I've just released 1.1.3. More about that soon on x-project.
Cheers, Mikael
I'm currently working on it. Sorry for the delay. It should be ready by noon (CET).
Mikael
I just realized (since I had a reminder
bug :) that we are still using "snapshot" and had hoped to move
to "released" version for M5. Our final build for M5 is tomorrow
(Wednesday). Of course, there is no reason to "force
it" if it is not ready (or if more "warning" needed) ...
but, if it is ready, then I think now would be a good time. From:
Kaloyan Raev <kaloyan.r@xxxxxxxx>To:
Common-build Developers
discussion <cbi-dev@xxxxxxxxxxx>, Date:
12/12/2015 09:40 AMSubject:
Re: [cbi-dev]
[cross-project-issues-dev] CBI Maven plugins 1.1.3-SNAPSHOTSent by:
cbi-dev-bounces@xxxxxxxxxxx Hi,Just an update about our progress with Mikael.We've been working on https://bugs.eclipse.org/bugs/show_bug.cgi?id=483881A new "signatureAlgorithm"
option is introduced along with the "digestAlgorithm". This way
the following configuration is possible for the eclipse-jarsigner-plugin:<configuration><digestAlgorithm>SHA1</digestAlgorithm><signatureAlgorithm>SHA1withRSA</signatureAlgorithm></configuration>This will produce the same signature as if the signing
service used Java 6. This will make it possible for Eclipse projects, that
deliver releases that are still compatible with Indigo and earlier, to
use the CBI for the jar signing.In order to use the above improvement we need to wait
for the new version of the signing service to be deployed - watch https://bugs.eclipse.org/bugs/show_bug.cgi?id=458597for the progress. Once this is done, I will adopt this improvement for
the Andmore project.Greetings,KaloyanOn Mon, Dec 7, 2015 at 9:58 PM, Kaloyan Raev <kaloyan.r@xxxxxxxx>
wrote:Hi again,I did some more experiments (now I can run my build faster).I looked at the PKCS7Processor
source code and saw that in Indigo it supports SHA1, MD5 and MD2 digest
algorithms. So, I tried signing with MD5. I got correct MD5-Digest headers
in the Manifest files. But then, when I tried installing the plugins in
Indigo, I've got again No algorithm found for 2.16.840.1.101.3.4.2.1.
These number stand for the SHA256 algorithm. So I was quite puzzled...Then I decided to change also the signature algorithm
to "MD5withRSA" using the jarsigner's "-sigalg" option.
This time it worked!I still don't understand what exactly is going on. It
seems I've just had a lucky shot in the dark.Anyway, it seems that introducing "signatureAlgorithm"
option for the eclipse-jarsigner-plugin would be helpful too.Greetings,KaloyanOn Mon, Dec 7, 2015 at 6:27 PM, Kaloyan Raev <kaloyan.r@xxxxxxxx>
wrote:Hi Mikael,Here is the stack trace:!ENTRY org.eclipse.equinox.p2.engine 4 4 2015-12-07 16:51:50.210!MESSAGE An error occurred while collecting items to be
installed!SUBENTRY 1 org.eclipse.equinox.p2.engine 4 0 2015-12-07
16:51:50.210!MESSAGE session context was:(profile=""
phase=org.eclipse.equinox.internal.p2.engine.phases.Collect, operand=,
action=""> !SUBENTRY 1 org.eclipse.equinox.p2.artifact.repository
4 0 2015-12-07 16:51:50.210 !MESSAGE Problems downloading artifact: osgi.bundle,org.eclipse.andmore,0.5.0.201512071444. !SUBENTRY 2 org.eclipse.equinox.p2.artifact.repository
4 0 2015-12-07 16:51:50.210 !MESSAGE Error reading signed content:/tmp/signatureFile8943778048959317435.jar !STACK 0 java.security.NoSuchAlgorithmException: An error occurred
while processing the signatures for the file: /tmp/signatureFile8943778048959317435.jar at org.eclipse.osgi.internal.signedcontent.SignedBundleHook.getSignedContent(SignedBundleHook.java:264) at org.eclipse.equinox.internal.p2.artifact.repository.SignatureVerifier.verifyContent(SignatureVerifier.java:77) at org.eclipse.equinox.internal.p2.artifact.repository.SignatureVerifier.verify(SignatureVerifier.java:59) at org.eclipse.equinox.internal.p2.artifact.repository.SignatureVerifier.close(SignatureVerifier.java:100) at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.reportStatus(SimpleArtifactRepository.java:1132) at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.downloadArtifact(SimpleArtifactRepository.java:570) at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.getArtifact(SimpleArtifactRepository.java:680) at org.eclipse.equinox.internal.p2.artifact.repository.MirrorRequest.getArtifact(MirrorRequest.java:260) at org.eclipse.equinox.internal.p2.artifact.repository.MirrorRequest.transferSingle(MirrorRequest.java:235) at org.eclipse.equinox.internal.p2.artifact.repository.MirrorRequest.transfer(MirrorRequest.java:191) at org.eclipse.equinox.internal.p2.artifact.repository.MirrorRequest.perform(MirrorRequest.java:122) at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.getArtifact(SimpleArtifactRepository.java:664) at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.getArtifacts(SimpleArtifactRepository.java:735) at org.eclipse.equinox.internal.p2.engine.DownloadManager.fetch(DownloadManager.java:110) at org.eclipse.equinox.internal.p2.engine.DownloadManager.start(DownloadManager.java:99) at org.eclipse.equinox.internal.p2.engine.phases.Collect.completePhase(Collect.java:76) at org.eclipse.equinox.internal.p2.engine.Phase.postPerform(Phase.java:216) at org.eclipse.equinox.internal.p2.engine.Phase.perform(Phase.java:84) at org.eclipse.equinox.internal.p2.engine.PhaseSet.perform(PhaseSet.java:44) at org.eclipse.equinox.internal.p2.engine.Engine.perform(Engine.java:75) at org.eclipse.equinox.internal.p2.engine.Engine.perform(Engine.java:44) at org.eclipse.equinox.p2.operations.ProvisioningSession.performProvisioningPlan(ProvisioningSession.java:174) at org.eclipse.equinox.p2.operations.ProfileModificationJob.runModal(ProfileModificationJob.java:79) at org.eclipse.equinox.p2.operations.ProvisioningJob.run(ProvisioningJob.java:177) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Caused by: java.security.NoSuchAlgorithmException: No
algorithm found for 2.16.840.1.101.3.4.2.1 at org.eclipse.osgi.internal.signedcontent.PKCS7Processor.findDigest(PKCS7Processor.java:87) at org.eclipse.osgi.internal.signedcontent.PKCS7Processor.processSignerInfos(PKCS7Processor.java:311) at org.eclipse.osgi.internal.signedcontent.PKCS7Processor.<init>(PKCS7Processor.java:133) at org.eclipse.osgi.internal.signedcontent.SignatureBlockProcessor.processSigner(SignatureBlockProcessor.java:93) at org.eclipse.osgi.internal.signedcontent.SignatureBlockProcessor.process(SignatureBlockProcessor.java:59) at org.eclipse.osgi.internal.signedcontent.SignedBundleFile.setBundleFile(SignedBundleFile.java:47) at org.eclipse.osgi.internal.signedcontent.SignedBundleHook.getSignedContent(SignedBundleHook.java:256) ... 24 more
Kaloyan
On Mon, Dec 7, 2015 at 6:21 PM, Mikael Barbero <mikael@xxxxxxxxxxx>
wrote: 3. The signing with the Test Server is very slow. It takes
around a minute to sign a single jar file. My CPU is not utilized at all.
I have no solution for this.
Did you try to do it manually with the jarsigner command?
Does it work faster?
As far as I can see the slow part is the communication
to the timestamp server. I guess for me it is significantly slower than
for you. I would suggest to have an option for the to switch the signing
with timestamp off. Just for the test server.
I've accepted your patch for this one too. Thanks for
your contributions.
4. I tried using the SHA_1 digest algorithm, but the result
is not the same as the JAR being signed with Java 6. I have "SHA-1-Digest"
headers in he MANIFEST.MF file instead of "SHA1-Digest". Note
the extra dash. So, the installation of these plugins on Eclipse Indigo
is still not successful. I did not find a valid configuration for the digestAlgorithm
option to get the correct "SHA1-Digest" header. I tried with
SHA1, but I got an error that it is not a valid value.
You're right, Java 6 signs with the "SHA1-Digest"
while Java 7 and later signs with "SHA-1-Digest". I've seen this
difference, but Java 7+ accepts both. Unfortunately, I did not try with
Java 6. Could you try to run (Java 6 version of) jarsigner -verify on the
plugin with the "SHA-1-Digest" headers and give me the output?
Thanks.
Here it is:
/usr/lib/jvm/java-6-openjdk-amd64/bin/jarsigner -verify
/home/raev/git/andmore/andmore-core/site/target/repository/plugins/org.eclipse.andmore.android_0.5.0.201512071444.jar jar verified.
Warning: This jar contains entries whose signer certificate will
expire within six months.
Re-run with the -verbose and -certs options for more details.
So it seems that the issue is not Java, the issue with
"SHA-1-Digest" is in Equinox only. Do you have a stack trace
or error message when you try to install the signed plugin in Indigo? Thanks
again.
Cheers, Mikael
_______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe
from this list, visit https://dev.eclipse.org/mailman/listinfo/cbi-dev
_______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe
from this list, visit https://dev.eclipse.org/mailman/listinfo/cbi-dev
_______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/cbi-dev
_______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxxTo change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/cbi-dev
|