| [cbi-dev] Maven Windows Signing Plugin for Eclipse |
|
Hi Everyone, We have some students working on creating a winsigner maven plugin [1] to take advantage of the new windows signing service we setup at the foundation [2]. Ultimately we want to be able to sign the Eclipse Platform Windows exes but I'm not sure how best to approach this problem. On one hand we could design the winsigner to be very simplistic and simply sign an exe in a single project so that it would work for executables outside of the Eclipse Platform too. But in this case where would we put the signed executables so that CBI Platform build can get them? do we stuff it in the rt.equinox.binaries repo too just like the unsigned? I'm not familiar with how the executables in rt.equinox.binaries are produced and released into there so maybe understanding this would be useful. Another thought I had is we could parse the root_configuration.zip files Tycho produces (rcp.config project comes to mind [3]) find the windows exes, push to the signing service, then repack them. But I think this method would be too specific to one project. Maybe we could even parse artifacts (jar, zip, tar.gz?) produced by Maven / Tycho and unpack/repack them after signing? I hope someone can point us in the right direction here. [1] https://bugs.eclipse.org/406157 [2] http://wiki.eclipse.org/IT_Infrastructure_Doc#Web_service_.28Instant.29 [3] http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/rcp.config Thanh |