From 1499e50dd6e1dfd536fc158082cb0977aa0b56af Mon Sep 17 00:00:00 2001 From: Stefan Kolb Date: Fri, 2 Dec 2016 13:18:13 +0100 Subject: [PATCH] Installer Code Signing #1879 (#2320) * Typo * Set certificate file paths * Changelog --- .gitignore | 3 +++ .travis.yml | 2 +- CHANGELOG.md | 1 + build.gradle | 2 ++ buildres/jabref-cert-2016.p12.enc | Bin 0 -> 5504 bytes circle.yml | 5 ++++- jabref.install4j | 4 ++-- 7 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 buildres/jabref-cert-2016.p12.enc diff --git a/.gitignore b/.gitignore index cfcd6c34e69..9cf0806e4b2 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,6 @@ install4j6/ # ignore the generated markdown file if the user forgets to delete it status.md + +# private data +/buildres/jabref-cert-2016.p12 diff --git a/.travis.yml b/.travis.yml index 692661c6bd1..2f7ee0338c6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,7 @@ addons: packages: # most recent Java8 - this makes the JDK switcher obsolete - see https://github.com/travis-ci/travis-ci/issues/5897#issuecomment-218354129 - oracle-java8-installer - # MySQL 5.6 as desccribed at https://docs.travis-ci.com/user/database-setup/#MySQL-5.6 + # MySQL 5.6 as described at https://docs.travis-ci.com/user/database-setup/#MySQL-5.6 - mysql-server-5.6 - mysql-client-core-5.6 - mysql-client-5.6 diff --git a/CHANGELOG.md b/CHANGELOG.md index ce3a60555d8..3d47c7c2c7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ We refer to [GitHub issues](https://github.com/JabRef/jabref/issues) by using `# ### Changed - URLs can now be passed as arguments to the `-import` and `-importToOpen` command line options. The referenced file is downloaded and then imported as usual. +- Windows and OSX binaries are now signed with a certificate. - The default emacs executable name on linux changed from `gnuclient` to `emacsclient`. [feature-request 433](https://sourceforge.net/p/jabref/feature-requests/433/) - Adds integrity check to detect all bibtex keys which deviate from their generation pattern [#2206](https://github.com/JabRef/jabref/issues/2206) - Adds an integrity check that detects invalid DOIs [#1445](https://github.com/JabRef/jabref/issues/1445) diff --git a/build.gradle b/build.gradle index 401868168ee..cc3c81f6eb0 100644 --- a/build.gradle +++ b/build.gradle @@ -342,6 +342,8 @@ if (hasProperty('dev')) { task media(type: com.install4j.gradle.Install4jTask, dependsOn: "releaseJar") { projectFile = file('jabref.install4j') release = project.version + winKeystorePassword = System.getenv('CERTIFICATE_PW') + macKeystorePassword = System.getenv('CERTIFICATE_PW') variables = [ versionFourDots: project.ext.threeDotVersion, buildFileName : jar.archiveName, diff --git a/buildres/jabref-cert-2016.p12.enc b/buildres/jabref-cert-2016.p12.enc new file mode 100644 index 0000000000000000000000000000000000000000..6277bb8abdd6b64ccfa31eb08aca34d5364c6e0d GIT binary patch literal 5504 zcmV-`6@TheVQh3|WM5zBYNY-3b1~aE9O05BZ#S+kC_xI0ZN;QPL;g)3Hu{?%M7=F` zA#oqFJt_zc${Jnsr;_K>M-L?_70+ep3A$CMlmBFZ1f4&{2~z5hVzx;aDK-Ocz#e8! z{XU{Gk%RiaUUyN%gcl3H+3; z&4R5oLbNnfSj(cR$S$od$AxTpV4R%fMk&Z5EF(=i2s^)|rQ(JY1qqpNx8SsD$xz&u zWnE})981{&$Zv&4^cIfGVZYa!*ZR026?JA)51Ob*e)kNAxoS2m6l}8`9H&!%6YjZT zI%JSzL&by<{Dpl>8eKwf1G}r&@AR77tM~kvLxxC|M=@0J)SJh)iJ*_`ZeJp-4p?V= z5?5D=cLw!DI45~jr^-fJeq?dr+=546F4wD%WP?fZ;Hi2JehTXA`OFmsslEVPAjoC^ znp-HBHUR4ei3kL`T}0B(5(w0$FQwD4`yYiG%7@_TtB zwbieiXsEH?rG)q@HLD$AH_TWZX9x6)TnF&<)60D*x3#LIzjjWsU^w^MGe)*PD|%e7 zop&STfm9Z4LM19WbDqyLD1b`dxs%~wOfuW<7i4`2l5+UBrm+lL5b4YC|EPVgRgid# z@PIc<@?`^QQ=ez1f-`(S+0e4Mq$GH*Q=E~x@9G`^D}ccvEC#45|X~98)B*3$@z2LSI-$9{iWF1IV@Iw z?%SXI7Cw~HHv-g~XnanLbwC_8s3mMg#^MmL4j4@hJ%W8zVz|qphSWUqKpx|AZj1qE zjVt%s@o(3KWJN&vr||eW&;p&&o`t$qw!XIEsleL2dxgghxQQuWMD%_#q zAp-cwB1QOZMYF}-a~u_(LretvJ*KkNqZsQyvJ^#TatmRmL`f9JBildD*+cs_0FW+u zC6ZWKu~c5M56B+}`NT`PCS{oBJ%gz4p_~#nysK=w;ll#gPrYcz8^7Rle$fEHQ}f3A z^Xm7S<#w(N&t>&pfumC*lEpoH9=%xb>)zLduhR)#LS%P2S-!L|6hX9QT3jEX>y^O` zePKQ}(D(*hR4o~hvzB$P!j|ke2?P?XuWl{D%gUS9Ttv@b+$ZyAMpmp1Yn9iSrYn{m za>1)lAe`B^V$M1CgtdIB*yzD2uJ2^f8>ObCsMb>NeENir{ylidWdX2Vtnss_5E=`0 zpX+dM`M{%l0*v~`Vk3ufE%gKLX50zhy`xs!Aw)qF7{LI_Pli3v~vXe`y4wOUsZVs!Cs^i zjAsrTW?0)6+j*kG9J+dYp7xIsd&b_)??qQAjR*oZf`j6{xjPoH#)R$7q+Xkvkd&!1 zKPHn(i}^q-$gO#o{tG{!CL={wQcK7aKl2gyq*Iu9w+nG1u{Sdr_3qK3xxG867FP-m zlF{^VSn4d#0>*KIy)}Sq0HE9n^C@89r$Xl0e5d&Se&v#Po00Hz3vq=1N*)vZ49_rn zliozyJG0d46>C{mlCX-r!^zT5fElJ2OgL#2s{WM`_)fvzE6o>bReZ6@24Y9h{+(NG zcAC>43!5!i4O4D>lLP1GH&4o~oxXHW_iur+pn9q^u%T+ck+ZE^c;2zklRWyHE;^q0 z6%wPt=x^M(gdf}qqltS?(^J*Q`CNTy@!pvWj!#|0QCRu?`2=(qrN8M@B98p)&6NMo zJs769*@PVsybq?faRB}OS$yMAoZi3fRiAkZW=*Yioc?m}^u7LR2wu)DugI&cdIL7^ z+(XnS@W2vIsI6G#+pa>G=E(fUbMz3l!d8ZeiLa4g_Qw)AxfrS=4VvsOHs8q??GFfK zvvdAXypUSUt8?OqK3>C1L{hU$H(PsI5xNWwBK=Q;~vvPNL zCR`~&&BZ_iC7rjt1{Pn4OV<^@1iW$etZ5Cx#gy5GljcW1@BD56lS|yj#S3JHlcBj-cI<^)NwQ zp7~M9qC?v5BF4E|982qPo$R1%bsG&UlrJu`^Ta^Ds{>#vqq?(-opXZaVvdrnh<`Id z!uee{C&4Q29z*-%SH-M7*+tm2%F$MQzM>QvB}~fbhmJ)^|EdO1yLdo9~KP&}h+bIh)NRXPC8xr@xrajlT8%cmrixQWXERcd|Ei z90a!{_MDQ--aR%iGcDXhvZ9{vaX?ac%6W8D0^i-qVb-2hhX79`LX}P8#2UC9X<>1C z)&zM2LKEE4 zyT>-HFS;>(T{H%q^mlOs=A8K3015XwRRgH7(P)p<97sr@)eB&Q0f4(N#@d#VhT(la z<@T3~?kI1ijYR2rqY9dfW_dH-i^1DCPZR#*YLaqJ8Os42cjgd0w~GQC410qC7Dm2aG+!_G4Xu z^D{Erv)&pDxj$9XaS>ro?y4R!VtSm7N#XEab9-cs>?@v_Tg}~1!W}9bwqM!Ia=5w( zU2JM^izDBBKE;|DmdGgRs|84i@M_iA{?S{I5QUNB8i>kA>%(W9-9^PlVjjODrR$jf z3qTRejI)||#@oh-<2S_1fS-#Y**?maqvaRMfbd<2+w9>EdLF(C1{<-FP%~(N6_5Do zWl0?S1ckoX-bEhUmtt%Oek}d;WxD6ccvy?^!`*sO z62CRWfoY}Y9A*DS1t((}B-jSO7Ko@+N_uI@YfPqsJ6sHX_hMhuY4c?UN!?O4MG2Ay za<`(o05XVdop+L!bI9#?w29MXGaD}&m$6vm0K`GFg(TGapk2+_K1^~=l_&?vJI;;a z>PYy~K9ZnY%_<%w#-rA)h3qQ-ftzw3FqEyCD15Q~2~vvcY`Ijg0pD!w#O`y{PK_2K z7+E&r8#CNt$xFZk;e?K5aO$&DU)EYc+Qi4l%xuecQ!az0!T)LK>5G13`iE4AGXsZN zn~|!^0IVW{XI)bwi$oJf;FSB9!}3)vUL|^o3b$S2k-zr83K8ot>^~u4!4d(lOG{J$ z$bn&no-^;>-B%A}c`Idl+nq*b3i1yL7SGpzgUY(&+WTbK4J*X`gl=>)FdvJZHY3#X z%VACdeXrN&hhTN2elPCRV2ZFprGPG#F~zf4YIqRFJNHQU%Cd)VBcM6NUiDJ0xxPP0 z`2j!FVnngVB}Uh+yFM}YTNXC=vLn7r91rg1sWdffaGA0$B}&=8ck8o} zb@{j+oTo#UCql>^;^p{)&wC~dXIW5S*soI3u)ggt5J`rs#U<0-9u?0d0UZ^DCD({L zdqy85v@JL z7ed22ZceXu^4*21mGFZCc`4aQdELC_20Lq=DN-AXqedA!vV`WPBUgXt-puM6E!VT$ z{6tT6t#R^mvIArcC`w_K&HkGdWWUbRK^VpU?aZyAy2*MQcF7s|v%}d%Hb^(kaX32= z!KM9CYF^(V9H>}@`*QYQWdn2Zq`oHWJ%FvFQrPgQe9wb>J$oGe*;>w@wbl5Jtf1=~ z8n8{SUaEduX)rH7oqN4oLG5v)3%~Uqt0e<2mB;$Uj^0a|v z%EsQ&`_>6>pXt5R2PL-|`2Xsru~w0XCgrT^>yhNfF8TQrrbs2+aeXj1`Bmah&Hvda z0yRLK!?uvI*!-xU8&_89wOF*e7$_;b(u(W+)}LrSxVPHoJKj*QJ?%nHDA+~(;RdvQ zCPraUHcU6LLT=m<{ICR=ImQoup^;Q6zU{|D-QZB?S#nLNR^4k0p`S&LjX%7r07<~R zVgUTt9q8D!4@sNj_AGEyKaiE?geqBXfz3Ai*EBRR4nRXKD&qbICr7u!P9+2VuaHmz z_R_`X*{g`yf9}vIy6Ib*ef4z>ff=6t@KVA)%5}O?Y2(Jlph`!H$W7%j{x6x_f@xPt zY(+;?9gLz^#1E0u@d;a25b%*O?(uvU1yxSU2mspqzfrD9@3QL|u)=dMHGP)?B!oB*kCY~K2JAq`mwSn%a*Hh@89ve6aHj3n zdcr%3FueqCXb4eqp)sLQ_Q`*d-P7UI>tZ{2<_mzd3{@WuVOK>r8sq#9XR~;yEyWQ= z^*Pk0bk!H`plD|2)ST;Py>y1NOnmtjyyRWur?vc97?WMdV6NYA2B46#TdbM*$7eR~tOqst;XJHJQo$fh;1?t@M)-rXV1&>1Pz$McBOcxB zNQC0zkcCizDickP#GBfFwES}rPk#5+V^o*wmgLObYwvOk>PRJwy#|ZTB~vC<4~Dx- z-wC!62mv@j8{fq|(6M#)hH=0MJ9}Mpl84b5I93`GW}#)wT=KIWC+O`tWeE)knz z6HqM={dRA6T57Z2R2Q7fdSa*g_=zZdblrH9{%_3!dB}Y(c>p$o^)T9Cf#fT@e}2Z2 znHd<>&mh94v?g-(#2auFx2xJ~HYgL6YyHGAv_&PU_L!g~q};^O=>g>J!Wtf2U=^aqOSE3BoHjVZLzP`fPu zkxY}WgP~bwa&xm87$&pK?!AV^%iAq4VFd^D^J5TOMY1?=CS(|9Dt|cfv2cJ_`nOL< zB7d;eFI~@w&O#wEy1fTwNrV9GzynYcot(#DS5l3jY809|KkOy?0Dt8qUaR#AW+NOE C;l-i= literal 0 HcmV?d00001 diff --git a/circle.yml b/circle.yml index 5043ee6f2d5..148d880cfde 100644 --- a/circle.yml +++ b/circle.yml @@ -6,8 +6,11 @@ machine: dependencies: pre: + # update locally with: + # openssl aes-256-cbc -e -in ./buildres/jabref-cert-2016.p12 -out jabref-cert-2016.p12.enc -k {PASSWORD} + - openssl aes-256-cbc -d -in ./buildres/jabref-cert-2016.p12.enc -out ./buildres/jabref-cert-2016.p12 -k $CERTIFICATE - scripts/prepare-install4j.sh - - install4j6/bin/install4jc --verbose --license=$INSTALL4J_KEY + - install4j6/bin/install4jc --verbose --license=$INSTALL4J_KEY --win-keystore-password $CERTIFICATE_PW --mac-keystore-password $CERTIFICATE_PW override: # We do this to decrease build time by using CircleCI's cache. See https://discuss.circleci.com/t/effective-caching-for-gradle/540 for a longer motivation. - ./gradlew compileJava diff --git a/jabref.install4j b/jabref.install4j index 0d5c17660ae..210e8554a8d 100644 --- a/jabref.install4j +++ b/jabref.install4j @@ -1,6 +1,6 @@ - + @@ -41,7 +41,7 @@ - +