|Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?|
I'm not a ware of such a feature yet in tycho, so maybe it would be worth to open an enhancement request.
This could be useful anyways for other use case, e.g. one might want to obfuscate, encrypt, whatever the content of a jar before it is placed inside a product/updatesite...
Am 06.01.21 um 13:59 schrieb Johan Compagner:
isn't the maven-jarsigner-plugin only used for plugins that you build yourself? So the plugin projects with pom files that are compiled, built, repacked, and signed by tycho?But that's not what i talk about one example is this:servoy-eclipse/pom.xml at master · Servoy/servoy-eclipse (github.com) <https://github.com/Servoy/servoy-eclipse/blob/master/shipplugins/pom.xml#L110>andthen the category file: servoy-eclipse/category.xml at master · Servoy/servoy-eclipse (github.com) <https://github.com/Servoy/servoy-eclipse/blob/master/shipplugins/category.xml>which makes a p2 site for us where the jars are coming from all kinds of things (mostly from maven central)but those jars are for the most part not signed..So I end up with a generated repository with all kinds of jars that are not signed.And this is a p2 site that i generate from all kinds of maven central jars so we can build our productso our target file points to the above p2 site:servoy-eclipse/com.servoy.eclipse.target.target at master · Servoy/servoy-eclipse (github.com) <https://github.com/Servoy/servoy-eclipse/blob/master/launch_targets/com.servoy.eclipse.target.target#L19>(like orbit) But for example we also use chromium in our target file:servoy-eclipse/com.servoy.eclipse.target.target at master · Servoy/servoy-eclipse (github.com) <https://github.com/Servoy/servoy-eclipse/blob/master/launch_targets/com.servoy.eclipse.target.target#L16>but that 3rd party site has jars that are also not signed by the maker of that site.So i like to when i build or product sign those jars that are included in our full product/repo also just to be signed by our certificateOn Wed, 6 Jan 2021 at 12:24, Mickael Istria <mistria@xxxxxxxxxx <mailto:mistria@xxxxxxxxxx>> wrote:Can you please elaborate what specifically is preventing you from using the maven-jarsigner-plugin? I don't think there is a fundamental reason for this to not work, I imagine it can be made to work. _______________________________________________ tycho-user mailing list tycho-user@xxxxxxxxxxx <mailto:tycho-user@xxxxxxxxxxx> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/tycho-user <https://www.eclipse.org/mailman/listinfo/tycho-user> -- Johan Compagner Servoy _______________________________________________ tycho-user mailing list tycho-user@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/tycho-user
Back to the top