mirror of https://github.com/streamlink/streamlink
build: new Streamlink signing key 44448A298D5C3618
Replace old signing key: E2B794C7C2C37162E5E2A097E3DB9E282E390FA0 With new one: CDAC41B9122470FAF357A9D344448A298D5C3618
This commit is contained in:
parent
628e8ab910
commit
ad1b54b830
|
@ -12,8 +12,6 @@ on:
|
|||
|
||||
env:
|
||||
STREAMLINK_DIST_DIR: ${{ github.workspace }}/dist
|
||||
SIGNING_KEY_ID: 2E390FA0
|
||||
SIGNING_KEY_FILE: ${{ github.workspace }}/signing.key
|
||||
|
||||
jobs:
|
||||
test:
|
||||
|
@ -138,7 +136,8 @@ jobs:
|
|||
run: make --directory=docs man
|
||||
- name: sdist and wheels
|
||||
env:
|
||||
RELEASE_KEY_PASSPHRASE: ${{ secrets.RELEASE_KEY_PASSPHRASE }}
|
||||
SIGNING_KEY_ID: 1AEB6400EDA27DA9
|
||||
SIGNING_KEY_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
|
||||
run: ./script/build-and-sign.sh
|
||||
- name: Github release
|
||||
env:
|
||||
|
|
|
@ -3,56 +3,81 @@ shopt -s nullglob
|
|||
set -e
|
||||
|
||||
|
||||
if ! python -m pip -q show "build"; then
|
||||
echo >&2 "build: missing dependency 'build'"
|
||||
ROOT=$(git rev-parse --show-toplevel 2>/dev/null || realpath "$(dirname "$(readlink -f "${0}")")/..")
|
||||
|
||||
VERSION=$(python setup.py --version)
|
||||
DIST=${STREAMLINK_DIST_DIR:-"${ROOT}/dist"}
|
||||
|
||||
WHEEL_PLATFORMS=("win32" "win-amd64")
|
||||
|
||||
SIGNING_KEY_FILE="${SIGNING_KEY_FILE:-"${ROOT}/signing.key.enc"}"
|
||||
|
||||
|
||||
# ----
|
||||
|
||||
|
||||
log() {
|
||||
echo >&2 "build: ${@}"
|
||||
}
|
||||
|
||||
warn() {
|
||||
log "WARNING: ${@}"
|
||||
}
|
||||
|
||||
err() {
|
||||
log "ERROR: ${@}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
||||
# ----
|
||||
|
||||
|
||||
if ! python -m pip -q show "build"; then
|
||||
err "Missing python package: build"
|
||||
fi
|
||||
|
||||
|
||||
KEY_ID=${SIGNING_KEY_ID:-2E390FA0}
|
||||
KEY_FILE=${SIGNING_KEY_FILE:-signing.key}
|
||||
KEY_FILE_ENC=${KEY_FILE}.gpg
|
||||
build() {
|
||||
log "Building Streamlink sdist and generic wheel"
|
||||
python -m build --outdir "${DIST}" --sdist --wheel
|
||||
|
||||
version=$(python setup.py --version)
|
||||
dist_dir=${STREAMLINK_DIST_DIR:-dist}
|
||||
for platform in "${WHEEL_PLATFORMS[@]}"; do
|
||||
log "Building Streamlink platform-specific wheel for ${platform}"
|
||||
python -m build --outdir "${DIST}" --wheel --config-setting="--build-option=--plat-name=${platform}"
|
||||
done
|
||||
}
|
||||
|
||||
wheel_platforms_windows=("win32" "win-amd64")
|
||||
sign() {
|
||||
[[ -z "${SIGNING_KEY_PASSPHRASE}" ]] && { warn "Empty SIGNING_KEY_PASSPHRASE, not signing built files"; exit; }
|
||||
[[ -z "${SIGNING_KEY_ID}" ]] && err "Missing SIGNING_KEY_ID"
|
||||
|
||||
mkdir -p "${dist_dir}"
|
||||
local tmp=$(mktemp -d) && trap "rm -rf ${tmp}" EXIT || exit 255
|
||||
|
||||
echo >&2 "build: Building Streamlink sdist"
|
||||
python -m build --outdir "${dist_dir}" --sdist
|
||||
|
||||
echo >&2 "build: Building Streamlink wheel"
|
||||
python -m build --outdir "${dist_dir}" --wheel
|
||||
|
||||
for platform in "${wheel_platforms_windows[@]}"; do
|
||||
echo >&2 "build: Building Streamlink wheel (${platform})"
|
||||
python -m build --outdir "${dist_dir}" --wheel --config-setting="--build-option=--plat-name=${platform}"
|
||||
done
|
||||
|
||||
|
||||
if [[ "${CI}" = true ]] || [[ -n "${GITHUB_ACTIONS}" ]]; then
|
||||
echo >&2 "build: Decrypting signing key"
|
||||
gpg --quiet --batch --yes --decrypt \
|
||||
log "Decrypting signing key"
|
||||
gpg --quiet \
|
||||
--batch \
|
||||
--yes \
|
||||
--decrypt \
|
||||
--passphrase-fd 0 \
|
||||
--output "${KEY_FILE}" \
|
||||
"${KEY_FILE_ENC}" \
|
||||
<<< "${RELEASE_KEY_PASSPHRASE}"
|
||||
fi
|
||||
--output "${tmp}/signing.key" \
|
||||
"${SIGNING_KEY_FILE}" \
|
||||
<<< "${SIGNING_KEY_PASSPHRASE}"
|
||||
|
||||
if ! [[ -f "${KEY_FILE}" ]]; then
|
||||
echo >&2 "warning: No signing key, files not signed"
|
||||
else
|
||||
echo >&2 "build: Signing sdist and wheel files"
|
||||
temp_keyring=$(mktemp -d) && trap "rm -rf ${temp_keyring}" EXIT || exit 255
|
||||
gpg --homedir "${temp_keyring}" --import "${KEY_FILE}" 2>&1 >/dev/null
|
||||
for file in "${dist_dir}"/streamlink-"${version}"{.tar.gz,-*.whl}; do
|
||||
gpg --homedir "${temp_keyring}" \
|
||||
log "Signing sdist and wheel files"
|
||||
gpg --homedir "${tmp}" --import "${tmp}/signing.key" 2>&1 >/dev/null
|
||||
for file in "${DIST}"/streamlink-"${VERSION}"{.tar.gz,-*.whl}; do
|
||||
gpg --homedir "${tmp}" \
|
||||
--trust-model always \
|
||||
--default-key "${KEY_ID}" \
|
||||
--default-key "${SIGNING_KEY_ID}" \
|
||||
--detach-sign \
|
||||
--armor \
|
||||
--yes \
|
||||
"${file}"
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
mkdir -p "${DIST}"
|
||||
build
|
||||
sign
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
jA0ECQMCHJNSx1Ed2Z7/0ukB+kQLJuRWVwbcI9TH0uMWP8HONJ6OZ8Nl22qoZGSI
|
||||
qMFCbJAaKDu9jVze7FjV+k2K4nCIY+lHeyN3O3JDrH/MXX7N1N114ZFAhqxtUY95
|
||||
HXT/F0M6++eR10gkhktvS8+ZVNp1tJJ8YlrTbdB4tQKHOWoL/4HkJpAExNl/PMur
|
||||
rl+enmJfjmDHwPM143CXyR/qBMYU7gE05tTYg6L2yaIcBlWDXBmJ6nRbVNvn6H0O
|
||||
wW+Nnou9msVu5hAU/Gg8cBvoF4VpsMtLu4gUgs5uGeflUW3KkTODVgfeYyDDoZF4
|
||||
Xb/apZe4ed/5dYuwGNwnxi3L8gaZJL6j0IvTgYbGbE/9PRC39CWTAwhj4N5sR6ul
|
||||
fIzphW9s/DfUkmvApQV3rIQ9PRakPniDniGv1CuVtgv2x6juKz+w0XUXHGvlEfcW
|
||||
VhvSN107+B7qucy4l8JIn1T1y8cjKF2U6LMVImqVir/nPWeugb7MaclpVdSkJzf3
|
||||
3oaYIwz/6PjowAbbrHbcR70CSogvR0yXNirorQ+b/j0oxJpiW/05i1Uu3vy3DTMH
|
||||
eTEQHukdj45IPYNzNzkIWtX0WMQx2CPvUPybZXx7DvwgNFLVlAr+3N1iqyPdICpt
|
||||
wbZ4D8NCZDcBgV3/9mzdZ9Xu0Ul8B7ufxkuJDusmjwcl/ngcVYTHiMgyHnz+tx+b
|
||||
csAxFZj4DoaVYWCR/vS3EujD7LBI69RQ9Mo1pXvBf0wG93S9VT5V0xBiCKtVP15O
|
||||
1vBv3PD1YPu3EzkMn3wj3W30wjhkzC5lSnqBpfRqfOWRgJlKxcRvOO/FjWqA2E/+
|
||||
wcPNOcy826pSLwLqw37a3GuoaIYxn0873wzB8aA9hC3lBJDIA1lWBjG8mAKjdYJ1
|
||||
kc/lRfbcHH1GKmf6BgmJNCfow+HdROBaUHTzNg4WE0Lqabv6RwCTMxaSTasSANCY
|
||||
twB+ugPZvc/fj6+HYG6h1rIkWi7OQKsa+6Dsc+0ib/UyFQdVMFkjL5td1E6zhz2U
|
||||
oLsbdQ==
|
||||
=rSZZ
|
||||
-----END PGP MESSAGE-----
|
BIN
signing.key.gpg
BIN
signing.key.gpg
Binary file not shown.
Loading…
Reference in New Issue