Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] p2 repositories and eclipse.org signing

The hudson user is able to invoke the signing script already.

cheers,
jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx



On Thu, Jan 6, 2011 at 15:57, Konstantin Komissarchik
<konstantin.komissarchik@xxxxxxxxxx> wrote:
> Thanks for this reference, Kim. So this signMasterFeature target must be
> manually invoked by a committer after logging in somewhere? This doesn’t run
> as part of your build, correct?
>
>
>
> I don’t think Hudson would need committer credentials to make signing work
> better. That’s a separate topic. All we need is Hudson user to be able to
> access the existing signing facility.
>
>
>
> - Konstantin
>
>
>
>
>
> From: cross-project-issues-dev-bounces@xxxxxxxxxxx
> [mailto:cross-project-issues-dev-bounces@xxxxxxxxxxx] On Behalf Of Kim Moir
> Sent: Thursday, January 06, 2011 1:47 PM
>
> To: Cross project issues
> Subject: Re: [cross-project-issues-dev] p2 repositories and eclipse.org
> signing
>
>
>
> You just need to copy a zip of the bundles you wish to sign to the
> appropriate signing directory for your project, invoke the signing script,
> and poll the output location for your signed file.
>
> You can see how the Eclipse project does this here
> http://dev.eclipse.org/viewcvs/viewvc.cgi/org.eclipse.releng.eclipsebuilder/buildAll.xml?revision=1.381&view=markup
> in the signMasterFeature target.
>
> Hudson doesn't have any committer credentials for security reasons.  This
> has been discussed at length in this bug.
>
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=285074
>
> Yes, it's complicated :-)
>
> Kim
>
>
>
> From:        "Konstantin Komissarchik" <konstantin.komissarchik@xxxxxxxxxx>
> To:        "'Cross project issues'" <cross-project-issues-dev@xxxxxxxxxxx>
> Date:        01/06/2011 04:26 PM
> Subject:        Re: [cross-project-issues-dev] p2 repositories and
>  eclipse.org        signing
> Sent by:        cross-project-issues-dev-bounces@xxxxxxxxxxx
>
> ________________________________
>
>
> Thanks, but that’s not quite what I am asking. If I can sign from the middle
> of my build on Hudson, I can do that before building the repository metadata
> in the first place.
>
> My question is how do I sign from the middle of the build process running on
> Hudson. Signing requires committer credentials, ssh to build.eclipse.org,
> etc. Seems incompatible with doing this during the build, yet the result
> needs to be post-processed after signing to be usable.
>
> Seems rather unnecessarily complicated. Can we have a blocking signing
> script available on Hudson hosts that would use host/hudson credentials?
>
> - Konstantin
>
>
> From: cross-project-issues-dev-bounces@xxxxxxxxxxx
> [mailto:cross-project-issues-dev-bounces@xxxxxxxxxxx] On Behalf Of Kim Moir
> Sent: Thursday, January 06, 2011 1:11 PM
> To: Cross project issues
> Subject: Re: [cross-project-issues-dev] p2 repositories and eclipse.org
> signing
>
> Konstantin,
>
> You can to use the p2.process.artifacts  task to update the MD5 signatures
> of the bundles in your repo once they've been signed
>
> In our build, we run it like this which updates the checksums and also
> creates packed files in the repo
>
> <p2.process.artifacts repositoryPath="file://${yourrepo}" pack="true" />
>
> http://help.eclipse.org/helios/index.jsp?topic=/org.eclipse.platform.doc.isv/guide/p2_repositorytasks.htm
>
> Kim
>
>
>
>
>
>
> From:        "Konstantin Komissarchik" <konstantin.komissarchik@xxxxxxxxxx>
> To:        "'Cross project issues'" <cross-project-issues-dev@xxxxxxxxxxx>
> Date:        01/06/2011 03:39 PM
> Subject:        [cross-project-issues-dev] p2 repositories and eclipse.org
> signing
> Sent by:        cross-project-issues-dev-bounces@xxxxxxxxxxx
>
>
>
> ________________________________
>
>
>
> I’d like to hear how people handle signing of p2 repositories. My project
> build produces a p2 repository archive. For my first attempt, I used
> eclipse.org sign script to sign the repository… Oops… The p2 repository is
> now corrupted. Understandable in retrospect. Signing changes the plugin and
> feature jars. The checksums stored in p2 metadata no longer match.
>
> So, it seems that one must perform signing in the middle of the build
> process running on Hudson. How would I do this given the convoluted signing
> infrastructure we have to use?
>
> - Konstantin_______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev_______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
>
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
>
>


Back to the top