Community
Participate
Working Groups
This is done using https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/eclipse/extras/produceChecksum.sh#n139 . Sravan told me we are using David Williams personal key instead of foundation one. This bug is so we figure out how/where to get Eclipse foundation gpg key in the build nodes so we can sign with it. Mickael/Fred, can you enlighten us?
New Gerrit change created: https://git.eclipse.org/r/157877
Gerrit change https://git.eclipse.org/r/157877 was merged to [master]. Commit: http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=d3795bb9bb4cafc8cbd1d7b81a5bd8b851b37a8f
Would you please guys give us info how/whether we can use gpg key?
Any hope for info here?
We can provide you (the releng project) with a gpg key the same way as we do for any project that want to deploy artifacts to maven central (where gpg signing is a prerequisite). This can only happen on the new infra (JIRO), so you will have to complete the migration to it first (i.e. https://bugs.eclipse.org/bugs/show_bug.cgi?id=552165 must be resolved). Once done, you will be able to inject the gpg key in any job gpg keychain following the first two steps from https://wiki.eclipse.org/Jenkins#How_can_artifacts_be_deployed_to_OSSRH_.2F_Maven_Central.3F For the signing itself, we will add a secret to Jenkins (the gpg private key passphrase) so that you can inject it in your build and sign with the previously added key. We will provide a FAQ entry with the detailed steps. AFAICT from the code in https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/eclipse/extras/produceChecksum.sh#n139, there are 2 different keys used in there (1 for equinox, 1 for "eclipse"). We only provide a single gpg keypair per project (here the releng project) so you will have to adapt the script a bit.
(In reply to Mikaël Barbero from comment #6) > We can provide you (the releng project) with a gpg key the same way as we do > for any project that want to deploy artifacts to maven central (where gpg > signing is a prerequisite). > > This can only happen on the new infra (JIRO), so you will have to complete > the migration to it first (i.e. > https://bugs.eclipse.org/bugs/show_bug.cgi?id=552165 must be resolved). > > Once done, you will be able to inject the gpg key in any job gpg keychain > following the first two steps from > https://wiki.eclipse.org/Jenkins#How_can_artifacts_be_deployed_to_OSSRH_. > 2F_Maven_Central.3F > > For the signing itself, we will add a secret to Jenkins (the gpg private key > passphrase) so that you can inject it in your build and sign with the > previously added key. We will provide a FAQ entry with the detailed steps. > > AFAICT from the code in > https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/ > tree/eclipse.platform.releng.tychoeclipsebuilder/eclipse/extras/ > produceChecksum.sh#n139, there are 2 different keys used in there (1 for > equinox, 1 for "eclipse"). We only provide a single gpg keypair per project > (here the releng project) so you will have to adapt the script a bit. Now that Releng JIPP is on JIRO can we proceed with this ?
I've added the required credentials along with a test job to demonstrate how to do it (see https://ci.eclipse.org/releng/job/test-gpg-sign/3/console and https://ci.eclipse.org/releng/job/test-gpg-sign/configure)
(In reply to Mikaël Barbero from comment #8) > I've added the required credentials along with a test job to demonstrate how > to do it (see https://ci.eclipse.org/releng/job/test-gpg-sign/3/console and > https://ci.eclipse.org/releng/job/test-gpg-sign/configure) I will try it shortly. thank you for your help. Reopening
New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/170837
Gerrit change https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/170837 was merged to [master]. Commit: http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=1c14d84f43164576f53f53597bf1ac150a9effed
New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/170221
Gerrit change https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/170221 was merged to [master]. Commit: http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=37b25bfa6592df0e2ba10538b7bbb7d0d98ae931
New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/171247
Gerrit change https://git.eclipse.org/r/c/platform/eclipse.platform.releng.aggregator/+/171247 was merged to [master]. Commit: http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=6589aab4b5b473ec2f2883ff0673bfb006a05ead
