Community
Participate
Working Groups
The dash project has released a signing plugin that works with tycho and the eclipse-repository. The linux tool project made it work as kindly reported by Andrew in bug 347041. Here is their pom.xml: http://git.eclipse.org/c/linuxtools/org.eclipse.linuxtools.git/plain/releng/org.eclipse.linuxtools.releng-site/pom.xml Time to follow their example.
The published repository is signed. However the materialized products contain the unsigned bundles and features. This is because tycho uses its 'internal' p2 repositories to invoke director. Those internal directories don't use the signed artifacts. For example in https://hudson.eclipse.org/hudson/job/rtp-packages/153/console [INFO] Calling director with arguments: [-metadatarepository, file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.products/target/publisherRepository/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.basic.feature/target/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.web.feature/target/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.products/target/targetPlatformRepository/, -artifactrepository, file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.products/target/publisherRepository/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.basic.feature/target/,file:/opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.web.feature/target/,file:/opt/users/hudsonbuild/.hudson/jobs/rtp-packages/workspace/.repository/, -installIU, org.eclipse.rtp.package.basic, -destination, /opt/public/jobs/rtp-packages/workspace/packages/org.eclipse.rtp.package.products/target/products/org.eclipse.rtp.package.basic/linux/gtk/x86/rt-basic-incubation-0.1.0.v20110525-2320-N, -profile, DefaultProfile, -profileProperties, org.eclipse.update.install.features=true, -roaming, -p2.os, linux, -p2.ws, gtk, -p2.arch, x86] Installing org.eclipse.rtp.package.basic 0.1.0.v20110525-2320.
Well for the moment, the materialized products won't be signed: http://dev.eclipse.org/mhonarc/lists/tycho-dev/msg00137.html tycho will come up with its own signing mechanism in due time.
(In reply to comment #2) > Well for the moment, the materialized products won't be signed: > http://dev.eclipse.org/mhonarc/lists/tycho-dev/msg00137.html The correct link: http://dev.eclipse.org/mhonarc/lists/tycho-user/msg00259.html > tycho will come up with its own signing mechanism in due time.
Here is how we worked-around the problem at the time: Break this into 2 cascading tycho builds. 1- first build: compile all the bundles and publish them in a p2 repository. move the repository generated to an http server where it is served. All the bundles in that repo are signed. 2- second build: point at the newly published repository and materialize the products. The products only contain signed bundles. Of course a single build would be a lot better. A year has passed and maybe this workaround is obsolete?
