This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 4a96821a3c Add build property "gpg.sign.files".
4a96821a3c is described below
commit 4a96821a3cd8f77329cd473b0f0961aaff4bb912
Author: Rainer Jung <[email protected]>
AuthorDate: Tue Jan 20 21:01:10 2026 +0100
Add build property "gpg.sign.files".
Refactor gpg init targets.
Add property gpg.sign.files to disable gpg artefact signing
(and only use it for release verification).
Clarify gpg notes in BUILDING.txt.
---
BUILDING.txt | 11 ++++++-----
build.properties.default | 2 ++
build.xml | 21 +++++++++++++--------
webapps/docs/changelog.xml | 8 ++++++++
4 files changed, 29 insertions(+), 13 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 465ed6b39f..bea6253922 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -293,14 +293,15 @@ in build.xml and the default property values in
build.properties.default.
# Location of GPG executable (used only for releases)
gpg.exec=/path/to/gpg
- You do not need it if you do not plan to sign the release.
-
- If "gpg.exec" property does not point to an existing file, it will be
- ignored and this feature will be deactivated.
-
You will be prompted for the GPG passphrase when the release build
starts, unless "gpg.passphrase" property is set.
+ The ant target "verify-release" also uses the property "gpg.exec" to
+ call the GPG executable. If you want to use "verify-release" but you
+ do not want to sign the release artefacts, set "gpg.exec" and also
+ "gpg.sign.files=false".
+
+
3. If building the Windows installer on Windows
If running the build in a UAC enabled environment, building the Windows
diff --git a/build.properties.default b/build.properties.default
index 42ea57c3b5..54e800964e 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -102,6 +102,8 @@ openssl.ffm.3=-DNoop3
# ----- Release build settings -----
# Location of GPG executable
gpg.exec=/path/to/gpg
+# Release artefact signing with gpg
+gpg.sign.files=true
# Code signing of Windows installer
# See https://infra.apache.org/digicert-use.html for setup instructions
diff --git a/build.xml b/build.xml
index 90227116ab..02cf99e7f4 100644
--- a/build.xml
+++ b/build.xml
@@ -3117,26 +3117,31 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
</target>
<!-- Sets properties only required for releases -->
- <target name="release-init"
depends="release-version-check,gpg-init-1,gpg-init-2,gpg-init-3,compile" >
+ <target name="release-init"
depends="release-version-check,gpg-init-test-signing,compile" >
<taskdef name="forceUtcTimeZone"
classname="org.apache.tomcat.buildutil.ForceUtcTimeZone"
classpath="${tomcat.classes}" />
<forceUtcTimeZone />
</target>
- <target name="gpg-init-1">
+ <target name="gpg-init-available">
<available file="${gpg.exec}" property="gpg.exec.available"/>
</target>
- <target name="gpg-init-2" if="${gpg.exec.available}">
-<echo>gpg.exec.available=${gpg.exec.available}</echo>
-<echo>gpg.exec=${gpg.exec}</echo>
- <input addproperty="gpg.passphrase"><handler type="secure"/>Enter GPG
passphrase
-</input>
+ <target name="gpg-init-sign-files" depends="gpg-init-available"
if="${gpg.exec.available}">
+ <condition property="gpg.sign.files.available">
+ <istrue value="${gpg.sign.files}"/>
+ </condition>
+ </target>
+
+ <target name="gpg-init-passphrase" depends="gpg-init-sign-files"
if="${gpg.sign.files.available}">
+ <echo>gpg.exec.available=${gpg.exec.available}</echo>
+ <echo>gpg.exec=${gpg.exec}</echo>
+ <input addproperty="gpg.passphrase"><handler type="secure"/>Enter GPG
passphrase: </input>
</target>
<!-- Test GPG by signing build.xml as a sample file. -->
- <target name="gpg-init-3" if="gpg.passphrase">
+ <target name="gpg-init-test-signing" depends="gpg-init-passphrase"
if="gpg.passphrase">
<exec executable="${gpg.exec}"
inputstring="${gpg.passphrase}"
failonerror="true"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 400b3b29e6..a4be8aec67 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,14 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Other">
+ <changelog>
+ <add>
+ Add property "gpg.sign.files" to optionally disable release artefact
+ signing with GPG. (rjung)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 11.0.16 (markt)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
