Re: [tycho-dev] Processing artifacts from a p2 update site generated by

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module

From: Robert Munteanu <robert.munteanu@xxxxxxxxx>
Date: Fri, 23 Jun 2017 16:38:29 +0300
Delivered-to: tycho-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/tycho-dev>
List-help: <mailto:tycho-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/tycho-dev>, <mailto:tycho-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/tycho-dev>, <mailto:tycho-dev-request@eclipse.org?subject=unsubscribe>

Hi Jan,

On Fri, Jun 23, 2017 at 3:56 PM, Sievers, Jan <jan.sievers@xxxxxxx> wrote:
> replacing jar files all at once in eclipse-repository will probably not work because signing changes MD5 sums which are part of the p2 metadata.
>
> Jan
>
> On 23.06.17, 14:52, "tycho-dev-bounces@xxxxxxxxxxx on behalf of Sievers, Jan" <tycho-dev-bounces@xxxxxxxxxxx on behalf of jan.sievers@xxxxxxx> wrote:
>
> I don't have a running build with code signing myself but I know the eclipse platform build does using eclipse-jarsigner-plugin.
> AFAIK they sign individal jars for each plugin/feature by replacing them in the corresponding target/ folder.
>
> Perhaps looking at
> https://github.com/eclipse/eclipse.platform.releng.aggregator/blob/master/eclipse-platform-parent/pom.xml
>
> could help. Or try to contact cbi-dev@xxxxxxxxxxx

Thanks for the link, I'll take a look. I forgot to mention that
signing files individually would not work as code signing is a metered
service and N invocations of 1 jar each cost N times as much as 1
invocation with N jars ...

I was looking into the tycho-p2-extras-plugin and I think I can get
away with the following in the eclipse-repository module:

- build the repository as usual
- invoke the code signing logic, replace the files in-place in target/repository
- invoke tycho-p2-extras-plugin:mirror goal and mirror the files from
target/repository to target/repository-signed
- invoke the tycho-p2-extras-plugin:publish-features-and-bundles and
regenerate the p2 metadata in target/repository-signed

That _should_ work, if anyone has worked with a similar setup I'd be
interested to know if it's viable.

Thanks,

Robert

>
> Regards
> Jan
>
>
> On 22.06.17, 17:42, "tycho-dev-bounces@xxxxxxxxxxx on behalf of Robert Munteanu" <tycho-dev-bounces@xxxxxxxxxxx on behalf of robert.munteanu@xxxxxxxxx> wrote:
>
> Hi,
>
> I am trying to get code signing to work with Tycho. I am required to
> use a third-party code signing service, which expects me to upload
> multiple jar files and in return will give me the signed files.
>
> My first attempt was to write a small Maven plug-in which does just
> that and configure it in my eclipse-repository module. However, I
> can't insert it in the right point. I would assume this would be
> between default-assemble-repository and default-archive-repository, so
> that the plug-ins are located under target/repository/plugins but the
> metadata is not yet generated. prepare-package is too early, package
> is too late.
>
> My second attempt was to manually perform the code signing and replace
> the files. However, according to [1] this is not a safe approach.
>
> Third attempt is to locate the reactor dependencies at runtime and
> sign those artifacts. WIth a snippet like
>
>             for (Artifact dep : project.getDependencyArtifacts() ) {
>                 getLog().info("Found dependency " + dep + " at " +
> dep.getFile());
>             }
>
> I would only get the eclipse-feature dependencies from the reactor,
> and dep.getFile() returns null.
>
> At this point I'm out of ideas.
>
> How can I process the artifacts included in an eclipse-repository
> before the packaging occurs?
>
> Thanks,
>
> Robert
>
> (Please keep me on CC, I'm not subscribed to this list)
>
> [1]: https://www.eclipse.org/forums/index.php/t/1084723/
>
> --
> http://robert.muntea.nu/
> _______________________________________________
> tycho-dev mailing list
> tycho-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/tycho-dev
>
>
> _______________________________________________
> tycho-dev mailing list
> tycho-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/tycho-dev
>
>
> _______________________________________________
> tycho-dev mailing list
> tycho-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/tycho-dev



-- 
http://robert.muntea.nu/

References:
- [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
  - From: Robert Munteanu
- Re: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
  - From: Sievers, Jan
- Re: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
  - From: Sievers, Jan

Prev by Date: Re: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
Next by Date: [tycho-dev] How does eclipse tycho plugin works
Previous by thread: Re: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
Next by thread: [tycho-dev] How does eclipse tycho plugin works
Index(es):
- Date
- Thread

Breadcrumbs