Build:

- Generate su3 file in release target
  - Add my new RSA 4096 pubkey cert for updates
  - Fix checkcerts.sh

build.xml

@@ -1496,6 +1496,7 @@
             </condition>
         </fail>
         <echo message="Key file is ${release.privkey}" />
+        <!-- now build and verify the unpacked sud from the unpacked zip -->
         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
             <classpath>
                 <pathelement location="build/i2p.jar" />
@@ -1528,7 +1529,7 @@
             <arg value="showversion" />
             <arg value="i2pupdate.sud" />
         </java>
-        <!-- now build and verify the packed sud from the packed zip -->
+        <!-- now build and verify the packed su2 from the packed zip -->
         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
             <classpath>
                 <pathelement location="build/i2p.jar" />
@@ -1561,6 +1562,59 @@
             <arg value="showversion" />
             <arg value="i2pupdate.su2" />
         </java>
+        <!-- now build and verify the packed su3 from the packed zip -->
+        <input message="Enter su3 private signing key store:" addproperty="release.privkey.su3" />
+        <fail message="You must enter a path." >
+            <condition>
+                <equals arg1="${release.privkey.su3}" arg2=""/>
+            </condition>
+        </fail>
+        <input message="Enter key name (you@mail.i2p):" addproperty="release.signer.su3" />
+        <fail message="You must enter a name." >
+            <condition>
+                <equals arg1="${release.signer.su3}" arg2=""/>
+            </condition>
+        </fail>
+        <input message="Enter key password for ${release.signer.su3}:" addproperty="release.password.su3" />
+        <fail message="You must enter a password." >
+            <condition>
+                <equals arg1="${release.password.su3}" arg2=""/>
+            </condition>
+        </fail>
+        <java classname="net.i2p.crypto.SU3File" inputstring="${release.password.su3}" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+            </classpath>
+            <arg value="sign" />
+            <arg value="-c" />
+            <arg value="ROUTER" />
+            <arg value="-t" />
+            <arg value="RSA_SHA512_4096" />
+            <arg value="i2pupdate200.zip" />
+            <arg value="i2pupdate.su3" />
+            <arg value="${release.privkey.su3}" />
+            <arg value="${release.number}" />
+            <arg value="${release.signer.su3}" />
+        </java>
+        <echo message="Verify version and VALID signature:" />
+        <java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+            </classpath>
+            <!-- set base dir so it can find the pubkey cert -->
+            <jvmarg value="-Di2p.dir.base=installer/resources" />
+            <arg value="verifysig" />
+            <arg value="i2pupdate.su3" />
+        </java>
+        <java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+            </classpath>
+            <!-- set base dir so it can find the pubkey cert -->
+            <jvmarg value="-Di2p.dir.base=installer/resources" />
+            <arg value="showversion" />
+            <arg value="i2pupdate.su3" />
+        </java>
         <!-- will this use the monotonerc file in the current workspace? -->
         <echo message="Checking out fresh copy into ../i2p-${release.number} for tarballing:" />
         <delete dir="../i2p-${release.number}" />
@@ -1608,6 +1662,7 @@
             <arg value="i2psource_${release.number}.tar.bz2" />
             <arg value="i2pupdate_${release.number}.zip" />
             <arg value="i2pupdate.su2" />
+            <arg value="i2pupdate.su3" />
             <arg value="i2pupdate.sud" />
             <arg value="i2pinstall_${release.number}_windows.exe.sig" />
             <arg value="i2pinstall_${release.number}.jar.sig" />
@@ -1622,6 +1677,7 @@
             <arg value="i2psource_${release.number}.tar.bz2" />
             <arg value="i2pupdate_${release.number}.zip" />
             <arg value="i2pupdate.su2" />
+            <arg value="i2pupdate.su3" />
             <arg value="i2pupdate.sud" />
             <arg value="i2pinstall_${release.number}_windows.exe.sig" />
             <arg value="i2pinstall_${release.number}.jar.sig" />
@@ -1635,6 +1691,7 @@
             <arg value="i2psource_${release.number}.tar.bz2" />
             <arg value="i2pupdate_${release.number}.zip" />
             <arg value="i2pupdate.su2" />
+            <arg value="i2pupdate.su3" />
             <arg value="i2pupdate.sud" />
         </exec>
         <!-- make torrent files -->
@@ -1656,6 +1713,15 @@
             <arg value="i2pupdate-${release.number}.su2" />
             <arg value="http://tracker2.postman.i2p/announce.php" />
         </java>
+        <copy file="i2pupdate.su3" tofile="i2pupdate-${release.number}.su3" />
+        <java classname="org.klomp.snark.Storage" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+                <pathelement location="build/i2psnark.jar" />
+            </classpath>
+            <arg value="i2pupdate-${release.number}.su3" />
+            <arg value="http://tracker2.postman.i2p/announce.php" />
+        </java>
         <echo message="Don't forget to mtn tag w: i2p-${release.number}" />
         <echo message="... and mtn cert t:i2p-${release.number} branch i2p.i2p.release" />
     </target>

installer/resources/certificates/router/zzz_at_mail.i2p.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdzCCA1+gAwIBAgIEcwrwsjANBgkqhkiG9w0BAQ0FADBsMQswCQYDVQQGEwJY
+WDELMAkGA1UECBMCWFgxCzAJBgNVBAcTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnlt
+b3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEVMBMGA1UEAwwMenp6QG1haWwuaTJw
+MB4XDTEzMDkzMDE3NDEyNVoXDTIzMDkzMDE3NDEyNVowbDELMAkGA1UEBhMCWFgx
+CzAJBgNVBAgTAlhYMQswCQYDVQQHEwJYWDEeMBwGA1UEChMVSTJQIEFub255bW91
+cyBOZXR3b3JrMQwwCgYDVQQLEwNJMlAxFTATBgNVBAMMDHp6ekBtYWlsLmkycDCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJV4ptvhlfrcize9/ARz4lUy
+iLtLMSvSST1BdZjLJTwus05EUs0oiqnv9qXYIWGRB97aKlAmqSxsn4ZgBttCgmev
+IkuiZ8kbdqI5YaT98yKW5P2Prt9p9cPbnz5/qjwZ5L9W+k/Itx7bv2pkNEP0NLYo
+NrgHHTb1hsyRxc0lfPYk2BwsIi8hIWBHNrRpR41EWFXfqPcdsxS8cQhxVj4zLG/R
+aMm4H8T+V1R1Khl4R4qqRgXBP305xqqRoawHmZ/S9/RkF0Ji6IYwBq9iWthWol6W
+sMDn1xhZk9765fk+ohAC2XWuGSFCr02JOILRV3x/8OUxT1GYgYjc7FfyWIekg/pZ
+yotlhL2I3SMWOH3PdG58iDY121hq/LsSKM9aP20rwtvssnw+8Aex01YDkI3bM6yO
+HNi+tRojaJcJciBWv6cuiFKvQdxj/mOhOr0u0lHLlJ4jqES8uvVJkS7X/C4BB7ra
+bJYQgumZMYvVQJFIjo8vZxMXue53o65FRidvAUT29ay54UTiL7jRV9w1wHnzLapU
+xT1v7kWpWJcZ1zzC8coJjW+6ijkk38cVLb80u1Q4kEbmP2rDxw6jRvmqg6DcCKjK
+oqDt+XQ6P5grxAxLT+VMfB404WHHwNs6BB841//4ZnXvy3msMONY/5y0fsblURgh
+IS2UG1TAjR+x7+XikGx9AgMBAAGjITAfMB0GA1UdDgQWBBSvx/fCCP8UeHwjN65p
+EoHjgRfiIzANBgkqhkiG9w0BAQ0FAAOCAgEAYgVE1Aa/Ok5k+Jvujbx72bktRWXo
+Y4UfbWH/426VdgqXt3n9XtJUNM2oI4ODwITM4O15SyXQTLJhnvJz5ELcJV8nqviZ
+RjK2HNX1BW7IEta3tacCvVnjzZ265kCT59uW+qmd+5PiaAYI5lYUn8P6pe+6neSa
+HW6ecXCrdxJetSYfUUuKeV6YHpdzfjtZClLmwl91sJUBKcjK+Q9G/cE6HnwcDH1s
+uXr7SgkBt/qc/OlNuu4fnTqUA58TAumdq9cD+eLBilDFrux1HsUZMuBUp64x5oPi
+gme+3VewsczfFEtrxaG6+l6UA40Lerdx9XECZcDCcFsK6MS1uQ2HYjsyZcWnNT3l
+6eDNUbjrllwxDdRAk0cbWiMuc21CFq/1v2QMXk88EiBjEajqzyXUPmKzwFhit6pr
+5kfjfXNq+pxQSCoaqjpzVKjb3CqMhSlC8cLgrPw6HEgGnjCy4cTLFHlVmD64M778
+tj6rE7CntcmUi8GKmZKyaMyUo3QQUcrjO5IQ4+3iGUgMkZuujyjrZiOJbvircPmK
+4IQEXzJ/G00upqtqKstRybaWSbJ/k6iuturtA2n8MJiCBjhLy8dtTgDbFaDaNF7F
+NHeqQjIJDLhYDy6mi4gya3A0ort777Inl/rWYLo067pYM+EWDw66GdpbEIB0Bp71
+pwvcQcjIzbUzEK0=
+-----END CERTIFICATE-----

tests/scripts/checkcerts.sh

@@ -152,9 +152,9 @@ elif [ $(which certtool) ]; then : ;else
     exit 1
 fi
 
-cd `dirname $0`/../../installer/resources/certificates/ssl
+cd `dirname $0`/../../installer/resources/certificates
 
-for i in *.crt *.cert
+for i in */*.crt
 do
     echo "Checking $i ..."
     EXPIRES=`checkcert $i`