From 40bcb7664d35624e335ccb7ad517e554e9442cd2 Mon Sep 17 00:00:00 2001 From: Jian Chen Date: Mon, 30 Sep 2024 15:07:59 -0700 Subject: [PATCH] Revert "Jar Maven Signing - GnuPG and sha256" (#22273) Reverts microsoft/onnxruntime#22217 --- .../stages/java-cuda-packaging-stage.yml | 4 -- .../templates/android-java-api-aar.yml | 4 -- .../azure-pipelines/templates/c-api-cpu.yml | 4 -- .../templates/jar-maven-signing-linux.yml | 55 --------------- .../templates/jar-maven-signing-win.yml | 70 ------------------- 5 files changed, 137 deletions(-) delete mode 100644 tools/ci_build/github/azure-pipelines/templates/jar-maven-signing-linux.yml delete mode 100644 tools/ci_build/github/azure-pipelines/templates/jar-maven-signing-win.yml diff --git a/tools/ci_build/github/azure-pipelines/stages/java-cuda-packaging-stage.yml b/tools/ci_build/github/azure-pipelines/stages/java-cuda-packaging-stage.yml index 61e181a6004e9..430dc89b5b097 100644 --- a/tools/ci_build/github/azure-pipelines/stages/java-cuda-packaging-stage.yml +++ b/tools/ci_build/github/azure-pipelines/stages/java-cuda-packaging-stage.yml @@ -58,10 +58,6 @@ stages: showWarnings: true workingDirectory: '$(Build.BinariesDirectory)\java-artifact' - - template: ../templates/jar-maven-signing-win.yml - parameters: - JarFileDirectory: '$(Build.BinariesDirectory)\java-artifact\onnxruntime-java-win-x64' - - task: CopyFiles@2 displayName: 'Copy Java Files to Artifact Staging Directory' inputs: diff --git a/tools/ci_build/github/azure-pipelines/templates/android-java-api-aar.yml b/tools/ci_build/github/azure-pipelines/templates/android-java-api-aar.yml index ecc0a53f028a4..8ce0e09dce605 100644 --- a/tools/ci_build/github/azure-pipelines/templates/android-java-api-aar.yml +++ b/tools/ci_build/github/azure-pipelines/templates/android-java-api-aar.yml @@ -102,10 +102,6 @@ jobs: /bin/bash /onnxruntime_src/tools/ci_build/github/android/build_aar_and_copy_artifacts.sh workingDirectory: $(Build.SourcesDirectory) - - template: jar-maven-signing-linux.yml - parameters: - JarFileDirectory: '$(artifacts_directory)' - - task: PublishBuildArtifacts@1 inputs: pathtoPublish: '$(artifacts_directory)' diff --git a/tools/ci_build/github/azure-pipelines/templates/c-api-cpu.yml b/tools/ci_build/github/azure-pipelines/templates/c-api-cpu.yml index a483db2f9688e..3e90a401d4deb 100644 --- a/tools/ci_build/github/azure-pipelines/templates/c-api-cpu.yml +++ b/tools/ci_build/github/azure-pipelines/templates/c-api-cpu.yml @@ -236,10 +236,6 @@ stages: showWarnings: true workingDirectory: '$(Build.BinariesDirectory)\java-artifact' - - template: jar-maven-signing-win.yml - parameters: - JarFileDirectory: '$(Build.BinariesDirectory)\java-artifact\onnxruntime-java-win-x64' - - task: CopyFiles@2 displayName: 'Copy Java Files to Artifact Staging Directory' inputs: diff --git a/tools/ci_build/github/azure-pipelines/templates/jar-maven-signing-linux.yml b/tools/ci_build/github/azure-pipelines/templates/jar-maven-signing-linux.yml deleted file mode 100644 index 96be3b7b0746e..0000000000000 --- a/tools/ci_build/github/azure-pipelines/templates/jar-maven-signing-linux.yml +++ /dev/null @@ -1,55 +0,0 @@ -parameters: - - name: JarFileDirectory - type: string - -steps: - - task: AzureKeyVault@2 - displayName: 'Get GnuPG signing keys' - inputs: - azureSubscription: 'OnnxrunTimeCodeSign_20240611' - KeyVaultName: 'ort-release' - SecretsFilter: 'java-pgp-pwd,java-pgp-key' - RunAsPreJob: false - - - task: CmdLine@2 - displayName: 'Sign jar files: GnuPG and sha256' - inputs: - workingDirectory: '$(Build.SourcesDirectory)' - script: | - #!/bin/bash - set -ex - - jar_file_directory='${{ parameters.JarFileDirectory }}' - working_directory='$(Build.SourcesDirectory)' - original_private_key='$(java-pgp-key)' - original_passphrase='$(java-pgp-pwd)' - - private_key_file=$working_directory/private_key.txt - passphrase_file=$working_directory/passphrase.txt - - echo "Generating GnuPG key files." - printf "%s" "$original_private_key" >$private_key_file - printf "%s" "$original_passphrase" >$passphrase_file - echo "Generated GnuPG key files." - - echo "Importing GnuPG private key file." - gpg --batch --import $private_key_file - echo "Imported GnuPG private key file." - - for file in $(find $jar_file_directory -type f); do - echo "GnuPG signing to file: $file" - gpg --pinentry-mode loopback --passphrase-file $passphrase_file -ab $file - echo "GnuPG signed to file: $file" - done - - for file in $(find $jar_file_directory -type f); do - echo "Adding checksum of sha256 to file: $file" - sha256sum $file | awk '{print $1}' >$file.sha256 - echo "Added checksum of sha256 to file: $file" - done - - echo "GnuPG and sha256 signing to files completed." - echo "Deleting GnuPG key files." - rm -f $private_key_file - rm -f $passphrase_file - echo "Deleted GnuPG key files." diff --git a/tools/ci_build/github/azure-pipelines/templates/jar-maven-signing-win.yml b/tools/ci_build/github/azure-pipelines/templates/jar-maven-signing-win.yml deleted file mode 100644 index 182a2ebe3b4c9..0000000000000 --- a/tools/ci_build/github/azure-pipelines/templates/jar-maven-signing-win.yml +++ /dev/null @@ -1,70 +0,0 @@ -parameters: - - name: JarFileDirectory - type: string - -steps: - - task: AzureKeyVault@2 - displayName: 'Get GnuPG signing keys' - inputs: - azureSubscription: 'OnnxrunTimeCodeSign_20240611' - KeyVaultName: 'ort-release' - SecretsFilter: 'java-pgp-pwd,java-pgp-key' - RunAsPreJob: false - - - task: PowerShell@2 - displayName: 'Sign jar files: GnuPG and sha256' - inputs: - targetType: 'inline' - workingDirectory: '$(Build.SourcesDirectory)' - script: | - $jar_file_directory = '${{ parameters.JarFileDirectory }}' - $working_directory = '$(Build.SourcesDirectory)' - - $original_passphrase='$(java-pgp-pwd)' - $original_private_key='$(java-pgp-key)' - - $gpg_exe_path = "C:\Program Files (x86)\gnupg\bin\gpg.exe" - - $passphrase_file = Join-Path -Path $working_directory -ChildPath "passphrase.txt" - $private_key_file = Join-Path -Path $working_directory -ChildPath "private_key.txt" - - Write-Host "Generating GnuPG key files." - Out-File -FilePath $passphrase_file -InputObject $original_passphrase -NoNewline -Encoding ascii - Out-File -FilePath $private_key_file -InputObject $original_private_key -NoNewline -Encoding ascii - Write-Host "Generated GnuPG key files." - - Write-Host "Importing GnuPG private key file." - & $gpg_exe_path --batch --import $private_key_file - if ($lastExitCode -ne 0) { - Write-Host -Object "GnuPG importing private key command failed. Exitcode: $exitCode" - exit $lastExitCode - } - Write-Host "Imported GnuPG private key file." - - $targeting_original_files = Get-ChildItem $jar_file_directory -Recurse -Force -File -Name - foreach ($file in $targeting_original_files) { - $file_path = Join-Path $jar_file_directory -ChildPath $file - Write-Host "GnuPG signing to file: "$file_path - & $gpg_exe_path --pinentry-mode loopback --passphrase-file $passphrase_file -ab $file_path - if ($lastExitCode -ne 0) { - Write-Host -Object "GnuPG signing file command failed. Exitcode: $exitCode" - exit $lastExitCode - } - Write-Host "GnuPG signed to file: "$file_path - } - - $targeting_asc_files = Get-ChildItem $jar_file_directory -Recurse -Force -File -Name - foreach ($file in $targeting_asc_files) { - $file_path = Join-Path $jar_file_directory -ChildPath $file - Write-Host "Adding checksum of sha256 to file: "$file_path - $file_path_sha256 = $file_path + ".sha256" - CertUtil -hashfile $file_path SHA256 - CertUtil -hashfile $file_path SHA256 | find /v `"hash`" | Out-File -FilePath $file_path_sha256 - Write-Host "Added checksum of sha256 to file: "$file_path - } - - Write-Host "GnuPG and sha256 signing to files completed." - Write-Host "Deleting GnuPG key files." - Remove-Item -Path $passphrase_file - Remove-Item -Path $private_key_file - Write-Host "Deleted GnuPG key files."