Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [p2-dev] P2 repository update failure

Please ask questions here:

https://github.com/eclipse-equinox/p2/discussions

Your problem sounds more like an issue where the signature was present but the key was not present.  Some of the very early implementation details for the PGP key support was a bit flawed with respect to how and where the keys were maintained, i.e., originally only as a property on the root of the repository.  In the later versions we always stored both the key and the signature on each artifact and ensured that mirroring/downloading always transferred/copied these properties properly.

On 06.03.2025 05:40, Amit Patil via p2-dev wrote:
Hello devs,
I am working on a product, which is a client application starter. Server side is AIX and GUI is windows. We use migration scripts to migrate the application from one version to another. Here, in version 20.4 of my application, I am using p2 repository version 2021-06, and in version 21.4 of my application, p2 repository version 2023-03 is used. Now the difference here is obviously the p2 repository, but 2021-06 p2 repo does not have any pgp signatures in its artifacts.xml file and 2023-03 does have pgp signatures in it. When I start the application, the update gets stuck and it freezes. When I debugged it, the error was this: P2 update finished but not successful. Event result: Status ERROR: org.eclipse.equinox.p2.engine code=4 An error occurred while collecting items to be installed ... Public key not found for 8074478291308066379.

It says public key not found. Now, I updated the p2 repository to 2022-06 which was the first p2 version to use pgp signatures. And the error was gone and the application got successfully updated. I want to make sure that the older p2 repository was the issue because it did not have any pgp signatures.

 If the old release does not have any signatures, why should it suddenly ask for signatures during an update to a newer version? That does not make sense. For years I have updated my private Eclipse version via p2 through all the changes (introduction of signatures, bundling the JRE with Eclipse) without problems. Only once I had to do something manually because they disabled http repositories by default. Though I do every update, so it might be that the situation is different if one jumps over four+ releases.

Can someone please help me here to confirm that not having the pgp signatures in the old p2 release was the actual root cause or was there anything else?


Thanks,
Amit Patil

_______________________________________________
p2-dev mailing list
p2-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/p2-dev


Back to the top