Add checksum feature for artifacts

patrickfav · May 26, 2017 · 0697d96 · 0697d96
1 parent a753394
commit 0697d96
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 6 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -3,7 +3,7 @@ jdk:
   - oraclejdk8
 
 script:
-    - mvn clean package
+    - mvn clean package checksum:artifacts
 
 after_success:
   - mvn test jacoco:report coveralls:report
@@ -13,7 +13,9 @@ deploy:
     api_key:
       secure: "1Rb1etBW4/vr587XnqQcx4OtGVFUl2dlszFKhutS4zAt+Fl3TXf6G6ehj5CxT95zo0xuDTiKONhg53AgOB5La+rZ04/QUpV+MiZbGBggZw9fIJIMR/sJcKemmFbKZrTCCWdDuD+34bbbkgwA1f7N3vBfcYQPWRbM+h1eLkuVTovDCaiczTVCx1kbIg1dngZTkiGRizf7PREjkivDIzGq75IQI0V2siV2HPjQUe1z3HVGZfgxWqaEDEQqHBVVhrO5Jr13sZEtn6/Hy/wfGTALevnYkmcs6/l5XUgANdaOAuIyhiqjtvogXw/GFdiyjY3kWt9Wxjk6D7vMnQUjoEz68X6wVMbMBEs83AZVEVQt9CB08Gtu3MPcTOPf4PPjuhJDvacJEszmbPCIpb8q/O6MtLdxJcbNYlHKJiDB7DGnQ93EEDYBV7ccEmzljlnKPAaWr/CLwUOk9JNJopfMZCzQdW2sQmx7+Tsl1eo7cvjRXyjWcFfmjwOzAGW0BgXBqVwmITVZRObamwCmohbRs6bhUXIcOSmxHYlQJryg1KeQ45lA3jghfWtFeIxSMfvG8ZbRg2tmhpwmtK3Opay48KDpRVvnORzMlZj5RHYlZI8PYmY8tTXoYAqQsfwjaRU+C81TwAlNyxRSq0vNwzHJc5rmmwExnlXzN37fkZH/tfN/3XM="
     file_glob: true
-    file: "target/uber-apk-signer-*.jar"
+    file:
+     - "target/uber-apk-signer-*.jar"
+     - "target/checksum*"
     skip_cleanup: true
     on:
       branch: master

diff --git a/CHANGELOG b/CHANGELOG
@@ -1,5 +1,8 @@
 # Releases
 
+## Unreleased
+* adds checksum to release artifacts
+
 ## v0.8.0
 * updates apksigner to v25.0.3
 

diff --git a/pom.xml b/pom.xml
@@ -132,6 +132,27 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>net.nicoulaj.maven.plugins</groupId>
+                <artifactId>checksum-maven-plugin</artifactId>
+                <version>1.5</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>artifacts</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <algorithms>
+                        <algorithm>SHA-256</algorithm>
+                    </algorithms>
+                    <shasumSummary>true</shasumSummary>
+                    <shasumSummaryFile>checksum-sha256.txt</shasumSummaryFile>
+                    <attachChecksums>false</attachChecksums>
+                    <quiet>false</quiet>
+                </configuration>
+            </plugin>
             <!--<plugin>-->
             <!--<groupId>com.akathist.maven.plugins.launch4j</groupId>-->
             <!--<artifactId>launch4j-maven-plugin</artifactId>-->

diff --git a/src/main/java/at/favre/tools/apksigner/SignTool.java b/src/main/java/at/favre/tools/apksigner/SignTool.java
@@ -12,7 +12,10 @@
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.PrintStream;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Locale;
 
 /**
  * The main tool that manages the logic of the main process while satisfying the passed arguments
@@ -53,7 +56,7 @@ private static Result execute(Arg args) {
             List<File> targetApkFiles = new FileArgParser().parseAndSortUniqueFilesNonRecursive(args.apkFile, APK_FILE_EXTENSION);
 
             if (targetApkFiles.isEmpty()) {
-                throw new IllegalStateException("no apk files found in   given paths");
+                throw new IllegalStateException("no apk files found in given paths");
             }
 
             log("source:");
@@ -122,7 +125,7 @@ private static Result execute(Arg args) {
                 if (!args.onlyVerify) {
                     log("\n\tSIGN");
                     log("\tfile: " + rootTargetFile.getCanonicalPath());
-                    log("\tchecksum : " + FileUtil.createChecksum(rootTargetFile, "SHA-256") + " (sha256)");
+                    log("\tchecksum: " + FileUtil.createChecksum(rootTargetFile, "SHA-256") + " (sha256)");
 
 
                     targetApkFile = zipAlign(targetApkFile, rootTargetFile, outFolder, zipAlignExecutor, args, executedCommands);
@@ -141,7 +144,7 @@ private static Result execute(Arg args) {
 
                 log("\n\tVERIFY");
                 log("\tfile: " + targetApkFile.getCanonicalPath());
-                log("\tchecksum : " + FileUtil.createChecksum(targetApkFile, "SHA-256") + " (sha256)");
+                log("\tchecksum: " + FileUtil.createChecksum(targetApkFile, "SHA-256") + " (sha256)");
 
                 boolean zipAlignVerified = args.skipZipAlign || verifyZipAlign(targetApkFile, rootTargetFile, zipAlignExecutor, args, executedCommands);
                 boolean sigVerified = verifySign(targetApkFile, rootTargetFile, args.checkCertSha256, args.verbose, false) != null;