Making WordPress.org

Changeset 8483


Ignore:
Timestamp:
03/21/2019 06:55:35 AM (6 years ago)
Author:
dd32
Message:

Plugin Directory: ZIPs: When building ZIP files, generate the signatures for them too.

Signature generation is currently disabled pending some WordPress.org changes.

See #4308.
See https://core.trac.wordpress.org/ticket/39309.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-builder.php

    r7339 r8483  
    1616    const ZIP_SVN_URL = PLUGIN_ZIP_SVN_URL;
    1717
    18     protected $zip_file      = '';
    19     protected $checksum_file = '';
    20     protected $tmp_build_dir = '';
    21     protected $tmp_dir       = '';
     18    protected $zip_file       = '';
     19    protected $checksum_file  = '';
     20    protected $signature_file = '';
     21    protected $tmp_build_dir  = '';
     22    protected $tmp_dir        = '';
    2223
    2324    protected $slug       = '';
     
    117118                $this->generate_zip();
    118119
     120                $this->generate_zip_signatures();
     121
    119122                $this->generate_checksums();
    120123
     
    130133                    SVN::up( $this->checksum_file );
    131134                }
     135                if ( $this->signature_file ) {
     136                    SVN::up( $this->signature_file );
     137                }
    132138                continue;
    133139            }
     
    137143            if ( $this->checksum_file ) {
    138144                SVN::add( $this->checksum_file );
     145            }
     146            if ( $this->signature_file ) {
     147                SVN::add( $this->signature_file );
    139148            }
    140149        }
     
    434443    }
    435444
     445    /**
     446     * Generate the signature for a ZIP file.
     447     */
     448    protected function generate_zip_signatures() {
     449
     450        // TODO: Currently disabled, enable when ready.
     451        return false;
     452
     453        if ( ! function_exists( 'wporg_sign_file' ) ) {
     454            return false;
     455        }
     456
     457        $signatures = wporg_sign_file( $this->zip_file, 'plugin' );
     458        if ( $signatures ) {
     459            $this->signature_file = $this->zip_file . '.sig';
     460
     461            // Fetch any existing signatures if needed.
     462            SVN::up( $this->signature_file );
     463
     464            // If this file was previously signed, keep the previous version.
     465            // This would only occur if a ZIP file was replaced in the few moments between ZIP download starting, and fetching the signature for verification.
     466            if ( file_exists( $this->signature_file ) ) {
     467                $existing_signatures = file( $this->signature_file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES );
     468                $signatures = array_unique( array_merge( $signatures, $existing_signatures ) );
     469            }
     470
     471            file_put_contents( $this->signature_file, implode( "\n", $signatures ) );
     472        }
     473    }
    436474
    437475    /**
Note: See TracChangeset for help on using the changeset viewer.