Community
Participate
Working Groups
Created attachment 132260 [details] screenshot p2 error Steps to repro: 1. Launch a clean Eclipse 3.4.2 or 3.5M6. 2. Download the following p2 repos: http://download.eclipse.org/tools/ve/downloads/drops/1.4.0/I200904091439/VE-Update-I200904091439.zip (signed) http://download.eclipse.org/tools/ve/downloads/drops/1.4.0/N200904091802/VE-Update-N200904091802.zip (unsigned) 3. Install first the I build (all features in the zip). Notice the errors - see screenshot. 4. Cancel; install the N build (all features in the zip). Notice there are no errors. 5. Uninstall VE features. Restart. 6. Remove the I and N builds from the list of available sites to avoid confusion. 7. Unpack the I build into a folder. 8. Install VE features from the unpacked I build p2 repo. Restart when prompted. Bottom line: Installing from zipped p2 repo: fail. Installing from unpacked p2 repo: success! Can p2 just unpack the zip behind the scenes, then treat it like a normal install from non-zipped p2 repo? This would probably solve bug 269199 as well.
(In reply to comment #0) I was surprised as well once I managed to install from the signed I-build (zipped one). Unfortunately it turned out that un-installing VE Feature (after installing it from unsigned N-build) does not remove installed features/plugins (probably in order to support reverting via Installation History). I've found out that on following install from signed I-build existing plugins/features will be used (since I and N build plugins/features are version number identical) and installation will be successful since p2 will be able to find previously missing artefacts (org.eclipse.ve.swt_1.4.0.HEAD.jar and org.eclipse.ve.jfc_1.4.0.HEAD.jar) > Bottom line: > > Installing from zipped p2 repo: fail. > Installing from unpacked p2 repo: success! > Installing from zipped p2 repo: succeeds as well.
Created attachment 132357 [details] VE Plugins after installing from unsigned N-Build All plugins are unsigned as expected. When installing in "clean" eclipse platform.
Created attachment 132358 [details] VE Plugins after installing from signed I-Build after previously installed from N-Build mixed Signed/Unsigned plugins after installing from signed I-Build with previously installed/uninstalled VE Feature from N-Build.
It appears that the pack.gz is attempted first but the SignatureVerifier processing step is failing (see below), an attempt is then made to transfer the canonical version of the artifacts which don't exist. Logically we should try and surface the first error, rather than the attempt to download a non-existent artifact. Status from the pack.gz failure: Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Result of processing steps. null children=[Status ERROR: org.eclipse.equinox.p2.artifact.repository code=4 File has invalid content:C:\DOCUME~1\mpiggott\LOCALS~1\Temp\signatureFile10236.jar null children=[Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/jem/internal/proxy/swt/DisplayManager$DisplayRunnable.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/jem/internal/proxy/swt/DisplayManager$DisplayRunnable.class" in the jar "C:\DOCUME~1\mpiggott\LOCALS~1\Temp\signatureFile10236.jar" has been tampered! Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/rcp/WorkbenchPartGraphicalEditPart$ConstraintHandler$VisualComponentListener.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/rcp/WorkbenchPartGraphicalEditPart$ConstraintHandler$VisualComponentListener.class" in the jar "C:\DOCUME~1\mpiggott\LOCALS~1\Temp\signatureFile10236.jar" has been tampered! Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/swt/GridLayoutComponentPage.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/swt/GridLayoutComponentPage.class" in the jar "C:\DOCUME~1\mpiggott\LOCALS~1\Temp\signatureFile10236.jar" has been tampered! Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/swt/ImageController$ImageFileFilter.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/swt/ImageController$ImageFileFilter.class" in the jar "C:\DOCUME~1\mpiggott\LOCALS~1\Temp\signatureFile10236.jar" has been tampered! Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/swt/ImageController.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/swt/ImageController.class" in the jar "C:\DOCUME~1\mpiggott\LOCALS~1\Temp\signatureFile10236.jar" has been tampered! Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jface/codegen/ViewerConstructorDecoderHelper.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jface/codegen/ViewerConstructorDecoderHelper.class" in the jar "C:\DOCUME~1\mpiggott\LOCALS~1\Temp\signatureFile10236.jar" has been tampered!]]
Created attachment 132616 [details] Merge download errors. Upon closer inspection of the contents of the zip's artifacts.jar, it contains ArtifactDescriptors for both packed, and jar versions of the artifacts. This is the cause of missing artifact error. Perhaps when a packed ArtifactDescriptor download fails and we attempt a canonical ArtifactDescriptor, in the event of a second failure the statuses should be combined.
Matt did you trim the error message reported in #4? I don't see the name of the artifact.
(In reply to comment #6) > Matt did you trim the error message reported in #4? I don't see the name of the > artifact. > Two artifacts were reported missing as in original "screenshot" shown. I captured following while debugging on 3.5M6: First: descriptor ArtifactDescriptor (id=6547) canonical: osgi.bundle,org.eclipse.ve.jfc,1.4.0.HEAD allStatus (SignatureVerifier [line: 93] - verifyContent()): [Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/ComponentProxyAdapter.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/ComponentProxyAdapter.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/NonBoundsBeanPropertySource.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/NonBoundsBeanPropertySource.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/JFCPreferencePageContents.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/JFCPreferencePageContents.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/JFCVisualPlugin.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/JFCVisualPlugin.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/BorderLayoutConstraintsPropertyEditor.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/BorderLayoutConstraintsPropertyEditor.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/ComponentProxyAdapter$2.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/ComponentProxyAdapter$2.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/ChoiceProxyAdapter.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/ChoiceProxyAdapter.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/LayoutManagerCellEditor.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/LayoutManagerCellEditor.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/ComponentManager$3.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/ComponentManager$3.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/ComponentProxyAdapter$1.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/ComponentProxyAdapter$1.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jfc/core/JTableProxyAdapter.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jfc/core/JTableProxyAdapter.class" in the jar "/tmp/signatureFile7878403459474417079.jar" has been tampered!] Second: descriptor ArtifactDescriptor (id=6517) canonical: osgi.bundle,org.eclipse.ve.swt,1.4.0.HEAD allStatus (SignatureVerifier [line: 93] - verifyContent()): [Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/swt/GridLayoutComponentPage.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/swt/GridLayoutComponentPage.class" in the jar "/tmp/signatureFile6774710467084639313.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/jem/internal/proxy/swt/DisplayManager$DisplayRunnable.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/jem/internal/proxy/swt/DisplayManager$DisplayRunnable.class" in the jar "/tmp/signatureFile6774710467084639313.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/rcp/WorkbenchPartGraphicalEditPart$ConstraintHandler$VisualComponentListener.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/rcp/WorkbenchPartGraphicalEditPart$ConstraintHandler$VisualComponentListener.class" in the jar "/tmp/signatureFile6774710467084639313.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/swt/ImageController.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/swt/ImageController.class" in the jar "/tmp/signatureFile6774710467084639313.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/jface/codegen/ViewerConstructorDecoderHelper.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/jface/codegen/ViewerConstructorDecoderHelper.class" in the jar "/tmp/signatureFile6774710467084639313.jar" has been tampered!, Status ERROR: org.eclipse.equinox.p2.artifact.repository code=0 Invalid content:org/eclipse/ve/internal/swt/ImageController$ImageFileFilter.class org.eclipse.osgi.signedcontent.InvalidContentException: The file "org/eclipse/ve/internal/swt/ImageController$ImageFileFilter.class" in the jar "/tmp/signatureFile6774710467084639313.jar" has been tampered!] Instead of reporting verification problems for those two artifacts only missing artifacts errors were reported.
Created attachment 132768 [details] MirrorRequest & JarComparator patch Pascal was referring to a change in bug 271792 where we cleaned up some of the error messages in comparators. It appears the code for the MD5ArtifactComparator was committed but JarComparator was missed for whatever reason. I've also made a slight change to the patch for MirrorRequest. Initially I had thought to merge the statuses when the canonical transfer status was not OK, after thinking about it more I've changed to only merge if the canonical severity is equal to or greater than optimized (packed). This would prevent the optimized status from dominating the canonical if its more severe (ugh), for example if the if the canonical returned an INFO status, while the optimized returned an ERROR, the original change would have resulted in an overall ERROR status.
I have released the mirrorrequest part of the patch. - We still need to have a regression test - Review if failure in the Signaturestep is properly reported - Review the jarcomparator patch.
Created attachment 133381 [details] Test Case Test case, data to follow
Created attachment 133382 [details] testData/mirror/invalidPackedMissingCanonical.zip
I released the test attached.
> [Original Bug Title] > Cannot install signed packed jars from zipped p2 repo (In reply to comment #12) > I released the test attached. So, once this makes its way into releng.basebuilder (next week?) and is tagged/released (R35_M7) I should be able to install from a p2 repo zip containing signed plugins/*.jar.pack.gzs, without having to unzip the repo first. Correct?
(In reply to comment #13) > > [Original Bug Title] > > Cannot install signed packed jars from zipped p2 repo > > (In reply to comment #12) > > I released the test attached. > > So, once this makes its way into releng.basebuilder (next week?) and is > tagged/released (R35_M7) I should be able to install from a p2 repo zip > containing signed plugins/*.jar.pack.gzs, without having to unzip the repo > first. > > Correct? > Sorry for the confusion, the problem is with this zipped repository. The pack.gz files in the repository don't pass signature verification. The repository in the zip also contains the information for the JAR version of the files, but not the files themselves. So what happens when installing from the zip: - packed file is extracted from zip - signed content verification fails - attempt to extract JAR from the archive fails I don't know if this is the cause of the signature verification, but I've heard that if a signed jar will be packed, prior to signing the jar it should be packed, and unpacked to normalize it.