I chimed in there as well.On 2011-01-06, at 4:51 PM, Konstantin Komissarchik wrote: Thanks for the reference, Pascal. I have re-phrased and re-opened the bug. The discussion seemed to have stalled based on security implications of having the signing key more widely available, where in my opinion that isn’t the central aspect of the requirement. Since signed deliverables is a requirement for participating on the release train, it is imperative that this is made a simple as possible. Most of the projects trying to participate in the release train don’t have dedicated releng person to continually mess with all of this. - Konstantin From: cross-project-issues-dev-bounces@xxxxxxxxxxx [mailto:cross-project-issues-dev-bounces@xxxxxxxxxxx] On Behalf Of Pascal Rapicault Sent: Thursday, January 06, 2011 1:31 PM To: Cross project issues Subject: Re: [cross-project-issues-dev] p2 repositories and eclipse.org signing On 2011-01-06, at 4:26 PM, Konstantin Komissarchik wrote:
Thanks, but that’s not quite what I am asking. If I can sign from the middle of my build on Hudson, I can do that before building the repository metadata in the first place. My question is how do I sign from the middle of the build process running on Hudson. Signing requires committer credentials, ssh to build.eclipse.org, etc. Seems incompatible with doing this during the build, yet the result needs to be post-processed after signing to be usable. Seems rather unnecessarily complicated. Can we have a blocking signing script available on Hudson hosts that would use host/hudson credentials?
I’d like to hear how people handle signing of p2 repositories. My project build produces a p2 repository archive. For my first attempt, I used eclipse.org sign script to sign the repository… Oops… The p2 repository is now corrupted. Understandable in retrospect. Signing changes the plugin and feature jars. The checksums stored in p2 metadata no longer match. So, it seems that one must perform signing in the middle of the build process running on Hudson. How would I do this given the convoluted signing infrastructure we have to use? - Konstantin_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@xxxxxxxxxxxhttps://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
|