Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 347242

Summary: Sign the artifacts for a release build
Product: z_Archived Reporter: Hugues Malphettes <hmalphettes>
Component: RTPAssignee: Hugues Malphettes <hmalphettes>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: contact, gregory.amerson, sbernard
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:

Description Hugues Malphettes CLA 2011-05-25 22:00:15 EDT 
The dash project has released a signing plugin that works with tycho and the eclipse-repository.
The linux tool project made it work as kindly reported by Andrew in bug 347041.
Here is their pom.xml:
http://git.eclipse.org/c/linuxtools/org.eclipse.linuxtools.git/plain/releng/org.eclipse.linuxtools.releng-site/pom.xml

Time to follow their example.
Comment 1 Hugues Malphettes CLA 2011-05-26 00:01:57 EDT 
The published repository is signed.

However the materialized products contain the unsigned bundles and features.

This is because tycho uses its 'internal' p2 repositories to invoke director.
Those internal directories don't use the signed artifacts.
For example in https://hudson.eclipse.org/hudson/job/rtp-packages/153/console

[INFO] Calling director with arguments: [-metadatarepository, file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.products/target/publisherRepository/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.basic.feature/target/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.web.feature/target/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.products/target/targetPlatformRepository/, -artifactrepository, file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.products/target/publisherRepository/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.basic.feature/target/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.web.feature/target/,file:/opt/users/hudsonbuild/.hudson/jobs/rtp-packages/workspace/.repository/, -installIU, org.eclipse.rtp.package.basic, -destination, /opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.products/target/products/org.eclipse.rtp.package.basic/linux/gtk/x86/rt-basic-incubation-0.1.0.v20110525-2320-N, -profile, DefaultProfile, -profileProperties, org.eclipse.update.install.features=true, -roaming, -p2.os, linux, -p2.ws, gtk, -p2.arch, x86]
Installing org.eclipse.rtp.package.basic 0.1.0.v20110525-2320.
Comment 2 Hugues Malphettes CLA 2011-05-26 19:10:33 EDT 
Well for the moment, the materialized products won't be signed:
http://dev.eclipse.org/mhonarc/lists/tycho-dev/msg00137.html
tycho will come up with its own signing mechanism in due time.
Comment 3 Hugues Malphettes CLA 2011-05-26 19:12:01 EDT 
(In reply to comment #2)
> Well for the moment, the materialized products won't be signed:
> http://dev.eclipse.org/mhonarc/lists/tycho-dev/msg00137.html
The correct link:
http://dev.eclipse.org/mhonarc/lists/tycho-user/msg00259.html

> tycho will come up with its own signing mechanism in due time.
Comment 4 Hugues Malphettes CLA 2012-05-03 20:51:06 EDT 
Here is how we worked-around the problem at the time:
Break this into 2 cascading tycho builds.

1- first build: compile all the bundles and publish them in a p2 repository.
move the repository generated to an http server where it is served.
All the bundles in that repo are signed.

2- second build: point at the newly published repository and materialize the products. The products only contain signed bundles.

Of course a single build would be a lot better.
A year has passed and maybe this workaround is obsolete?