Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] ACTION REQUIRED: Houston We Have a Problem 
On 14/11/22 13:43, Ed Merks wrote:

*These projects need to do new builds*:

  * *org.eclipse.acceleo*
  * *org.eclipse.bpmn2*
  * *org.eclipse.dltk*
  * *org.eclipse.ecf*
  * *org.eclipse.eef*
  * *org.eclipse.emf.edapt*
  * *org.eclipse.emf.parsley*


Hi
Concerning Parsley, this would require to perform a new release, but I guess we're late to start the release procedure paperwork, aren't we? 


  * *org.eclipse.fx*
  * *org.eclipse.gmf*
  * *org.eclipse.mylyn*
  * *org.eclipse.uml2*
You should *ensure that the qualifiers of your bundles and features are newer than 2021-04*, so that you don't have two the "same artifacts" but with different signatures, which is especially important if you are doing baseline replacement in your build.  I can help test your repository if you need help.  Please reach out to me.
*Everyone **needs to ensure that they consume from the next RC1 version of Orbit*, otherwise we are likely to end up with massive duplicate Orbit bundles and that is likely to cause problems. 

I hope someone from Mylyn is paying attention!

https://bugs.eclipse.org/bugs/show_bug.cgi?id=581029

________________________________________________
Meanwhile, I'm trying to enable PGP signing of the bundles and features with this poor certificates to "repair" them.   But, Tycho does appear to detect that a signature will be ignored, provides no way to specify how to treat artifacts that already have a PGP signature (it actually produces duplicate properties in the artifacts.xml), and it appears the PGP signatures for features are invalid, so I'm not sure I'll be 100% successful in finding a workaround.  The following might be the best I can do on your behalf unless the PGP feature signing issue is fixed: 

https://download.eclipse.org/oomph/archive/reports-extra/2022-12-gpg/download.eclipse.org/staging/2022-12-gpg/index.html
Note that in this scenario, I am *adding *the sim-bot PGP key/signature in addition to the key/signature already present from the project.  So all PGP-signed bundles will generally have two PGP signatures, and in this exceptional case, the bundle is jar-signed and has two PGP signatures: 

https://download.eclipse.org/oomph/archive/reports-extra/2022-12-gpg/download.eclipse.org/staging/2022-12-gpg/index/bcpg_1.72.0.html
With PGP-signed features, p2 fails to validate them making them impossible to download/install, so in this case the cure is worse than the disease: 

https://download.eclipse.org/oomph/archive/reports-extra/2022-12-gpg-bad/download.eclipse.org/staging/2022-12-gpg-bad/index/org.eclipse.acceleo.equinox.launcher.feature.jar_3.7.11.202102190929.html

Perhaps this issue can be fixed in the coming days...

Regards,
Ed





_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev

Back to the top