Community
Participate
Working Groups
One of the Simultaneous Release requirements is to deliver signed jars. We need to configure our Hudson build to generate the p2 repository with signed jars. Chris already gave some hints [1] where to search for solution. Bug 332321 is used to discuss for the best solution. For the moment the Mylyn build (bug 335647) seems to be the best source of information. [1] http://dev.eclipse.org/mhonarc/lists/libra-dev/msg00038.html
I'll add that eventually you will want to sign each build ... or, at the least, each build "declared" for public testing. The reason being that once a bundle version/qualifier exists unsigned "in the wild", it will not normally be "replaced" by the signed version using normal p2 install or mirror operations. And while I've not done it from Hudson, I've heard that hudson jobs _can_ sign on eclipse infrastructure ... you just need a "copy and wait then copy back" sort of script ... but, what they can not do so easily is copy/upload to "downloads" server, which is what the ACL solution is for. At least, this is my impression from reading the bugs and cross-project list. HTH
We are working on having a maven signing plug-in available for eclipse.org projects... it's in the CQ process now though... https://dev.eclipse.org/ipzilla/show_bug.cgi?id=5096 https://bugs.eclipse.org/bugs/show_bug.cgi?id=342336 This will also help with publishing.
Thanks for the info - I will watch the progress.
Thanks to the new eclipse-maven-signing-plugin Maven plugin, the libra-indigo job now creates a signed build that is available on the following p2 repository: http://download.eclipse.org/libra/nightly
