyFiles@2
|
||||
displayName: 'Copy Java Files to Artifact Staging Directory'
|
||||
inputs:
|
||||
|
|
|
|||
|
|
@ -102,10 +102,6 @@ jobs:
|
|||
/bin/bash /onnxruntime_src/tools/ci_build/github/android/build_aar_and_copy_artifacts.sh
|
||||
workingDirectory: $(Build.SourcesDirectory)
|
||||
|
||||
- template: jar-maven-signing-linux.yml
|
||||
parameters:
|
||||
JarFileDirectory: '$(artifacts_directory)'
|
||||
|
||||
- task: PublishBuildArtifacts@1
|
||||
inputs:
|
||||
pathtoPublish: '$(artifacts_directory)'
|
||||
|
|
|
|||
|
|
@ -236,10 +236,6 @@ stages:
|
|||
showWarnings: true
|
||||
workingDirectory: '$(Build.BinariesDirectory)\java-artifact'
|
||||
|
||||
- template: jar-maven-signing-win.yml
|
||||
parameters:
|
||||
JarFileDirectory: '$(Build.BinariesDirectory)\java-artifact\onnxruntime-java-win-x64'
|
||||
|
||||
- task: CopyFiles@2
|
||||
displayName: 'Copy Java Files to Artifact Staging Directory'
|
||||
inputs:
|
||||
|
|
|
|||
|
|
@ -1,55 +0,0 @@
|
|||
parameters:
|
||||
- name: JarFileDirectory
|
||||
type: string
|
||||
|
||||
steps:
|
||||
- task: AzureKeyVault@2
|
||||
displayName: 'Get GnuPG signing keys'
|
||||
inputs:
|
||||
azureSubscription: 'OnnxrunTimeCodeSign_20240611'
|
||||
KeyVaultName: 'ort-release'
|
||||
SecretsFilter: 'java-pgp-pwd,java-pgp-key'
|
||||
RunAsPreJob: false
|
||||
|
||||
- task: CmdLine@2
|
||||
displayName: 'Sign jar files: GnuPG and sha256'
|
||||
inputs:
|
||||
workingDirectory: '$(Build.SourcesDirectory)'
|
||||
script: |
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
jar_file_directory='${{ parameters.JarFileDirectory }}'
|
||||
working_directory='$(Build.SourcesDirectory)'
|
||||
original_private_key='$(java-pgp-key)'
|
||||
original_passphrase='$(java-pgp-pwd)'
|
||||
|
||||
private_key_file=$working_directory/private_key.txt
|
||||
passphrase_file=$working_directory/passphrase.txt
|
||||
|
||||
echo "Generating GnuPG key files."
|
||||
printf "%s" "$original_private_key" >$private_key_file
|
||||
printf "%s" "$original_passphrase" >$passphrase_file
|
||||
echo "Generated GnuPG key files."
|
||||
|
||||
echo "Importing GnuPG private key file."
|
||||
gpg --batch --import $private_key_file
|
||||
echo "Imported GnuPG private key file."
|
||||
|
||||
for file in $(find $jar_file_directory -type f); do
|
||||
echo "GnuPG signing to file: $file"
|
||||
gpg --pinentry-mode loopback --passphrase-file $passphrase_file -ab $file
|
||||
echo "GnuPG signed to file: $file"
|
||||
done
|
||||
|
||||
for file in $(find $jar_file_directory -type f); do
|
||||
echo "Adding checksum of sha256 to file: $file"
|
||||
sha256sum $file | awk '{print $1}' >$file.sha256
|
||||
echo "Added checksum of sha256 to file: $file"
|
||||
done
|
||||
|
||||
echo "GnuPG and sha256 signing to files completed."
|
||||
echo "Deleting GnuPG key files."
|
||||
rm -f $private_key_file
|
||||
rm -f $passphrase_file
|
||||
echo "Deleted GnuPG key files."
|
||||
|
|
@ -1,70 +0,0 @@
|
|||
parameters:
|
||||
- name: JarFileDirectory
|
||||
type: string
|
||||
|
||||
steps:
|
||||
- task: AzureKeyVault@2
|
||||
displayName: 'Get GnuPG signing keys'
|
||||
inputs:
|
||||
azureSubscription: 'OnnxrunTimeCodeSign_20240611'
|
||||
KeyVaultName: 'ort-release'
|
||||
SecretsFilter: 'java-pgp-pwd,java-pgp-key'
|
||||
RunAsPreJob: false
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: 'Sign jar files: GnuPG and sha256'
|
||||
inputs:
|
||||
targetType: 'inline'
|
||||
workingDirectory: '$(Build.SourcesDirectory)'
|
||||
script: |
|
||||
$jar_file_directory = '${{ parameters.JarFileDirectory }}'
|
||||
$working_directory = '$(Build.SourcesDirectory)'
|
||||
|
||||
$original_passphrase='$(java-pgp-pwd)'
|
||||
$original_private_key='$(java-pgp-key)'
|
||||
|
||||
$gpg_exe_path = "C:\Program Files (x86)\gnupg\bin\gpg.exe"
|
||||
|
||||
$passphrase_file = Join-Path -Path $working_directory -ChildPath "passphrase.txt"
|
||||
$private_key_file = Join-Path -Path $working_directory -ChildPath "private_key.txt"
|
||||
|
||||
Write-Host "Generating GnuPG key files."
|
||||
Out-File -FilePath $passphrase_file -InputObject $original_passphrase -NoNewline -Encoding ascii
|
||||
Out-File -FilePath $private_key_file -InputObject $original_private_key -NoNewline -Encoding ascii
|
||||
Write-Host "Generated GnuPG key files."
|
||||
|
||||
Write-Host "Importing GnuPG private key file."
|
||||
& $gpg_exe_path --batch --import $private_key_file
|
||||
if ($lastExitCode -ne 0) {
|
||||
Write-Host -Object "GnuPG importing private key command failed. Exitcode: $exitCode"
|
||||
exit $lastExitCode
|
||||
}
|
||||
Write-Host "Imported GnuPG private key file."
|
||||
|
||||
$targeting_original_files = Get-ChildItem $jar_file_directory -Recurse -Force -File -Name
|
||||
foreach ($file in $targeting_original_files) {
|
||||
$file_path = Join-Path $jar_file_directory -ChildPath $file
|
||||
Write-Host "GnuPG signing to file: "$file_path
|
||||
& $gpg_exe_path --pinentry-mode loopback --passphrase-file $passphrase_file -ab $file_path
|
||||
if ($lastExitCode -ne 0) {
|
||||
Write-Host -Object "GnuPG signing file command failed. Exitcode: $exitCode"
|
||||
exit $lastExitCode
|
||||
}
|
||||
Write-Host "GnuPG signed to file: "$file_path
|
||||
}
|
||||
|
||||
$targeting_asc_files = Get-ChildItem $jar_file_directory -Recurse -Force -File -Name
|
||||
foreach ($file in $targeting_asc_files) {
|
||||
$file_path = Join-Path $jar_file_directory -ChildPath $file
|
||||
Write-Host "Adding checksum of sha256 to file: "$file_path
|
||||
$file_path_sha256 = $file_path + ".sha256"
|
||||
CertUtil -hashfile $file_path SHA256
|
||||
CertUtil -hashfile $file_path SHA256 | find /v `"hash`" | Out-File -FilePath $file_path_sha256
|
||||
Write-Host "Added checksum of sha256 to file: "$file_path
|
||||
}
|
||||
|
||||
Write-Host "GnuPG and sha256 signing to files completed."
|
||||
Write-Host "Deleting GnuPG key files."
|
||||
Remove-Item -Path $passphrase_file
|
||||
Remove-Item -Path $private_key_file
|
||||
Write-Host "Deleted GnuPG key files."
|
||||
Loading…
Reference in a new issue