Re: [tycho-dev] Processing artifacts from a p2 update site generated by

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module

From: "Sievers, Jan" <jan.sievers@xxxxxxx>
Date: Fri, 23 Jun 2017 12:52:13 +0000
Accept-language: en-US
Delivered-to: tycho-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/tycho-dev>
List-help: <mailto:tycho-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/tycho-dev>, <mailto:tycho-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/tycho-dev>, <mailto:tycho-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHS624++MFJrAttek2DzhPO30EX06IyaDWA
Thread-topic: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
User-agent: Microsoft-MacOutlook/f.23.0.170610

I don't have a running build with code signing myself but I know the eclipse platform build does using eclipse-jarsigner-plugin.
AFAIK they sign individal jars for each plugin/feature by replacing them in the corresponding target/ folder.

Perhaps looking at
https://github.com/eclipse/eclipse.platform.releng.aggregator/blob/master/eclipse-platform-parent/pom.xml

could help. Or try to contact cbi-dev@xxxxxxxxxxx

Regards
Jan

On 22.06.17, 17:42, "tycho-dev-bounces@xxxxxxxxxxx on behalf of Robert Munteanu" <tycho-dev-bounces@xxxxxxxxxxx on behalf of robert.munteanu@xxxxxxxxx> wrote:

Hi,

I am trying to get code signing to work with Tycho. I am required to
use a third-party code signing service, which expects me to upload
multiple jar files and in return will give me the signed files.

My first attempt was to write a small Maven plug-in which does just
that and configure it in my eclipse-repository module. However, I
can't insert it in the right point. I would assume this would be
between default-assemble-repository and default-archive-repository, so
that the plug-ins are located under target/repository/plugins but the
metadata is not yet generated. prepare-package is too early, package
is too late.

My second attempt was to manually perform the code signing and replace
the files. However, according to [1] this is not a safe approach.

Third attempt is to locate the reactor dependencies at runtime and
sign those artifacts. WIth a snippet like

for (Artifact dep : project.getDependencyArtifacts() ) {
getLog().info("Found dependency " + dep + " at " +
dep.getFile());
}

I would only get the eclipse-feature dependencies from the reactor,
and dep.getFile() returns null.

At this point I'm out of ideas.

How can I process the artifacts included in an eclipse-repository
before the packaging occurs?

Thanks,

Robert

(Please keep me on CC, I'm not subscribed to this list)

[1]: https://www.eclipse.org/forums/index.php/t/1084723/

--
http://robert.muntea.nu/
_______________________________________________
tycho-dev mailing list
tycho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/tycho-dev

Follow-Ups:
- Re: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
  - From: Sievers, Jan

References:
- [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
  - From: Robert Munteanu

Prev by Date: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
Next by Date: Re: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
Previous by thread: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
Next by thread: Re: [tycho-dev] Processing artifacts from a p2 update site generated by an eclipse-repository module
Index(es):
- Date
- Thread

Breadcrumbs