This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 075f96c9e9 Add build property "gpg.sign.files".
075f96c9e9 is described below
commit 075f96c9e9bafe26912358f74214485d0735362e
Author: Rainer Jung <[email protected]>
AuthorDate: Tue Jan 20 21:46:25 2026 +0100
Add build property "gpg.sign.files".
Refactor gpg init targets.
Add property gpg.sign.files to disable gpg artefact signing
(and only use it for release verification).
Clarify gpg notes in BUILDING.txt.
---
BUILDING.txt | 11 ++++++-----
build.properties.default | 2 ++
build.xml | 21 +++++++++++++--------
webapps/docs/changelog.xml | 8 ++++++++
4 files changed, 29 insertions(+), 13 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 539543c3cf..2f6eeffd3e 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -292,14 +292,15 @@ in build.xml and the default property values in
build.properties.default.
# Location of GPG executable (used only for releases)
gpg.exec=/path/to/gpg
- You do not need it if you do not plan to sign the release.
-
- If "gpg.exec" property does not point to an existing file, it will be
- ignored and this feature will be deactivated.
-
You will be prompted for the GPG passphrase when the release build
starts, unless "gpg.passphrase" property is set.
+ The ant target "verify-release" also uses the property "gpg.exec" to
+ call the GPG executable. If you want to use "verify-release" but you
+ do not want to sign the release artefacts, set "gpg.exec" and also
+ "gpg.sign.files=false".
+
+
3. If building the Windows installer on Windows
If running the build in a UAC enabled environment, building the Windows
diff --git a/build.properties.default b/build.properties.default
index ada207dc92..6ad326c03b 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -104,6 +104,8 @@ openssl.ffm.3=-DNoop3
# ----- Release build settings -----
# Location of GPG executable
gpg.exec=/path/to/gpg
+# Release artefact signing with gpg
+gpg.sign.files=true
# Code signing of Windows installer
# See https://infra.apache.org/digicert-use.html for setup instructions
diff --git a/build.xml b/build.xml
index 395a48c33c..a76cf21e38 100644
--- a/build.xml
+++ b/build.xml
@@ -3135,7 +3135,7 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
</target>
<!-- Sets properties only required for releases -->
- <target name="release-init"
depends="release-version-check,gpg-init-1,gpg-init-2,gpg-init-3,compile" >
+ <target name="release-init"
depends="release-version-check,gpg-init-test-signing,compile" >
<taskdef name="forceUtcTimeZone"
classname="org.apache.tomcat.buildutil.ForceUtcTimeZone"
classpath="${tomcat.classes}" />
@@ -3155,19 +3155,24 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
<echo level="error" if:set="no-ffm">JAVA VERSION 22 OR NEWER IS REQUIRED
FOR RELEASE</echo>
</target>
- <target name="gpg-init-1">
+ <target name="gpg-init-available">
<available file="${gpg.exec}" property="gpg.exec.available"/>
</target>
- <target name="gpg-init-2" if="${gpg.exec.available}">
-<echo>gpg.exec.available=${gpg.exec.available}</echo>
-<echo>gpg.exec=${gpg.exec}</echo>
- <input addproperty="gpg.passphrase"><handler type="secure"/>Enter GPG
passphrase
-</input>
+ <target name="gpg-init-sign-files" depends="gpg-init-available"
if="${gpg.exec.available}">
+ <condition property="gpg.sign.files.available">
+ <istrue value="${gpg.sign.files}"/>
+ </condition>
+ </target>
+
+ <target name="gpg-init-passphrase" depends="gpg-init-sign-files"
if="${gpg.sign.files.available}">
+ <echo>gpg.exec.available=${gpg.exec.available}</echo>
+ <echo>gpg.exec=${gpg.exec}</echo>
+ <input addproperty="gpg.passphrase"><handler type="secure"/>Enter GPG
passphrase: </input>
</target>
<!-- Test GPG by signing build.xml as a sample file. -->
- <target name="gpg-init-3" if="gpg.passphrase">
+ <target name="gpg-init-test-signing" depends="gpg-init-passphrase"
if="gpg.passphrase">
<exec executable="${gpg.exec}"
inputstring="${gpg.passphrase}"
failonerror="true"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 689f767fbf..82a7335d53 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,14 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 9.0.115 (remm)" rtext="in development">
+ <subsection name="Other">
+ <changelog>
+ <add>
+ Add property "gpg.sign.files" to optionally disable release artefact
+ signing with GPG. (rjung)
+ </add>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 9.0.114 (remm)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
