Bugzilla – Full Text Bug Listing
| Summary: | Signing plugin produces md5sum errors | ||
|---|---|---|---|
| Product: | [Technology] Dash | Reporter: | Andrew Overholt <overholt> |
| Component: | Maven | Assignee: | David Carver <d_a_carver> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | P3 | CC: | david_williams, d_a_carver, gunnar, hmalphettes, jesse.mcconnell, vivkong |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Whiteboard: | |||
|
Description
Andrew Overholt
the pack -> sign -> repack -> fix process chains together
the first pack is given an input file, in your case:
<inputFile>${project.build.directory}/org.eclipse.linuxtools.releng-site.zip</inputFile>
that filename is then used throughout the process, but each mojo dumps its output into a subdir
so the input to the sign mojo would be:
<inputFile>${project.build.directory}/packed/org.eclipse.linuxtools.releng-site.zip</inputFile>
and then the input into the repack mojo would be
<inputFile>${project.build.directory}/signed/org.eclipse.linuxtools.releng-site.zip</inputFile>
and lastly the input into the fix checksum mojo would be once more
<inputFile>${project.build.directory}/packed/org.eclipse.linuxtools.releng-site.zip</inputFile>
leaving you with a file product in
<outputFile>${project.build.directory}/fixed/org.eclipse.linuxtools.releng-site.zip</outputFile>
unless you change that last one...it ought to work like the others but I think I was a goober and didn't think of it at the time.
It works without messing with any of these params (aside from the input into the repack) if you start the whole process with site_assembly.zip as the filename....so if you don't do that then you'll have to adjust the inputs and outputs accordingly for each mojo configuration. but it should make pretty good sense if you think of it as a bit of a chain of events.
let me know if this helps!
Hope I'm not repeating what Jesse said (skim reading ... :) and I'm not familiar with "the signing plugin" but there has been surprises, in the past, that various steps in the general process will "touch" (even modify) jars in ways that are not always expected (for example, even if they have already been signed!). For some discussion, see bug 275094. As far as I know, the solution is to always run "p2.process.artifacts" as the final step (optionally, with 'pack' attribute). to quote a quote from bug 275094 <quote> A way to fix MD5 sums in the artifacts.xml is to run <p2.process.artifacts repositoryPath="file:/${repo}" /> </quote> Just in case the info/history helps. (sorry, I unintentionally changed status flag, so now changing back to 'assigned'). Thanks for the clarification, Jesse!
Chris Aniszczyk actually did this work and I hadn't looked at it in much detail until just now. I think I have the proper file-names fixed up for the <inputFile> sections but what about the maven-antrun-plugin call? At present we have (at [1]):
<copy includeemptydirs="false"
todir="/home/data/httpd/download.eclipse.org/technology/linuxtools/updates-nightly">
<fileset dir="target/checksumFix">
<include name="**" />
</fileset>
but I wonder if this should be replaced with unzipping "${project.build.directory}/fixed/org.eclipse.linuxtools.releng-site.zip"?
[1]
http://git.eclipse.org/c/linuxtools/org.eclipse.linuxtools.git/tree/releng/org.eclipse.linuxtools.releng-site/pom.xml#n112
I've made some changes to our pom.xml [1] but the most recent build [2] still gives MD5sum errors. I tried using the contents of the checksumFix directory but also has md5sum errors. Anyone know what I'm doing wrong at [1]? I've made the build job's workspace [3] publicly accessible so anyone should be able to see it [3]. [1] http://git.eclipse.org/c/linuxtools/org.eclipse.linuxtools.git/tree/releng/org.eclipse.linuxtools.releng-site/pom.xml [2] https://hudson.eclipse.org/hudson/job/cbi-linuxtools-Indigo/320/ [3] https://hudson.eclipse.org/hudson/job/cbi-linuxtools-Indigo/ws/releng/org.eclipse.linuxtools.releng-site/target looks like one issue is that _ is used in both package names and in osgi version strings with breaks the fix checksum bits of the mojo A new snapshot has been deployed. 1.0.1.0-SNAPSHOT Update your repository for your maven plugins to pull from the following location. http://maven.eclipse.org/nexus/content/groups/public/ This latest version appears to have worked! I was able to install without md5sum errors and verify that things are signed. Thanks! Has anyone had success with an 'eclipse-repository' project and would mind sharing such a project? (In reply to comment #9) > Has anyone had success with an 'eclipse-repository' project and would mind > sharing such a project? Linux Tools uses such a project: http://git.eclipse.org/c/linuxtools/org.eclipse.linuxtools.git/tree/releng/org.eclipse.linuxtools.releng-site/pom.xml mvn -fn -Dmaven.test.failure.ignore=true -U -e clean install We append "-P build-server" on hudson.eclipse.org to use this plugin: https://hudson.eclipse.org/hudson/job/cbi-linuxtools-Indigo/ (In reply to comment #10) > (In reply to comment #9) > > Has anyone had success with an 'eclipse-repository' project and would mind > > sharing such a project? > > Linux Tools uses such a project: > > http://git.eclipse.org/c/linuxtools/org.eclipse.linuxtools.git/tree/releng/org.eclipse.linuxtools.releng-site/pom.xml > > mvn -fn -Dmaven.test.failure.ignore=true -U -e clean install > > We append "-P build-server" on hudson.eclipse.org to use this plugin: > > https://hudson.eclipse.org/hudson/job/cbi-linuxtools-Indigo/ Thanks a lot Andrew. We will be following your example at RTP: bug 347242 Re-Opening, as I want to deploy this to a milestone repository. If anybody else gets the current snapshot working successfully, please comment here, as I would like another verification point besides Linux tools. Once verified, I'll, deploy a 1.0.1 version of the plugin. Re-Assigning to myself for the final deployment. The plugin worked for RTP. Be aware that only the published repository contains the signed artifacts. For example if you are generating some product archives they won't contain the signed artifacts: http://dev.eclipse.org/mhonarc/lists/tycho-user/msg00259.html Dave, Jesse, before you do a release could you look into bug 347591: The MD5 checksums are correct but it looks like there are a couple of issues remaining. Andrew, I looked into the builds of linuxtools and I suspect that they are also affected. I have added you in cc of that bug. Thanks, Hugues. This has been deployed to the milestone repo. Everybody should be using 1.0.1 now. (In reply to comment #1) > > and lastly the input into the fix checksum mojo would be once more > > <inputFile>${project.build.directory}/packed/org.eclipse.linuxtools.releng-site.zip</inputFile> > > leaving you with a file product in > > <outputFile>${project.build.directory}/fixed/org.eclipse.linuxtools.releng-site.zip</outputFile> I'm using the signing plugin to sign and fix MD5 checksum but I can't find a zip file in the ${project.build.directory}/fixed directory. Am I missing something? I'm using the 1.0.1.2 SNAPSHOT: http://git.eclipse.org/c/cdt/org.eclipse.cdt.git/tree/releng/org.eclipse.cdt.repo/pom.xml?h=cdt_7_0 |