HPCC-16124 GPG Signing changes

* GPG Signing on by default
* Check for ability to sign if SIGN_MODULES=ON
* Add public key to ecl/regress for developers to use in testing

Signed-off-by: Michael Gardner <michael.gardner@lexisnexis.com>

cmake_modules/commonSetup.cmake

@@ -53,7 +53,7 @@ IF ("${COMMONSETUP_DONE}" STREQUAL "")
   option(PLUGIN "Enable building of a plugin" OFF)
   option(USE_SHLIBDEPS "Enable the use of dpkg-shlibdeps on ubuntu packaging" OFF)
 
-  option(SIGN_MODULES "Enable signing of ecl standard library modules" OFF)
+  option(SIGN_MODULES "Enable signing of ecl standard library modules" ON)
   option(USE_CPPUNIT "Enable unit tests (requires cppunit)" OFF)
   option(USE_OPENLDAP "Enable OpenLDAP support (requires OpenLDAP)" ON)
   option(USE_ICU "Enable unicode support (requires ICU)" ON)
@@ -114,6 +114,32 @@ IF ("${COMMONSETUP_DONE}" STREQUAL "")
   option(EXAMPLEPLUGIN "Create a package with ONLY the exampleplugin plugin" OFF)
   option(COUCHBASEEMBED "Create a package with ONLY the couchbaseembed plugin" OFF)
 
+  if (SIGN_MODULES)
+      message(STATUS "GPG signing check")
+      if(DEFINED SIGN_MODULES_PASSPHRASE)
+          set(GPG_PASSPHRASE_OPTION --passphrase)
+      endif()
+      if(DEFINED SIGN_MODULES_KEYID)
+        set(GPG_DEFAULT_KEY_OPTION --default-key)
+      endif()
+      execute_process(
+          COMMAND rm -f sm_keycheck.tmp sm_keycheck.asc
+          COMMAND touch sm_keycheck.tmp
+          COMMAND gpg --output sm_keycheck.asc ${GPG_DEFAULT_KEY_OPTION} ${SIGN_MODULES_KEYID}  --clearsign ${GPG_PASSPHRASE_OPTION} ${SIGN_MODULES_PASSPHRASE} --batch --no-tty sm_keycheck.tmp
+          WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+          RESULT_VARIABLE rc_var
+          ERROR_VARIABLE err_var
+          OUTPUT_QUIET)
+      if(NOT "${rc_var}" STREQUAL "0")
+          message(STATUS "GPG signing check - failed")
+          message(FATAL_ERROR "gpg signing of std ecllibrary unsupported in current environment. \
+          If you wish to build without a signed std ecllibrary add -DSIGN_MODULES=OFF to your \
+          cmake invocation.\n${err_var}")
+      else()
+          message(STATUS "GPG signing check - done")
+      endif()
+  endif()
+
   if (APPLE OR WIN32)
       option(USE_TBB "Enable Threading Building Block support" OFF)
   else()

ecl/regress/HPCCSystems.pub

@@ -0,0 +1,31 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFe7O0EBCADEBgoHtkKrU6qduKAP3R0MIpEFKYXgxFfgpOrHH26xuTDRmpFH
+S1CaTPj00npFQkY4MkzhN6w8MeaWoaczRbOdBlpLxzmMhzKJ/DCHVNptpIvBBfOP
+yu8udWivdUVaHL45k/RdAV2y1EMFdDC+2XsJp4MoDCp541tKw1ARgx6RvupbtvbO
+/5+lsTg8ci7AJRftE8x5N1PezvyRQgMZ/dGJaWikG6ZNEiJIagR3MYxXLq7vULsm
+GKFbI3uMiW7o+DixTGf4YmpJbewzcgdH8A/TdvOS3n6XyFxsiSLoW2kgZYxSa2Fo
+ovC9K8GfMkthWwOF6tgxNDcsbfvyO9NcF9CTABEBAAG0TkhQQ0NTeXN0ZW1zIChJ
+bnRlcm5hbCBrZXkgZm9yIHN0ZCBlY2wgbGlicmFyeSkgPG9zc2RldmVsb3BtZW50
+QGxleGlzbmV4aXMuY29tPokBOAQTAQIAIgUCV7s7QQIbAwYLCQgHAwIGFQgCCQoL
+BBYCAwECHgECF4AACgkQbfsHcI2qQX0Uvwf/VF5Jss3WDngEbOIS0SslLGVp6d7R
+3dfa49QXbY0lzgD+ieKZIISUgdDUNcP5B5uqs9T7xSy7Btbk34EVKycqtzO+kYGI
+JnFAU9LO7LTQtIkCC1UKXCgn/yECUiQTxCdXf02Y3arr/zUFepqW9HIxxuDfAgSD
+f7/i942uh6g/YI2ZkdqIb8/LL3MurVfZw3gAP6e0si7Hy8UcPTK/J6y0vpF78v0m
+pSEKS12GFGJ7fRYmVEGmYDiSeLBTANHNHG6g7A7pKRHcVxzwkkNXUdTN8yVjHJpV
+CXgcLd/+6CGD3NsyndP1q2QyrDkf/oN5Ns/2cg8NXDelh7f/GP0O+PCg5LkBDQRX
+uztBAQgApLFVAHtJ1Yr/NGGmt/NC+ko2Aj6oDKztd828DimsaQaO8JXR69rKHfJH
+TlCiJCh2+yqPrU8GxhQ/JaNZ5cYxKX5KtZcqID/I8bmAc07Ekaf+vkcGKM/CWcmE
+vPmBUzGAPILke0AUa61ogb+e+Zemt3E/0dwB9XYqwme6m4DsiRbnva6bqvcnJwxA
+kUrf+vIakRipobzu52VTgJmw3x1RJTxTNqsWVXv2c2qMwddQQjA6kDBjAToMgoCy
+BMaGsHfiXVmJWUz2l2e34/3CoKueHfGx6ao0r6cU3N98eGTaYCzMWwVHOkU1CW5t
+tC2zzUPdKZFKRr64/IXLJaV3H4S7jQARAQABiQEfBBgBAgAJBQJXuztBAhsMAAoJ
+EG37B3CNqkF9uj8IAI4lgiejAj84t42RiPwxoL2jkXsffK5lRz9SOrLewrDxrqpo
+wopIBXhytCw90CaKxpT/i/Mb8VldjCqykOfxZ8uuupxaeBnW9Q3GIboY3AzA97kH
+11RcIB9XSXRrZoriuyctRxCjvViPNaW67BwgMwp2vTk9AFe2BIPDSpaFZB3xU/52
+hv7ugA5WqM2qHCVlRoLc9kHt88Nr1n/tk7KIfhjv+U96x8wQuE+AyMRn1oQaeVjE
+5N2HxiBxxxGHmEHpBW1aNBW9OX39ESWKnoB7KDUTyeAS5b2bSBbutsKK7/6mxCAP
+9SOThfXVcB09akj5tIrTum8geE0ns5mZgU9/Hbc=
+=k/X7
+-----END PGP PUBLIC KEY BLOCK-----