diff --git a/.gitignore b/.gitignore
index ede6c3e8f3..69f93652be 100644
--- a/.gitignore
+++ b/.gitignore
@@ -49,6 +49,7 @@
/vagrant/phpbb-install-config.yml
.vagrant
node_modules
+/build/package_signature
# Excludes IDE / editors files
*~
diff --git a/build/build.xml b/build/build.xml
index ddc1e0464e..5252f74f5a 100644
--- a/build/build.xml
+++ b/build/build.xml
@@ -203,6 +203,12 @@
+
+
+
+
+
+
@@ -219,6 +225,31 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
filesize = filesize($file_path);
$filedata->checksum = trim(preg_replace('/(^\w+)(.+)/', '$1', file_get_contents($file_path . '.sha256')));
$filedata->filetype = $extension;
+
+ if (file_exists($file_path . '.sig'))
+ {
+ $filedata->signature = trim(file_get_contents($file_path . '.sig'));
+ }
+
$package_file->files[] = $filedata;
}
diff --git a/build/generate_signature.php b/build/generate_signature.php
new file mode 100644
index 0000000000..d1b5675119
--- /dev/null
+++ b/build/generate_signature.php
@@ -0,0 +1,52 @@
+#!/usr/bin/env php
+
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+if ($_SERVER['argc'] != 3)
+{
+ echo "Please specify the secret key and filename for which the signature should be created, e.g. generate_signature.php mySecretSecret path/to/file\n";
+ exit(1);
+}
+
+$secret_key = base64_decode($_SERVER['argv'][1]);
+$file_path = $_SERVER['argv'][2];
+
+if (!extension_loaded('sodium'))
+{
+ die('Required sodium extension not loaded');
+}
+
+if (!file_exists($file_path))
+{
+ die('File does not exist');
+}
+
+$hash = hash_file('sha384', $file_path, true);
+try
+{
+ $signature = sodium_crypto_sign_detached($hash, $secret_key);
+}
+catch (SodiumException $e)
+{
+ $keypair = sodium_crypto_sign_keypair();
+
+ $secret_key = base64_encode(sodium_crypto_sign_secretkey($keypair));
+ $public_key = base64_encode(sodium_crypto_sign_publickey($keypair));
+ echo 'Unable to create the signature: ' . $e->getMessage() . "\n";
+ echo "Maybe use these keys:\nPublic key: {$public_key}\nSecret key: {$secret_key}\n";
+ die();
+}
+
+$signature = base64_encode($signature);
+
+file_put_contents($file_path . '.sig', $signature);
diff --git a/build/verify_signature.php b/build/verify_signature.php
new file mode 100644
index 0000000000..fd432ed638
--- /dev/null
+++ b/build/verify_signature.php
@@ -0,0 +1,56 @@
+#!/usr/bin/env php
+
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+if ($_SERVER['argc'] != 4)
+{
+ echo "Please specify the public key, filename for which the signature should be check, and the signature file, e.g. verify_signature.php superPublicKey path/to/file path/to/signature\n";
+ exit(1);
+}
+
+$public_key = base64_decode($_SERVER['argv'][1]);
+$file_path = $_SERVER['argv'][2];
+$signature_path = $_SERVER['argv'][3];
+
+if (!extension_loaded('sodium'))
+{
+ die('Required sodium extension not loaded');
+}
+
+if (!file_exists($file_path))
+{
+ die('File does not exist');
+}
+
+if (!file_exists($signature_path))
+{
+ die('Signature file does not exist');
+}
+
+$hash = hash_file('sha384', $file_path, true);
+$signature = base64_decode(file_get_contents($signature_path));
+
+try
+{
+ if (sodium_crypto_sign_verify_detached($signature, $hash, $public_key))
+ {
+ echo 'Signature is valid!';
+ }
+ else
+ {
+ echo 'Signature is not valid!';
+ }
+} catch (SodiumException $e)
+{
+ die('Unable to verify the signature: ' . $e->getMessage() . "\n");
+}