Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] ACTION REQUIRED: Houston We Have a Problem

On 14/11/22 13:43, Ed Merks wrote:
*These projects need to do new builds*:

  * *org.eclipse.acceleo*
  * *org.eclipse.bpmn2*
  * *org.eclipse.dltk*
  * *org.eclipse.ecf*
  * *org.eclipse.eef*
  * *org.eclipse.emf.edapt*
  * *org.eclipse.emf.parsley*


Concerning Parsley, this would require to perform a new release, but I guess we're late to start the release procedure paperwork, aren't we?

  * *org.eclipse.fx*
  * *org.eclipse.gmf*
  * *org.eclipse.mylyn*
  * *org.eclipse.uml2*

You should *ensure that the qualifiers of your bundles and features are newer than 2021-04*, so that you don't have two the "same artifacts" but with different signatures, which is especially important if you are doing baseline replacement in your build.  I can help test your repository if you need help.  Please reach out to me.

*Everyone **needs to ensure that they consume from the next RC1 version of Orbit*, otherwise we are likely to end up with massive duplicate Orbit bundles and that is likely to cause problems.

I hope someone from Mylyn is paying attention!


Meanwhile, I'm trying to enable PGP signing of the bundles and features with this poor certificates to "repair" them.   But, Tycho does appear to detect that a signature will be ignored, provides no way to specify how to treat artifacts that already have a PGP signature (it actually produces duplicate properties in the artifacts.xml), and it appears the PGP signatures for features are invalid, so I'm not sure I'll be 100% successful in finding a workaround.  The following might be the best I can do on your behalf unless the PGP feature signing issue is fixed:

Note that in this scenario, I am *adding *the sim-bot PGP key/signature in addition to the key/signature already present from the project.  So all PGP-signed bundles will generally have two PGP signatures, and in this exceptional case, the bundle is jar-signed and has two PGP signatures:

With PGP-signed features, p2 fails to validate them making them impossible to download/install, so in this case the cure is worse than the disease:

Perhaps this issue can be fixed in the coming days...


cross-project-issues-dev mailing list
To unsubscribe from this list, visit

Back to the top