From a0405271fb34f5acd696ec7036625bf29c37c139 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Wed, 6 Jan 2021 14:32:45 +0100
Subject: [PATCH] Support for signing rpm packages

---
 scm-packaging/rpm/build.gradle | 36 +++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/scm-packaging/rpm/build.gradle b/scm-packaging/rpm/build.gradle
index 8164c37694..3884d8eab6 100644
--- a/scm-packaging/rpm/build.gradle
+++ b/scm-packaging/rpm/build.gradle
@@ -23,6 +23,28 @@
  */
 import org.gradle.util.VersionNumber
 
+// nebula.ospackage uses redline to build the rpm package.
+// The problem is that redline does not support 4096 bit rsa keys,
+// but we use such a key for rpm signatures.
+// - https://github.com/nebula-plugins/gradle-ospackage-plugin/issues/270
+// - https://github.com/craigwblake/redline/issues/62
+// For now we override the nebula dependency to redline with out own version
+// of redline, which supports only 4096 bit keys:
+// - https://github.com/craigwblake/redline/compare/master...scm-manager:big-rsa-header
+// This is far from ideal, but it works for our purposes.
+buildscript {
+  configurations.all {
+    resolutionStrategy {
+      force "org.redline-rpm:redline:1.2.9-rsa4096"
+    }
+  }
+  repositories {
+    maven {
+      url 'https://packages.scm-manager.org/repository/public/'
+    }
+  }
+}
+
 plugins {
   id 'nebula.ospackage' version '8.4.1'
   id 'org.scm-manager.packaging'
@@ -54,7 +76,7 @@ task rpm(type: Rpm) {
   url 'https://scm-manager.org'
 
   requires 'procps'
-  // recommends (weak dependency) is not supported, 
+  // recommends (weak dependency) is not supported,
   // so we define a hard dependencies for java and mercurial
   requires 'java-11-openjdk-headless'
   requires 'mercurial'
@@ -62,6 +84,18 @@ task rpm(type: Rpm) {
   preInstall file('src/main/scripts/before-installation.sh')
   postInstall file('src/main/scripts/after-installation.sh')
 
+  if (project.hasProperty("gpg.scm.keyring")) {
+    signingKeyRingFile file(project.property("gpg.scm.keyring"))
+  }
+
+  if (project.hasProperty("gpg.scm.key")) {
+    signingKeyId project.property("gpg.scm.key")
+  }
+
+  if (project.hasProperty("gpg.scm.passphrase")) {
+    signingKeyPassphrase project.property("gpg.scm.passphrase")
+  }
+
   VersionNumber version = VersionNumber.parse(project.version)
 
   from('src/main/bin') {