Hi, Effective immediately, we are deprecating the usage the command line signing service (aka /usr/bin/sign).
Most certainly, this will only affect you if you use Buckminster as a build system (because Buckminster can only sign jars via /usr/bin/sign service). If you use Tycho, you're not concerned. There are two strategies for Buckminster users: 1- Migrate to a modern / maintained build plugin system (see Buckminster's activity - https://projects.eclipse.org/projects/tools.buckminster). See Tycho documentation (https://wiki.eclipse.org/Tycho/Pack200#Pack200_and_Signing <https://wiki.eclipse.org/Tycho/Pack200#Pack200_and_Signing>) and CBI Jarsigner Maven plugin (https://www.eclipse.org/cbi/maven-plugins/documentation/latest/eclipse-jarsigner-plugin/sign-mojo.html <https://www.eclipse.org/cbi/maven-plugins/documentation/latest/eclipse-jarsigner-plugin/sign-mojo.html>) for how to add jar signing to a Tycho build. 2- Deactivate signing in Buckminster and do the repacking and the signing phase as a post build step. You will need to do some shell scripting (in your CI instance) to browse all the jars, pack200/unpack200 them (aka repack) and then sign them. To sign a jar, you can use the webservice that the CBI maven plugin uses in the background (see the Jar signing web service documentation for details - https://wiki.eclipse.org/IT_Infrastructure_Doc#Web_service_.28Instant.29 <https://wiki.eclipse.org/IT_Infrastructure_Doc#Web_service_.28Instant.29>). If option 2 is chosen and highly motivated, we can provide some assistance with the shell script (fill a bug under CBI/Signing-Service https://bugs.eclipse.org/bugs/enter_bug.cgi?product=CBI&component=signing-service <https://bugs.eclipse.org/bugs/enter_bug.cgi?product=CBI&component=signing-service>). I've updated our documentation (https://wiki.eclipse.org/IT_Infrastructure_Doc#Deprecated_-_ZIP_and_JAR_files_from_the_command_line_.28queued_or_not.29 <https://wiki.eclipse.org/IT_Infrastructure_Doc#Deprecated_-_ZIP_and_JAR_files_from_the_command_line_.28queued_or_not.29>) to mention the deprecation. A bug has been created to keep track of the termination (https://bugs.eclipse.org/bugs/show_bug.cgi?id=521263 <https://bugs.eclipse.org/bugs/show_bug.cgi?id=521263>). Cheers, Mikael -- Mikaël Barbero - Eclipse Foundation IT Services - Release Engineering 📱 (+33) 642 028 039 📧 mikael.barb...@eclipse-foundation.org 🐦 @mikbarbero
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
