Thanks for this reference, Kim. So this signMasterFeature target must be manually invoked by a committer after logging in somewhere? This doesn’t run as part of your build, correct?
I don’t think Hudson would need committer credentials to make signing work better. That’s a separate topic. All we need is Hudson user to be able to access the existing signing facility.
- Konstantin
From: cross-project-issues-dev-bounces@xxxxxxxxxxx [mailto:cross-project-issues-dev-bounces@xxxxxxxxxxx] On Behalf Of Kim Moir
Sent: Thursday, January 06, 2011 1:47 PM
To: Cross project issues
Subject: Re: [cross-project-issues-dev] p2 repositories and eclipse.org signing
You just need to copy a zip of the bundles you wish to sign to the appropriate signing directory for your project, invoke the signing script, and poll the output location for your signed file.
You can see how the Eclipse project does this here http://dev.eclipse.org/viewcvs/viewvc.cgi/org.eclipse.releng.eclipsebuilder/buildAll.xml?revision=1.381&view=markup in the signMasterFeature target.
Hudson doesn't have any committer credentials for security reasons. This has been discussed at length in this bug.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=285074
Yes, it's complicated :-)
Kim
From: "Konstantin Komissarchik" <konstantin.komissarchik@xxxxxxxxxx>
To: "'Cross project issues'" <cross-project-issues-dev@xxxxxxxxxxx>
Date: 01/06/2011 04:26 PM
Subject: Re: [cross-project-issues-dev] p2 repositories and eclipse.org signing
Sent by: cross-project-issues-dev-bounces@xxxxxxxxxxx
Thanks, but that’s not quite what I am asking. If I can sign from the middle of my build on Hudson, I can do that before building the repository metadata in the first place.
My question is how do I sign from the middle of the build process running on Hudson. Signing requires committer credentials, ssh to build.eclipse.org, etc. Seems incompatible with doing this during the build, yet the result needs to be post-processed after signing to be usable.
Seems rather unnecessarily complicated. Can we have a blocking signing script available on Hudson hosts that would use host/hudson credentials?
- Konstantin
From: cross-project-issues-dev-bounces@xxxxxxxxxxx [mailto:cross-project-issues-dev-bounces@xxxxxxxxxxx] On Behalf Of Kim Moir
Sent: Thursday, January 06, 2011 1:11 PM
To: Cross project issues
Subject: Re: [cross-project-issues-dev] p2 repositories and eclipse.org signing
Konstantin,
You can to use the p2.process.artifacts task to update the MD5 signatures of the bundles in your repo once they've been signed
In our build, we run it like this which updates the checksums and also creates packed files in the repo
<p2.process.artifacts repositoryPath="file://${yourrepo}" pack="true" />
http://help.eclipse.org/helios/index.jsp?topic=/org.eclipse.platform.doc.isv/guide/p2_repositorytasks.htm
Kim
From: "Konstantin Komissarchik" <konstantin.komissarchik@xxxxxxxxxx>
To: "'Cross project issues'" <cross-project-issues-dev@xxxxxxxxxxx>
Date: 01/06/2011 03:39 PM
Subject: [cross-project-issues-dev] p2 repositories and eclipse.org signing
Sent by: cross-project-issues-dev-bounces@xxxxxxxxxxx
I’d like to hear how people handle signing of p2 repositories. My project build produces a p2 repository archive. For my first attempt, I used eclipse.org sign script to sign the repository… Oops… The p2 repository is now corrupted. Understandable in retrospect. Signing changes the plugin and feature jars. The checksums stored in p2 metadata no longer match.
So, it seems that one must perform signing in the middle of the build process running on Hudson. How would I do this given the convoluted signing infrastructure we have to use?
- Konstantin_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
