Re: [tycho-user] would it be possible for tycho to check the signing (an

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?

From: Mickael Istria <mistria@xxxxxxxxxx>
Date: Wed, 6 Jan 2021 15:05:15 +0100
Delivered-to: tycho-user@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/tycho-user>
List-help: <mailto:tycho-user-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/tycho-user>, <mailto:tycho-user-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/tycho-user>, <mailto:tycho-user-request@eclipse.org?subject=unsubscribe>

On Wed, Jan 6, 2021 at 1:59 PM Johan Compagner <jcompagner@xxxxxxxxxx> wrote:

isn't the maven-jarsigner-plugin only used for plugins that you build yourself?
So the plugin projects with pom files that are compiled, built, repacked, and signed by tycho?

That's right.

which makes a p2 site for us where the jars are coming from all kinds of things (mostly from maven central)

Have you tried contributing to upstream projects so they can get those artifacts signed?

Or do you really need those 3rd party artifacts to be signed by your own certificate? In which case, then those become different artifacts, and you'd need to re-build or repackage them (ideally changing the Bundle-Vendor in MANIFEST to explicit it's not an "official" upstream artifact).

Follow-Ups:
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Christoph Läubrich

References:
- [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Johan Compagner
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Sravan K Lakkimsetti
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Johan Compagner
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Mickael Istria
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Johan Compagner

Prev by Date: Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
Next by Date: Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
Previous by thread: Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
Next by thread: Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
Index(es):
- Date
- Thread

Breadcrumbs