Re: [tycho-user] would it be possible for tycho to check the signing (an

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?

From: Mickael Istria <mistria@xxxxxxxxxx>
Date: Wed, 6 Jan 2021 15:45:12 +0100
Delivered-to: tycho-user@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/tycho-user/>
List-help: <mailto:tycho-user-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/tycho-user>, <mailto:tycho-user-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/tycho-user>, <mailto:tycho-user-request@eclipse.org?subject=unsubscribe>

On Wed, Jan 6, 2021 at 3:39 PM Johan Compagner <jcompagner@xxxxxxxxxx> wrote:

But i guess if we would implement this in the correct location the product would be auto done because the product is build from a generated repository right?

Right. Signing after the fact is source of errors as you mentioned (brining incorrect checksums and so on), artifacts need to be signed as soon as they're produced.

At the moment, I believe your approach with building your own Orbit-like to repackage and apply a signature directly when producing those artifacts to consume them later is the best possible one. I don't foresee an obvious possible improvement to implement in Tycho in short-term to improve this story.

Follow-Ups:
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Johan Compagner

References:
- [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Johan Compagner
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Sravan K Lakkimsetti
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Johan Compagner
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Mickael Istria
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Johan Compagner
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Mickael Istria
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Christoph Läubrich
- Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
  - From: Johan Compagner

Prev by Date: Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
Next by Date: Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
Previous by thread: Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
Next by thread: Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
Index(es):
- Date
- Thread

Breadcrumbs