prokop/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2026-05-06 11:34:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Tweaking some of the build to function

Browse Source 
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
This commit is contained in:
nopeitsnothing
2026-04-20 02:50:05 -04:00
parent 904fa24478
commit df2dd61676
6 changed files with 47 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/build-sign-release.yml
+8 -1
View File
@@ -57,9 +57,16 @@ jobs:
env:
CI: true
run: python scripts/build_guide_pdf.py --${{ inputs.build_mode || 'both' }}
- name: 🛡️ Sign PDFs
env:
GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
cd ${{ github.workspace }}
# Import GPG key
export GPG_TTY=$(tty)
echo "$GPG_KEY" | gpg --batch --import 2>/dev/null || true
chmod +x scripts/sign-pdfs.sh
./scripts/sign-pdfs.sh
docs/changelog/index.md
+2 -2
View File
@@ -28,7 +28,7 @@ All notable changes to this project will be documented in this file.
### Changed
- Refactored GitHub Actions workflow **Build PDF** (`scripts\build_guide_pdf.py`): now builds both light and dark mode PDFs (`export/thgtoa.pdf` and `export/thgtoa-dark.pdf` respectively).
- Restored previous VT scans
- Restored previous VT scans
## Fixed
@@ -65,4 +65,4 @@ All notable changes to this project will be documented in this file.
[1.2.1]: https://github.com/Anon-Planet/thgtoa/releases/tag/v1.2.1
***The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),***
***and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).***
***and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).***
docs/guide/dev-workflow.md
+8 -8
View File
@@ -2,11 +2,11 @@
??? Note "How the pipeline works"
**Automatic PDF Generation:** - Builds both light and dark mode PDFs from MkDocs source
**SHA256 Hash Generation:** - Creates hash files for integrity verification
**GPG Signature Signing:** - Signs all PDFs and hash files with repository GPG key
**VirusTotal Scanning:** - Automatically scans PDFs and updates release notes
**Release Automation:** - Packages everything into GitHub releases
**Automatic PDF Generation:** - Builds both light and dark mode PDFs from MkDocs source
**SHA256 Hash Generation:** - Creates hash files for integrity verification
**GPG Signature Signing:** - Signs all PDFs and hash files with repository GPG key
**VirusTotal Scanning:** - Automatically scans PDFs and updates release notes
**Release Automation:** - Packages everything into GitHub releases
## Workflow Architecture
@@ -26,9 +26,9 @@
!!! Note "**How it works**"
- Each PDF gets a unique SHA256 hash calculated at build time
- Hash stored in `.sha256` files alongside the PDFs
- Combined `sha256sum.txt` for batch verification
- Each PDF gets a unique SHA256 hash calculated at build time
- Hash stored in `.sha256` files alongside the PDFs
- Combined `sha256sum.txt` for batch verification
### GPG Signature Verification
**Purpose:** Verify authenticity and prevent tampering
docs/index.md
+4 -4
View File
@@ -17,13 +17,13 @@ schema:
# **Hello, and welcome to the Hitchhiker's Guide.**
**9FA5 436D 0EE3 6098 5157 3825 17EC A05F 768D EDF6**
You'll use it to [**verify the checksum** and **GPG signature** of all files for authenticity.](verify/index.md)
Please share this project if you enjoy it and you think it might be useful to others.
You'll use it to [**verify the checksum** and **GPG signature** of all files for authenticity.](verify/index.md)
Please share this project if you enjoy it and you think it might be useful to others.
![Anonymous Planet logo](media/profile.png){ align=right }
Anonymous Planet is a collective of volunteers.
Anonymous Planet is a collective of volunteers.
??? person "Das Kolburn"
docs/verify/index.md
+3 -3
View File
@@ -117,9 +117,9 @@ The GitHub Actions workflows automatically:
## Key Information
**Signing Key:** Anonymous Planet Master Signing Key ("MSK")
**Key ID:** See `pgp/anonymousplanet-master.asc` for details
**Fingerprint:** Verify from the repository's official documentation
**Signing Key:** Anonymous Planet Master Signing Key ("MSK")
**Key ID:** See `pgp/anonymousplanet-master.asc` for details
**Fingerprint:** Verify from the repository's official documentation
---
scripts/sign-pdfs.sh
+22 -22
View File
@@ -34,19 +34,19 @@ print_error() {
# Check if required tools are available
check_dependencies() {
print_info "Checking dependencies..."
for cmd in sha256sum b2sum gpg; do
if ! command -v "$cmd" &> /dev/null; then
print_error "$cmd is not installed. Please install it and try again."
exit 1
fi
done
# Check GPG key availability
if [ -z "$GPG_KEY_ID" ]; then
GPG_KEY_ID="${SIGN_PDF_GPG_KEY:-}"
fi
if [ -n "$GPG_KEY_ID" ]; then
if ! gpg --list-keys "$GPG_KEY_ID" &> /dev/null; then
print_error "GPG key '$GPG_KEY_ID' not found in your keyring."
@@ -56,7 +56,7 @@ check_dependencies() {
# List available keys and prompt user
print_warn "No GPG key ID specified. Listing available secret keys:"
gpg --list-secret-keys --keyid-format LONG
read -p "Enter the GPG key ID to use for signing (or press Enter to skip): " GPG_KEY_ID
if [ -n "$GPG_KEY_ID" ]; then
if ! gpg --list-keys "$GPG_KEY_ID" &> /dev/null; then
@@ -67,22 +67,22 @@ check_dependencies() {
print_warn "No GPG signing will be performed. Set SIGN_PDF_GPG_KEY environment variable or pass key ID as argument."
fi
fi
print_info "All dependencies checked successfully!"
}
# Create output directories
setup_directories() {
print_info "Setting up directories..."
if [ ! -d "$INPUT_DIR" ]; then
print_error "Input directory '$INPUT_DIR' does not exist."
exit 1
fi
mkdir -p "$OUTPUT_DIR"
mkdir -p "$CHECKSUMS_DIR"
print_info "Input directory: $INPUT_DIR"
print_info "Output directory: $OUTPUT_DIR"
print_info "Checksums directory: $CHECKSUMS_DIR"
@@ -93,7 +93,7 @@ generate_sha256() {
local file="$1"
local filename=$(basename "$file")
local output_file="${CHECKSUMS_DIR}/${filename}.sha256"
sha256sum "$file" > "$output_file"
print_info "SHA256 checksum generated: $output_file"
}
@@ -103,7 +103,7 @@ generate_b2sum() {
local file="$1"
local filename=$(basename "$file")
local output_file="${CHECKSUMS_DIR}/${filename}.b2sum"
b2sum "$file" > "$output_file"
print_info "B2SUM checksum generated: $output_file"
}
@@ -112,16 +112,16 @@ generate_b2sum() {
gpg_sign() {
local file="$1"
local filename=$(basename "$file")
if [ -z "$GPG_KEY_ID" ]; then
print_warn "Skipping GPG signing for '$filename' (no key ID provided)"
return 0
fi
# Sign the file in detached mode with ASCII armor
gpg --batch --yes --detach-sign --armor --local-user "$GPG_KEY_ID" \
--output "${file}.sig" "$file"
print_info "GPG signature generated: ${file}.sig"
}
@@ -129,13 +129,13 @@ gpg_sign() {
process_pdf() {
local pdf_file="$1"
local filename=$(basename "$pdf_file")
print_info "Processing: $filename"
# Generate checksums
generate_sha256 "$pdf_file"
generate_b2sum "$pdf_file"
# GPG sign if key is available
gpg_sign "$pdf_file"
}
@@ -145,28 +145,28 @@ main() {
echo ""
check_dependencies
setup_directories
# Find all PDF files in input directory (recursively)
pdf_files=($(find "$INPUT_DIR" -type f -name "*.pdf"))
if [ ${#pdf_files[@]} -eq 0 ]; then
print_error "No PDF files found in '$INPUT_DIR'"
exit 1
fi
print_info "Found ${#pdf_files[@]} PDF file(s) to process"
# Process each PDF file
for pdf_file in "${pdf_files[@]}"; do
process_pdf "$pdf_file"
done
print_info "=========================================="
print_info "Processing Complete!"
print_info "=========================================="
print_info "Checksums saved to: $CHECKSUMS_DIR"
print_info "Signed files and signatures in: $(dirname "$INPUT_DIR")"
# Display summary of checksums
print_info "SHA256 Checksums:"
cat "${CHECKSUMS_DIR}"/*.sha256 2>/dev/null || true