Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cbi-dev] Signing source features
Thanks Ken, I think this method is better than what I came up with. I think we'll go with this solution.


Thanh

On 12/14/2012 05:31 AM, Ken Lee wrote:

Hi,

 

We also found out that the generation of the source features are located in the same phase as the signing of the features. So the binary features will be signed before the source features are created.

Our workaround is to move the normalize, sign, pack and p2-metadata goals to the verify phase. Example:

 

<plugin>

  <groupId>org.eclipse.cbi.maven.plugins</groupId>

  <artifactId>eclipse-jarsigner-plugin</artifactId>

  <version>1.0.2-SNAPSHOT</version>

  <executions>

    <execution>

      <id>sign</id>

      <goals>

        <goal>sign</goal>

      </goals>

      <phase>verify</phase>

    </execution>

  </executions>

</plugin>

 

Cheers,

 

Ken

 

From: cbi-dev-bounces@xxxxxxxxxxx [mailto:cbi-dev-bounces@xxxxxxxxxxx] On Behalf Of Thanh Ha
Sent: Donnerstag, 13. Dezember 2012 20:01
To: cbi-dev@xxxxxxxxxxx
Subject: Re: [cbi-dev] Signing source features

 

We are seeing this issue in the CBI Platform build as well in Bug 396445 [1]. I had a look to see if I could figure out what was happening and here is what I discovered.

It seems to me like the issue is related to execution order of Maven plugins. What happens is that the jarsigner runs before tycho-source-feature-plugin is run. So since the source is generated after the jarsigner's already run, it won't get signed. So I tried to figure out how Maven decides the execution order and found that it seems Maven runs plugins that are in the same phase, in the order they are defined.

So if you define signing in a parent pom, and then inherit that in your feature pom. Then signing will run first since it is defined first and then generating source features will run after if it is defined in the feature pom. To workaround this I redefined the eclipse-sign profile in my feature pom, after the main <build></build> section to override this order allowing the generated source to be generated first, and then signed. I attached a patch to Bug 396445 [1] as an example of this work.

I'm not sure if this is the most optimal way to work around the problem, and it causes duplicate definitions to be defined but it seems to allow me to ensure that the source feature jar is signed.


Thanh

[1] http://bugs.eclipse.org/396445

On 11/07/2012 07:51 AM, Ken Lee wrote: 

Hi everybody,
 
We are using the plugin tycho-source-feature-plugin to generate source features and eclipse-jarsigner-plugin (org.eclipse.cbi.maven.plugins) to sign our features.
Although the source features are generated, they will not be signed by the jar signer (the other features however are signed correctly).
 
We configured the pom.xml in the features similar as in the example [1] to generate the source features. For the signing, we created a profile eclipse-sign in the parent pom.xml as listed in [2]. This profile is used in our CBI build on the Eclipse Hudson. 
 
Does anybody know if further configurations are required for signing the source features? 
 
Thanks in advance.
 
Ken
 
[1] http://wiki.eclipse.org/Minerva#Source
[2]
  <profiles>
    <profile>
      <id>eclipse-sign</id>
      <build>
        <plugins>
          <plugin>
            <groupId>org.eclipse.tycho</groupId>
            <artifactId>target-platform-configuration</artifactId>
            <version>${tycho.version}</version>
            <configuration>
              <includePackedArtifacts>true</includePackedArtifacts>
            </configuration>
          </plugin>
 
          <plugin>
            <groupId>org.eclipse.tycho.extras</groupId>
            <artifactId>tycho-pack200a-plugin</artifactId>
            <version>${tycho-extras.version}</version>
            <executions>
              <execution>
                <id>pack200-normalize</id>
                <goals>
                  <goal>normalize</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
 
          <plugin>
            <groupId>org.eclipse.cbi.maven.plugins</groupId>
            <artifactId>eclipse-jarsigner-plugin</artifactId>
            <version>1.0.2-SNAPSHOT</version>
            <executions>
              <execution>
                <id>sign</id>
                <goals>
                  <goal>sign</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
 
          <plugin>
            <groupId>org.eclipse.tycho.extras</groupId>
            <artifactId>tycho-pack200b-plugin</artifactId>
            <version>${tycho-extras.version}</version>
            <executions>
              <execution>
                <id>pack200-pack</id>
                <goals>
                  <goal>pack</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
 
          <plugin>
            <groupId>org.eclipse.tycho</groupId>
            <artifactId>tycho-p2-plugin</artifactId>
            <version>${tycho.version}</version>
            <executions>
              <execution>
                <id>p2-metadata</id>
                <goals>
                  <goal>p2-metadata</goal>
                </goals>
                <phase>package</phase>
              </execution>
            </executions>
            <configuration>
              <defaultP2Metadata>false</defaultP2Metadata>
            </configuration>
          </plugin>
        </plugins>
      </build>
    </profile>




_______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
http://dev.eclipse.org/mailman/listinfo/cbi-dev

 



_______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
http://dev.eclipse.org/mailman/listinfo/cbi-dev

Back to the top