prokop/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2026-05-06 11:34:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Tweaking some of the build to function

Browse Source 
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
This commit is contained in:
nopeitsnothing
2026-04-20 02:50:05 -04:00
parent 904fa24478
commit df2dd61676
6 changed files with 47 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/build-sign-release.yml
+8 -1
View File
@@ -57,9 +57,16 @@ jobs:
env: env:
CI: true CI: true
run: python scripts/build_guide_pdf.py --${{ inputs.build_mode || 'both' }} run: python scripts/build_guide_pdf.py --${{ inputs.build_mode || 'both' }}
- name: 🛡️ Sign PDFs - name: 🛡️ Sign PDFs
env:
GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: | run: |
cd ${{ github.workspace }}
# Import GPG key
export GPG_TTY=$(tty)
echo "$GPG_KEY" | gpg --batch --import 2>/dev/null || true
chmod +x scripts/sign-pdfs.sh chmod +x scripts/sign-pdfs.sh
./scripts/sign-pdfs.sh ./scripts/sign-pdfs.sh
docs/changelog/index.md
+2 -2
View File
@@ -28,7 +28,7 @@ All notable changes to this project will be documented in this file.
### Changed ### Changed
- Refactored GitHub Actions workflow **Build PDF** (`scripts\build_guide_pdf.py`): now builds both light and dark mode PDFs (`export/thgtoa.pdf` and `export/thgtoa-dark.pdf` respectively). - Refactored GitHub Actions workflow **Build PDF** (`scripts\build_guide_pdf.py`): now builds both light and dark mode PDFs (`export/thgtoa.pdf` and `export/thgtoa-dark.pdf` respectively).
- Restored previous VT scans - Restored previous VT scans
## Fixed ## Fixed
@@ -65,4 +65,4 @@ All notable changes to this project will be documented in this file.
[1.2.1]: https://github.com/Anon-Planet/thgtoa/releases/tag/v1.2.1 [1.2.1]: https://github.com/Anon-Planet/thgtoa/releases/tag/v1.2.1
***The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),*** ***The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),***
***and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).*** ***and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).***
docs/guide/dev-workflow.md
+8 -8
View File
@@ -2,11 +2,11 @@
??? Note "How the pipeline works" ??? Note "How the pipeline works"
**Automatic PDF Generation:** - Builds both light and dark mode PDFs from MkDocs source **Automatic PDF Generation:** - Builds both light and dark mode PDFs from MkDocs source
**SHA256 Hash Generation:** - Creates hash files for integrity verification **SHA256 Hash Generation:** - Creates hash files for integrity verification
**GPG Signature Signing:** - Signs all PDFs and hash files with repository GPG key **GPG Signature Signing:** - Signs all PDFs and hash files with repository GPG key
**VirusTotal Scanning:** - Automatically scans PDFs and updates release notes **VirusTotal Scanning:** - Automatically scans PDFs and updates release notes
**Release Automation:** - Packages everything into GitHub releases **Release Automation:** - Packages everything into GitHub releases
## Workflow Architecture ## Workflow Architecture
@@ -26,9 +26,9 @@
!!! Note "**How it works**" !!! Note "**How it works**"
- Each PDF gets a unique SHA256 hash calculated at build time - Each PDF gets a unique SHA256 hash calculated at build time
- Hash stored in `.sha256` files alongside the PDFs - Hash stored in `.sha256` files alongside the PDFs
- Combined `sha256sum.txt` for batch verification - Combined `sha256sum.txt` for batch verification
### GPG Signature Verification ### GPG Signature Verification
**Purpose:** Verify authenticity and prevent tampering **Purpose:** Verify authenticity and prevent tampering
docs/index.md
+4 -4
View File
@@ -17,13 +17,13 @@ schema:
# **Hello, and welcome to the Hitchhiker's Guide.** # **Hello, and welcome to the Hitchhiker's Guide.**
**9FA5 436D 0EE3 6098 5157 3825 17EC A05F 768D EDF6** **9FA5 436D 0EE3 6098 5157 3825 17EC A05F 768D EDF6**
You'll use it to [**verify the checksum** and **GPG signature** of all files for authenticity.](verify/index.md) You'll use it to [**verify the checksum** and **GPG signature** of all files for authenticity.](verify/index.md)
Please share this project if you enjoy it and you think it might be useful to others. Please share this project if you enjoy it and you think it might be useful to others.
![Anonymous Planet logo](media/profile.png){ align=right } ![Anonymous Planet logo](media/profile.png){ align=right }
Anonymous Planet is a collective of volunteers. Anonymous Planet is a collective of volunteers.
??? person "Das Kolburn" ??? person "Das Kolburn"
docs/verify/index.md
+3 -3
View File
@@ -117,9 +117,9 @@ The GitHub Actions workflows automatically:
## Key Information ## Key Information
**Signing Key:** Anonymous Planet Master Signing Key ("MSK") **Signing Key:** Anonymous Planet Master Signing Key ("MSK")
**Key ID:** See `pgp/anonymousplanet-master.asc` for details **Key ID:** See `pgp/anonymousplanet-master.asc` for details
**Fingerprint:** Verify from the repository's official documentation **Fingerprint:** Verify from the repository's official documentation
--- ---
scripts/sign-pdfs.sh
+22 -22
View File
@@ -34,19 +34,19 @@ print_error() {
# Check if required tools are available # Check if required tools are available
check_dependencies() { check_dependencies() {
print_info "Checking dependencies..." print_info "Checking dependencies..."
for cmd in sha256sum b2sum gpg; do for cmd in sha256sum b2sum gpg; do
if ! command -v "$cmd" &> /dev/null; then if ! command -v "$cmd" &> /dev/null; then
print_error "$cmd is not installed. Please install it and try again." print_error "$cmd is not installed. Please install it and try again."
exit 1 exit 1
fi fi
done done
# Check GPG key availability # Check GPG key availability
if [ -z "$GPG_KEY_ID" ]; then if [ -z "$GPG_KEY_ID" ]; then
GPG_KEY_ID="${SIGN_PDF_GPG_KEY:-}" GPG_KEY_ID="${SIGN_PDF_GPG_KEY:-}"
fi fi
if [ -n "$GPG_KEY_ID" ]; then if [ -n "$GPG_KEY_ID" ]; then
if ! gpg --list-keys "$GPG_KEY_ID" &> /dev/null; then if ! gpg --list-keys "$GPG_KEY_ID" &> /dev/null; then
print_error "GPG key '$GPG_KEY_ID' not found in your keyring." print_error "GPG key '$GPG_KEY_ID' not found in your keyring."
@@ -56,7 +56,7 @@ check_dependencies() {
# List available keys and prompt user # List available keys and prompt user
print_warn "No GPG key ID specified. Listing available secret keys:" print_warn "No GPG key ID specified. Listing available secret keys:"
gpg --list-secret-keys --keyid-format LONG gpg --list-secret-keys --keyid-format LONG
read -p "Enter the GPG key ID to use for signing (or press Enter to skip): " GPG_KEY_ID read -p "Enter the GPG key ID to use for signing (or press Enter to skip): " GPG_KEY_ID
if [ -n "$GPG_KEY_ID" ]; then if [ -n "$GPG_KEY_ID" ]; then
if ! gpg --list-keys "$GPG_KEY_ID" &> /dev/null; then if ! gpg --list-keys "$GPG_KEY_ID" &> /dev/null; then
@@ -67,22 +67,22 @@ check_dependencies() {
print_warn "No GPG signing will be performed. Set SIGN_PDF_GPG_KEY environment variable or pass key ID as argument." print_warn "No GPG signing will be performed. Set SIGN_PDF_GPG_KEY environment variable or pass key ID as argument."
fi fi
fi fi
print_info "All dependencies checked successfully!" print_info "All dependencies checked successfully!"
} }
# Create output directories # Create output directories
setup_directories() { setup_directories() {
print_info "Setting up directories..." print_info "Setting up directories..."
if [ ! -d "$INPUT_DIR" ]; then if [ ! -d "$INPUT_DIR" ]; then
print_error "Input directory '$INPUT_DIR' does not exist." print_error "Input directory '$INPUT_DIR' does not exist."
exit 1 exit 1
fi fi
mkdir -p "$OUTPUT_DIR" mkdir -p "$OUTPUT_DIR"
mkdir -p "$CHECKSUMS_DIR" mkdir -p "$CHECKSUMS_DIR"
print_info "Input directory: $INPUT_DIR" print_info "Input directory: $INPUT_DIR"
print_info "Output directory: $OUTPUT_DIR" print_info "Output directory: $OUTPUT_DIR"
print_info "Checksums directory: $CHECKSUMS_DIR" print_info "Checksums directory: $CHECKSUMS_DIR"
@@ -93,7 +93,7 @@ generate_sha256() {
local file="$1" local file="$1"
local filename=$(basename "$file") local filename=$(basename "$file")
local output_file="${CHECKSUMS_DIR}/${filename}.sha256" local output_file="${CHECKSUMS_DIR}/${filename}.sha256"
sha256sum "$file" > "$output_file" sha256sum "$file" > "$output_file"
print_info "SHA256 checksum generated: $output_file" print_info "SHA256 checksum generated: $output_file"
} }
@@ -103,7 +103,7 @@ generate_b2sum() {
local file="$1" local file="$1"
local filename=$(basename "$file") local filename=$(basename "$file")
local output_file="${CHECKSUMS_DIR}/${filename}.b2sum" local output_file="${CHECKSUMS_DIR}/${filename}.b2sum"
b2sum "$file" > "$output_file" b2sum "$file" > "$output_file"
print_info "B2SUM checksum generated: $output_file" print_info "B2SUM checksum generated: $output_file"
} }
@@ -112,16 +112,16 @@ generate_b2sum() {
gpg_sign() { gpg_sign() {
local file="$1" local file="$1"
local filename=$(basename "$file") local filename=$(basename "$file")
if [ -z "$GPG_KEY_ID" ]; then if [ -z "$GPG_KEY_ID" ]; then
print_warn "Skipping GPG signing for '$filename' (no key ID provided)" print_warn "Skipping GPG signing for '$filename' (no key ID provided)"
return 0 return 0
fi fi
# Sign the file in detached mode with ASCII armor # Sign the file in detached mode with ASCII armor
gpg --batch --yes --detach-sign --armor --local-user "$GPG_KEY_ID" \ gpg --batch --yes --detach-sign --armor --local-user "$GPG_KEY_ID" \
--output "${file}.sig" "$file" --output "${file}.sig" "$file"
print_info "GPG signature generated: ${file}.sig" print_info "GPG signature generated: ${file}.sig"
} }
@@ -129,13 +129,13 @@ gpg_sign() {
process_pdf() { process_pdf() {
local pdf_file="$1" local pdf_file="$1"
local filename=$(basename "$pdf_file") local filename=$(basename "$pdf_file")
print_info "Processing: $filename" print_info "Processing: $filename"
# Generate checksums # Generate checksums
generate_sha256 "$pdf_file" generate_sha256 "$pdf_file"
generate_b2sum "$pdf_file" generate_b2sum "$pdf_file"
# GPG sign if key is available # GPG sign if key is available
gpg_sign "$pdf_file" gpg_sign "$pdf_file"
} }
@@ -145,28 +145,28 @@ main() {
echo "" echo ""
check_dependencies check_dependencies
setup_directories setup_directories
# Find all PDF files in input directory (recursively) # Find all PDF files in input directory (recursively)
pdf_files=($(find "$INPUT_DIR" -type f -name "*.pdf")) pdf_files=($(find "$INPUT_DIR" -type f -name "*.pdf"))
if [ ${#pdf_files[@]} -eq 0 ]; then if [ ${#pdf_files[@]} -eq 0 ]; then
print_error "No PDF files found in '$INPUT_DIR'" print_error "No PDF files found in '$INPUT_DIR'"
exit 1 exit 1
fi fi
print_info "Found ${#pdf_files[@]} PDF file(s) to process" print_info "Found ${#pdf_files[@]} PDF file(s) to process"
# Process each PDF file # Process each PDF file
for pdf_file in "${pdf_files[@]}"; do for pdf_file in "${pdf_files[@]}"; do
process_pdf "$pdf_file" process_pdf "$pdf_file"
done done
print_info "==========================================" print_info "=========================================="
print_info "Processing Complete!" print_info "Processing Complete!"
print_info "==========================================" print_info "=========================================="
print_info "Checksums saved to: $CHECKSUMS_DIR" print_info "Checksums saved to: $CHECKSUMS_DIR"
print_info "Signed files and signatures in: $(dirname "$INPUT_DIR")" print_info "Signed files and signatures in: $(dirname "$INPUT_DIR")"
# Display summary of checksums # Display summary of checksums
print_info "SHA256 Checksums:" print_info "SHA256 Checksums:"
cat "${CHECKSUMS_DIR}"/*.sha256 2>/dev/null || true cat "${CHECKSUMS_DIR}"/*.sha256 2>/dev/null || true