Comments below.
On 17.12.2021 07:46, Aleksandar
Kurtakov wrote:
Has the platform
decided to bypass Orbit to produce IUs directly from
some other sources? I'm not sure how the multiple
versions of such IUs
on the release train will be (or even can be) coordinated
across
projects if the general new approach is that each project
produces such
things purely for its own purpose from whatever sources it
deems fit.
Also, the artifacts are not signed, which is the reason
that I noticed:
https://download.eclipse.org/oomph/archive/reports/download.eclipse.org/eclipse/updates/4.23-I-builds/index.html
Note that once an unsigned version of some specific
artifact ID is out
there is the wild (in someone's bundle pool), it's
extremely hard to
stamp it out unless a new version with a new artifact ID
is created to
supersede it.
Perhaps the platform has decided that PGP signatures are
now deemed to
be fully secure and fully feature complete such that
signatures are
obsolete? This is not the expectation I have based
Planning Council
discussions.
Platform is not contributing these to release train so
no issue for release train for now!
That appears to be the case given these particular IUs are not on
the current train.
A proof of concept is arguably useful.
Here is what happens when the installer tries to install
org.mockito.mockito-core into a Platform SDK IDE:
java.lang.NullPointerException
at
org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker.buildPGPTrustore(CertificateChecker.java:311)
at
org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker$1.get(CertificateChecker.java:63)
at
org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker$1.get(CertificateChecker.java:1)
at
org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker.checkCertificates(CertificateChecker.java:126)
at
org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker.start(CertificateChecker.java:83)
at
org.eclipse.equinox.internal.p2.engine.phases.CheckTrust.completePhase(CheckTrust.java:63)
at
org.eclipse.equinox.internal.p2.engine.Phase.postPerform(Phase.java:254)
at
org.eclipse.equinox.internal.p2.engine.Phase.perform(Phase.java:105)
at
org.eclipse.equinox.internal.p2.engine.PhaseSet.perform(PhaseSet.java:50)
at
org.eclipse.equinox.internal.p2.engine.Engine.perform(Engine.java:80)
at
org.eclipse.equinox.internal.p2.engine.Engine.perform(Engine.java:48)
at
org.eclipse.equinox.internal.provisional.p2.director.PlanExecutionHelper.executePlan(PlanExecutionHelper.java:46)
at
org.eclipse.oomph.p2.internal.core.ProfileTransactionImpl$3.commit(ProfileTransactionImpl.java:549)
at
org.eclipse.oomph.p2.internal.core.ProfileTransactionImpl.commit(ProfileTransactionImpl.java:345)
at
org.eclipse.oomph.setup.p2.impl.P2TaskImpl.perform(P2TaskImpl.java:905)
at
org.eclipse.oomph.setup.internal.core.SetupTaskPerformer.doPerformNeededSetupTasks(SetupTaskPerformer.java:3851)
at
org.eclipse.oomph.setup.internal.core.SetupTaskPerformer.performNeededSetupTasks(SetupTaskPerformer.java:3779)
at
org.eclipse.oomph.setup.internal.core.SetupTaskPerformer.performTriggeredSetupTasks(SetupTaskPerformer.java:3760)
at
org.eclipse.oomph.setup.internal.core.SetupTaskPerformer.perform(SetupTaskPerformer.java:3638)
at
org.eclipse.oomph.setup.ui.wizards.ProgressPage$9.run(ProgressPage.java:600)
at
org.eclipse.oomph.setup.ui.wizards.ProgressPage$11$1.run(ProgressPage.java:727)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Why? Because
org.eclipse.equinox.internal.p2.engine.phases.CheckTrust.completePhase(IProgressMonitor,
IProfile, Map<String, Object>) knows the profile, but the
certificate checker doesn't know to check that profile but rather
checks the self profile. I imagine the p2 director will have such
problems too, or perhaps it will not fail but also might not
actually check the correct profile...