Hi Mikael, I am very excited about the digestAlgorithm option because I hope it can be the solution for Eclipse Bug 378155 [1]. The issue is that the plugins which are signed with the eclipse-jarsigner-plugin cannot be installed on Eclipse Indigo and earlier. I tried to use the TestServer to see if I can sign the plugins with SHA-1 so they can be successfully installed on Eclipse Indigo, but I've hit some roadblocks.
1. The full qualified class name must be provided in the command, i.e. org.eclipse.cbi.webservice.signing.jar.TestServer. This was easy to resolve. 2. I get a NullPointerException when starting the Test Server. I looked at the source code to find that this is due to missing HTTP_PROXY environment variable on my system. My system has a direct Internet connection, so it does not make sense to define such variables. I had to checkout the code, comment some lines and run it from Eclipse to resolve this issue. 3. The signing with the Test Server is very slow. It takes around a minute to sign a single jar file. My CPU is not utilized at all. I have no solution for this. 4. I tried using the SHA_1 digest algorithm, but the result is not the same as the JAR being signed with Java 6. I have "SHA-1-Digest" headers in he MANIFEST.MF file instead of "SHA1-Digest". Note the extra dash. So, the installation of these plugins on Eclipse Indigo is still not successful. I did not find a valid configuration for the digestAlgorithm option to get the correct "SHA1-Digest" header. I tried with SHA1, but I got an error that it is not a valid value. I hope you can give me some hints how I can use version 1.1.3-SNAPSHOT to sign the plugins in a way that they can be installed successfully on Eclipse Indigo. [1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=378155 Thanks, Kaloyan On Tue, Oct 20, 2015 at 1:36 PM, Mikael Barbero <[email protected]> wrote: > Hi, > > I just released version 1.1.3-SNAPSHOT of CBI maven plugins. Please give > it a try. You should only need to change the version from whatever you use > to 1.1.3-SNAPSHOT. Here is the list of changes: > > * A lot of things have changed under the hood to provide better > reliability and the plugins are now extensively tested. > > * A new plugin has appeared ( > https://www.eclipse.org/cbi/sitedocs/1.1.3-SNAPSHOT/eclipse-dmg-packager/package-dmg-mojo.html) > thanks to Pascal Rapicault: the dmg packager. It gives you the possibility > to package an OS X application as a DMG (Apple's .msi equivalent). Please > note that this plugin is still in beta-stage, but feedback is more than > welcome! > > * Two new options has been added to the jarsigner plugin (to fix > https://bugs.eclipse.org/bugs/show_bug.cgi?id=473402): > - digestAlgorithm ( > https://www.eclipse.org/cbi/sitedocs/1.1.3-SNAPSHOT/eclipse-jarsigner-plugin/sign-mojo.html#digestAlgorithm > ) > - resignStrategy ( > https://www.eclipse.org/cbi/sitedocs/1.1.3-SNAPSHOT/eclipse-jarsigner-plugin/sign-mojo.html#resigningStrategy > ) > > * Non qualified properties (e.g. -DcontinueOnFail) have been deprecated in > favor of qualified properties (-D cbi.jarsigner.continueOnFail) to avoid > collision with other plugins. Non qualified properties are still supported, > but they are implemented by parameter starting with "deprecated". It should > not changed anything for people who don't use user properties (i.e. '-D' on > the maven command line). If you do, you will see a deprecation warning. > > * Staging documentation is available here > https://www.eclipse.org/cbi/sitedocs/1.1.3-SNAPSHOT/. You will see that > documentation for a low-level plugin is now available ( > https://www.eclipse.org/cbi/sitedocs/1.1.3-SNAPSHOT/eclipse-cbi-plugin/plugin-info.html > ) > > * A standalone test server is available to help people debug jar signing > locally, without the need to run builds on the Eclipse servers. Just > download > https://repo.eclipse.org/content/repositories/cbi/org/eclipse/cbi/jar-signing-service/1.0.0-SNAPSHOT/jar-signing-service-1.0.0-20151020.095931-22.jar > and > https://repo.eclipse.org/content/repositories/cbi/org/eclipse/cbi/jar-signing-service/1.0.0-SNAPSHOT/jar-signing-service-1.0.0-20151020.095931-22-tests.jar > (or > more recent) and run the following command > > java -cp > /path/where/you/download/the/jars/jar-signing-service-1.0.0-20151020.095931-22.jar:/path/where/you/download/the/jars/jar-signing-service-1.0.0-20151020.095931-22-tests.jar: > TestServer > > It will print an URL (like http://localhost:3138/jarsigner) that you can > add to your maven build (-Dcbi.jarsigner.signerUrl= > http://localhost:3138/jarsigner) and it will sign your jars locally with > a dummy certificate. You can pass --help to see the options you can give to > the TestServer > > Thanks. > Mikael > > _______________________________________________ > cross-project-issues-dev mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev >
_______________________________________________ cross-project-issues-dev mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
