Bug 409074 - Evaluate which/how many unsigned inner jars we have
Summary: Evaluate which/how many unsigned inner jars we have
Status: VERIFIED FIXED
Alias: None
Product: Platform
Classification: Eclipse Project
Component: Releng (show other bugs)
Version: 4.3   Edit
Hardware: PC Linux
: P3 normal (vote)
Target Milestone: ---   Edit
Assignee: David Williams CLA
QA Contact:
URL:
Whiteboard:
Keywords: info
Depends on:
Blocks:
 
Reported: 2013-05-25 15:21 EDT by David Williams CLA
Modified: 2013-05-30 12:52 EDT (History)
0 users

See Also:

Attachments
less interesting tests and examples inner jars (40.53 KB, text/plain)
2013-05-26 23:13 EDT, David Williams CLA 		no flags Details
code bundles with innerjars (3.57 KB, text/plain)
2013-05-26 23:23 EDT, David Williams CLA 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Williams CLA 2013-05-25 15:21:17 EDT 
This is more of a "to do" item for me ... if I can find the time ... not expecting any change in build or code (for now) but in light of bug 408901, I am curious how many "inner jars" we have, which they are, and, most important, if it is the case we would want them all signed? Or just a select few? If just a select few, that would effect the solution/fix we'd want in bug 401141 (i.e. does it need to be configurable for each bundle produced, or would a "blanket signing if inner jars" suffice?
Comment 1 David Williams CLA 2013-05-26 23:11:42 EDT 
Will attaching listings. 

Not sure this will be very helpful, since it does not look at packages, does not really say which inner jars need to be signed, and which not ... but, it does show we have a LOT of inner jars. Mostly in tests, and in the past, we never signed tests anyway at all. 

Some of those in the main "code" bundles, already are marked with eclipse.inf to exclude children from signing so any solution to bug 401141 needs to take eclipse.inf into account.
Comment 2 David Williams CLA 2013-05-26 23:13:46 EDT 
Created attachment 231525 [details]
less interesting tests and examples inner jars

should not matter if these are signed or not ... as far as I know.
Comment 3 David Williams CLA 2013-05-26 23:23:23 EDT 
Created attachment 231526 [details]
code bundles with innerjars

some already specify "don't sign inner jars" (not sure if due to classpath security issues, or ... just not needed ... in theory some cases could have performance implications, I'd guess. 

The one that Tom mentions as "matters" shows up: 
org.eclipse.core.runtime.compatibility.registry_3.5.200.v20130514-1256.jar

         runtime_registry_compatibility.jar 

But, not sure any of the others do. 
Almost makes me wonder if the solution in the main bug should have it configurable, so the default would be to not sign inner jars, but could be configured to override and say "sign inner jars"? 

It might be just about as easy to fix/improve the "cbi signing plugin", but also wonder if a work-around could be done in the runtime.compatibility.registry bundle and use "antrun" to sign this one particular inner jar? Well, then outer jar would have to be resigned, probably ... yeah, easier to fix "cbi signing plugin" :)
Comment 4 David Williams CLA 2013-05-26 23:24:33 EDT 
marking as fixed, with 'info' as keyword, just to emphasize this is "data only", no changes to code.
Comment 5 David Williams CLA 2013-05-30 12:52:16 EDT 
bookkeeping, since obviously done.