Re: [cross-project-issues-dev] p2 repositories and eclipse.org signing

[Kim Moir <Kim_Moir@xxxxxxxxxx>]

You just need to copy a zip of the bundles
you wish to sign to the appropriate signing directory for your project,
invoke the signing script, and poll the output location for your signed
file. 

You can see how the Eclipse project
does this here http://dev.eclipse.org/viewcvs/viewvc.cgi/org.eclipse.releng.eclipsebuilder/buildAll.xml?revision=1.381&view=markup
in the signMasterFeature target.

Hudson doesn't have any committer credentials
for security reasons.  This has been discussed at length in this bug.

https://bugs.eclipse.org/bugs/show_bug.cgi?id=285074

Yes, it's complicated :-)

Kim



From:      
 "Konstantin Komissarchik"
<konstantin.komissarchik@xxxxxxxxxx>
To:      
 "'Cross project
issues'" <cross-project-issues-dev@xxxxxxxxxxx>
Date:      
 01/06/2011 04:26 PM
Subject:    
   Re: [cross-project-issues-dev]
p2 repositories and        eclipse.org  
     signing
Sent by:    
   cross-project-issues-dev-bounces@xxxxxxxxxxx

---

Thanks, but that’s not quite
what I am asking. If I can sign from the middle of my build on Hudson,
I can do that before building the repository metadata in the first place.

 
My question is how do I sign
from the middle of the build process running on Hudson. Signing requires
committer credentials, ssh to build.eclipse.org, etc. Seems incompatible
with doing this during the build, yet the result needs to be post-processed
after signing to be usable. 
 
Seems rather unnecessarily
complicated. Can we have a blocking signing script available on Hudson
hosts that would use host/hudson credentials? 
 
- Konstantin
 
 
From: cross-project-issues-dev-bounces@xxxxxxxxxxx
[mailto:cross-project-issues-dev-bounces@xxxxxxxxxxx]
On Behalf Of Kim Moir
Sent: Thursday, January 06, 2011 1:11 PM
To: Cross project issues
Subject: Re: [cross-project-issues-dev] p2 repositories and eclipse.org
signing
 
Konstantin, 

You can to use the p2.process.artifacts
 task to update the MD5 signatures of the bundles in your repo once
they've been signed 

In our build, we run it like this which updates the checksums and also
creates packed files in the repo

<p2.process.artifacts repositoryPath="file://${yourrepo}"
pack="true" />

http://help.eclipse.org/helios/index.jsp?topic=/org.eclipse.platform.doc.isv/guide/p2_repositorytasks.htm

Kim 






From:        "Konstantin
Komissarchik" <konstantin.komissarchik@xxxxxxxxxx>
To:        "'Cross
project issues'" <cross-project-issues-dev@xxxxxxxxxxx>
Date:        01/06/2011
03:39 PM 
Subject:        [cross-project-issues-dev]
p2 repositories and eclipse.org signing
Sent by:        cross-project-issues-dev-bounces@xxxxxxxxxxx

---

I’d like to hear how people handle signing of p2 repositories. My project
build produces a p2 repository archive. For my first attempt, I used eclipse.org
sign script to sign the repository… Oops… The p2 repository is now corrupted.
Understandable in retrospect. Signing changes the plugin and feature jars.
The checksums stored in p2 metadata no longer match.
  
So, it seems that one must perform signing in the middle of the build process
running on Hudson. How would I do this given the convoluted signing infrastructure
we have to use? 
  
- Konstantin_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev