[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cbi-dev] [cross-project-issues-dev] CBI Maven plugins 1.1.3-SNAPSHOT

Hi Mikael,
2. I get a NullPointerException when starting the Test Server. I looked at the source code to find that this is due to missing HTTP_PROXY environment variable on my system. My system has a direct Internet connection, so it does not make sense to define such variables. I had to checkout the code, comment some lines and run it from Eclipse to resolve this issue.

Could you please give me the stack trace? Or even better, could you submit a patch through gerrit?

I openedÂhttps://bugs.eclipse.org/bugs/show_bug.cgi?id=483797
I see you already accepted my patch. Thanks :-)
3. The signing with the Test Server is very slow. It takes around a minute to sign a single jar file. My CPU is not utilized at all. I have no solution for this.

Did you try to do it manually with the jarsigner command? Does it work faster?Â

As far as I can see the slow part is the communication to the timestamp server. I guess for me it is significantly slower than for you. I would suggest to have an option for the to switch the signing with timestamp off. Just for the test server.
4. I tried using the SHA_1 digest algorithm, but the result is not the same as the JAR being signed with Java 6. I have "SHA-1-Digest" headers in he MANIFEST.MF file instead of "SHA1-Digest". Note the extra dash. So, the installation of these plugins on Eclipse Indigo is still not successful. I did not find a valid configuration for the digestAlgorithm option to get the correct "SHA1-Digest" header. I tried with SHA1, but I got an error that it is not a valid value.

You're right, Java 6 signs with the "SHA1-Digest" while Java 7 and later signs with "SHA-1-Digest". I've seen this difference, but Java 7+ accepts both. Unfortunately, I did not try with Java 6. Could you try to run (Java 6 version of) jarsigner -verify on the plugin with the "SHA-1-Digest" headers and give me the output? Thanks.

Here it is:

/usr/lib/jvm/java-6-openjdk-amd64/bin/jarsigner -verify /home/raev/git/andmore/andmore-core/site/target/repository/plugins/org.eclipse.andmore.android_0.5.0.201512071444.jar
jar verified.

This jar contains entries whose signer certificate will expire within six months.Â

Re-run with the -verbose and -certs options for more details.