bug 330800 - 4.1 bundles are not signed
diff --git a/org.eclipse.e4.builder/builder/general/customTargets.xml b/org.eclipse.e4.builder/builder/general/customTargets.xml
index bdac4b5..a6a717c 100644
--- a/org.eclipse.e4.builder/builder/general/customTargets.xml
+++ b/org.eclipse.e4.builder/builder/general/customTargets.xml
@@ -217,7 +217,8 @@
<move file="${p2.repo}/out_content.xml" tofile="${p2.repo}/content.xml" />
<!--sign the build -->
- <antcall target="signMasterFeature" />
+ <ant antfile="sign.xml" dir="${basedir}" target="createSigningArchive" />
+ <ant antfile="sign.xml" dir="${basedir}" target="signMasterFeature" />
<!--unzip signed build into repository for mirroring and packaging-->
<property name="p2.repo.unsigned" value="${p2.repo}.unsigned" />
<mkdir dir="${p2.repo.unsigned}" />
@@ -523,157 +524,5 @@
<echo>${base.launcher}</echo>
</target>
- <!--target name="signMasterFeature" if="sign"-->
- <target name="signMasterFeature">
- <property name="packtmp" value="${buildDirectory}/packtmp" />
- <property name="stagingDirectoryOutput" value="/home/data/httpd/download-staging.priv/eclipse/e4/${buildId}-out" />
- <property name="stagingDirectory" value="/home/data/httpd/download-staging.priv/eclipse/e4" />
- <property name="archiveName" value="eclipse-master-${buildId}.zip" />
-
- <property name="outputFile" value="${stagingDirectoryOutput}/${archiveName}" />
- <mkdir dir="${packtmp}" />
- <zip zipfile="${buildDirectory}/${buildLabel}/${archiveName}" basedir="${p2.repo}" />
- <!--update pack.properties to exclude Orbit bundles from being signed and packed -->
- <antcall target="updatePackProperties" />
- <move file="${buildDirectory}/${buildLabel}/${archiveName}" tofile="${packtmp}/${archiveName}" />
-
- <!--push drop to staging directory-->
- <echo message="push drop to staging directory" />
-
- <condition property="signcopy" value="cp">
- <equals arg1="${hudson}" arg2="true" />
- </condition>
- <property name="signcopy" value="scp" />
-
- <condition property="signexec" value="/bin/bash">
- <equals arg1="${hudson}" arg2="true" />
- </condition>
- <property name="signexec" value="ssh" />
-
- <condition property="signUser" value="">
- <equals arg1="${hudson}" arg2="true" />
- </condition>
- <property name="signUser" value="pwebster@" />
-
- <condition property="signhost" value="">
- <equals arg1="${hudson}" arg2="true" />
- </condition>
- <property name="signhost" value="build.eclipse.org" />
-
- <condition property="signdelimiter" value="">
- <equals arg1="${hudson}" arg2="true" />
- </condition>
- <property name="signdelimiter" value=":" />
-
- <condition property="signquote" value="">
- <equals arg1="${hudson}" arg2="true" />
- </condition>
- <property name="signquote" value=""" />
-
- <condition property="signpoll" value="ls">
- <equals arg1="${hudson}" arg2="true" />
- </condition>
- <property name="signpoll" value="ssh" />
-
- <exec dir="${packtmp}" executable="${signcopy}" output="signing.txt">
- <arg line="${archiveName} ${signUser}${signhost}${signdelimiter}${stagingDirectory}" />
- </exec>
-
- <exec dir="${buildDirectory}" executable="${signexec}" output="signing.txt" append="true">
- <arg line=" ${signUser}${signhost} /bin/chmod ugo+rw ${stagingDirectory}/${archiveName}" />
- </exec>
-
- <!--invoke sign script and wait-->
- <echo message="invoke sign script and wait" />
- <exec dir="." executable="${signexec}" output="signing.txt" append="true">
- <arg line=" ${signUser}${signhost} ${signquote}/usr/local/bin/sign ${stagingDirectory}/${archiveName} nomail ${stagingDirectoryOutput}${signquote}" />
- </exec>
-
- <!--Wait for build to be available -->
- <condition property="signpollline" value="${stagingDirectoryOutput}/${archiveName}">
- <equals arg1="${hudson}" arg2="true" />
- </condition>
- <property name="signpollline" value="${signhost} ${signquote}cd ${stagingDirectoryOutput};ls ${archiveName}${signquote}" />
-
- <antcall target="waitForChangedAttribs">
- <param name="signpoll" value="${signpoll}" />
- <param name="signpollline" value="${signpollline}" />
- </antcall>
-
- <!--copy zip back to build machine -->
- <sleep minutes="2" />
- <echo message="copy zip back to build machine" />
- <exec dir="." executable="${signcopy}" output="signing.txt" append="true">
- <arg line=" ${signUser}${signhost}${signdelimiter}${stagingDirectory}/${buildId}-out/${archiveName} ${buildDirectory}/${buildLabel}" />
- </exec>
- <antcall target="deletetempsigningfiles" />
- </target>
-
- <target name="deletetempsigningfiles" unless="hudson">
- <echo message="delete temp files on build.eclipse.org" />
- <property name="signdeleteline" value="${signUser}${signhost} ${signquote}/bin/rm -rf ${stagingDirectory}/${buildId}-out ${stagingDirectory}/${archiveName}${signquote}" />
- <exec dir="." executable="${signexec}" output="signing.txt" append="true">
- <arg line="${signdeleteline}" />
- </exec>
- </target>
-
- <target name="waitForChangedAttribs" unless="attribs.changed">
- <antcall target="compareAttribs" inheritAll="false">
- <param name="originalAttribs" value="${originalAttribs}" />
- <param name="signpoll" value="${signpoll}" />
- </antcall>
- </target>
-
- <target name="compareAttribs">
- <!--poll file for change in attributes-->
- <exec dir="${buildDirectory}" executable="${signpoll}" outputProperty="polledAttribs">
- <arg line="${signpollline}" />
- </exec>
- <echo message="original: ${originalAttribs}" />
- <condition property="attribChanged">
- <and>
- <not>
- <contains string="${polledAttribs}" substring="Permission denied, please try again." casesensitive="no" />
- </not>
- <not>
- <contains string="${polledAttribs}" substring="Host key verification failed." casesensitive="no" />
- </not>
- <not>
- <contains string="${polledAttribs}" substring="Connection closed by UNKNOWN" casesensitive="no" />
- </not>
- <or>
- <not>
- <contains string="${polledAttribs}" substring="No such file or directory" casesensitive="no" />
- </not>
- <contains string="${polledAttribs}" substring="bash: line 0: cd:" casesensitive="no" />
- </or>
- </and>
- </condition>
- <echo message="polled: ${polledAttribs}" />
- <antcall target="writeDiffResult" />
- <sleep seconds="120" />
- <available property="attribs.changed" file="${buildDirectory}/attribDiff.txt" />
- <antcall target="waitForChangedAttribs" />
- </target>
-
- <target name="writeDiffResult" if="attribChanged">
- <echo message="original: ${originalAttribs}" file="${buildDirectory}/attribDiff.txt" />
- <echo message="new: ${polledAttribs}" file="${buildDirectory}/attribDiff.txt" append="true" />
- </target>
-
- <target name="updatePackProperties">
- <!--exclude pre-built Orbit bundles from being signed and packed-->
- <property name="packproperties" value="${buildDirectory}/updatePackProperties.txt" />
- <generateExcludeList mapFile="${buildDirectory}/maps/e4/releng/org.eclipse.e4.ui.releng/maps/orbit.map" outputFile="${packproperties}" />
- <loadfile property="pack.properties" srcFile="${packproperties}" />
- <delete file="${packproperties}" failonerror="false" />
- <replace file="${builder}/pack.properties" token="@excludejars@" value="${pack.properties}" />
- <property name="archiveName" value="eclipse-master-${buildId}.zip" />
- <!-- add pack.properties file that specifies effort level -->
- <exec dir="${builder}" executable="zip">
- <arg line="-r ${buildDirectory}/${buildLabel}/${archiveName} pack.properties" />
- </exec>
- </target>
-
</project>
diff --git a/org.eclipse.e4.builder/builder/general/sign.xml b/org.eclipse.e4.builder/builder/general/sign.xml
new file mode 100644
index 0000000..83bfe6a
--- /dev/null
+++ b/org.eclipse.e4.builder/builder/general/sign.xml
@@ -0,0 +1,158 @@
+<project name="Signing_Targets" >
+
+ <property name="archiveName" value="eclipse-master-${buildId}.zip" />
+ <property name="signingArchive" value="${buildDirectory}/${buildLabel}/${archiveName}" />
+
+ <target name="createSigningArchive" >
+ <zip zipfile="${signingArchive}" basedir="${p2.repo}" />
+ </target>
+
+ <target name="signMasterFeature">
+ <property name="packtmp" value="${buildDirectory}/packtmp" />
+ <property name="stagingDirectoryOutput" value="/home/data/httpd/download-staging.priv/eclipse/e4/${buildId}-out" />
+ <property name="stagingDirectory" value="/home/data/httpd/download-staging.priv/eclipse/e4" />
+
+ <property name="outputFile" value="${stagingDirectoryOutput}/${archiveName}" />
+ <mkdir dir="${packtmp}" />
+ <!--update pack.properties to exclude Orbit bundles from being signed and packed -->
+ <antcall target="updatePackProperties" />
+ <move file="${signingArchive}" tofile="${packtmp}/${archiveName}" />
+
+ <!--push drop to staging directory-->
+ <echo message="push drop to staging directory" />
+
+ <condition property="signcopy" value="cp">
+ <equals arg1="${hudson}" arg2="true" />
+ </condition>
+ <property name="signcopy" value="scp" />
+
+ <condition property="signexec" value="/bin/bash">
+ <equals arg1="${hudson}" arg2="true" />
+ </condition>
+ <property name="signexec" value="ssh" />
+
+ <condition property="signUser" value="">
+ <equals arg1="${hudson}" arg2="true" />
+ </condition>
+ <property name="signUser" value="pwebster@" />
+
+ <condition property="signhost" value="">
+ <equals arg1="${hudson}" arg2="true" />
+ </condition>
+ <property name="signhost" value="build.eclipse.org" />
+
+ <condition property="signdelimiter" value="">
+ <equals arg1="${hudson}" arg2="true" />
+ </condition>
+ <property name="signdelimiter" value=":" />
+
+ <condition property="signquote" value="">
+ <equals arg1="${hudson}" arg2="true" />
+ </condition>
+ <property name="signquote" value=""" />
+
+ <condition property="signpoll" value="ls">
+ <equals arg1="${hudson}" arg2="true" />
+ </condition>
+ <property name="signpoll" value="ssh" />
+
+ <exec dir="${packtmp}" executable="${signcopy}" output="signing.txt">
+ <arg line="${archiveName} ${signUser}${signhost}${signdelimiter}${stagingDirectory}" />
+ </exec>
+
+ <exec dir="${buildDirectory}" executable="${signexec}" output="signing.txt" append="true">
+ <arg line=" ${signUser}${signhost} /bin/chmod ugo+rw ${stagingDirectory}/${archiveName}" />
+ </exec>
+
+ <!--invoke sign script and wait-->
+ <echo message="invoke sign script and wait" />
+ <exec dir="." executable="${signexec}" output="signing.txt" append="true">
+ <arg line=" ${signUser}${signhost} ${signquote}/usr/local/bin/sign ${stagingDirectory}/${archiveName} nomail ${stagingDirectoryOutput}${signquote}" />
+ </exec>
+
+ <!--Wait for build to be available -->
+ <condition property="signpollline" value="${stagingDirectoryOutput}/${archiveName}">
+ <equals arg1="${hudson}" arg2="true" />
+ </condition>
+ <property name="signpollline" value="${signhost} ${signquote}cd ${stagingDirectoryOutput};ls ${archiveName}${signquote}" />
+
+ <antcall target="waitForChangedAttribs">
+ <param name="signpoll" value="${signpoll}" />
+ <param name="signpollline" value="${signpollline}" />
+ </antcall>
+
+ <!--copy zip back to build machine -->
+ <sleep minutes="2" />
+ <echo message="copy zip back to build machine" />
+ <exec dir="." executable="${signcopy}" output="signing.txt" append="true">
+ <arg line=" ${signUser}${signhost}${signdelimiter}${stagingDirectory}/${buildId}-out/${archiveName} ${buildDirectory}/${buildLabel}" />
+ </exec>
+ <antcall target="deletetempsigningfiles" />
+ </target>
+
+ <target name="deletetempsigningfiles" unless="hudson">
+ <echo message="delete temp files on build.eclipse.org" />
+ <property name="signdeleteline" value="${signUser}${signhost} ${signquote}/bin/rm -rf ${stagingDirectory}/${buildId}-out ${stagingDirectory}/${archiveName}${signquote}" />
+ <exec dir="." executable="${signexec}" output="signing.txt" append="true">
+ <arg line="${signdeleteline}" />
+ </exec>
+ </target>
+
+ <target name="waitForChangedAttribs" unless="attribs.changed">
+ <antcall target="compareAttribs" inheritAll="false">
+ <param name="originalAttribs" value="${originalAttribs}" />
+ <param name="signpoll" value="${signpoll}" />
+ </antcall>
+ </target>
+
+ <target name="compareAttribs">
+ <!--poll file for change in attributes-->
+ <exec dir="${buildDirectory}" executable="${signpoll}" outputProperty="polledAttribs">
+ <arg line="${signpollline}" />
+ </exec>
+ <echo message="original: ${originalAttribs}" />
+ <condition property="attribChanged">
+ <and>
+ <not>
+ <contains string="${polledAttribs}" substring="Permission denied, please try again." casesensitive="no" />
+ </not>
+ <not>
+ <contains string="${polledAttribs}" substring="Host key verification failed." casesensitive="no" />
+ </not>
+ <not>
+ <contains string="${polledAttribs}" substring="Connection closed by UNKNOWN" casesensitive="no" />
+ </not>
+ <or>
+ <not>
+ <contains string="${polledAttribs}" substring="No such file or directory" casesensitive="no" />
+ </not>
+ <contains string="${polledAttribs}" substring="bash: line 0: cd:" casesensitive="no" />
+ </or>
+ </and>
+ </condition>
+ <echo message="polled: ${polledAttribs}" />
+ <antcall target="writeDiffResult" />
+ <sleep seconds="120" />
+ <available property="attribs.changed" file="${buildDirectory}/attribDiff.txt" />
+ <antcall target="waitForChangedAttribs" />
+ </target>
+
+ <target name="writeDiffResult" if="attribChanged">
+ <echo message="original: ${originalAttribs}" file="${buildDirectory}/attribDiff.txt" />
+ <echo message="new: ${polledAttribs}" file="${buildDirectory}/attribDiff.txt" append="true" />
+ </target>
+
+ <target name="updatePackProperties">
+ <!--exclude pre-built Orbit bundles from being signed and packed-->
+ <property name="packproperties" value="${buildDirectory}/updatePackProperties.txt" />
+ <generateExcludeList mapFile="${buildDirectory}/maps/e4/releng/org.eclipse.e4.ui.releng/maps/orbit.map" outputFile="${packproperties}" />
+ <loadfile property="pack.properties" srcFile="${packproperties}" />
+ <delete file="${packproperties}" failonerror="false" />
+ <replace file="${builder}/pack.properties" token="@excludejars@" value="${pack.properties}" />
+
+ <!-- add pack.properties file that specifies effort level -->
+ <exec dir="${builder}" executable="zip">
+ <arg line="-r ${signingArchive} pack.properties" />
+ </exec>
+ </target>
+</project>
\ No newline at end of file
diff --git a/org.eclipse.e4.builder/scripts/masterBuild.sh b/org.eclipse.e4.builder/scripts/masterBuild.sh
index e93ecc3..0016e39 100755
--- a/org.eclipse.e4.builder/scripts/masterBuild.sh
+++ b/org.eclipse.e4.builder/scripts/masterBuild.sh
@@ -188,6 +188,7 @@
-application org.eclipse.ant.core.antRunner \
-buildfile $buildfile \
-Dbuilder=$supportDir/org.eclipse.e4.sdk/builder \
+ -Dorg.eclipse.e4.builder=$supportDir/org.eclipse.e4.builder \
-Declipse.build.configs=$supportDir/org.eclipse.releng.eclipsebuilder/eclipse/buildConfigs \
-DbuildType=I \
-Dbuilddate=$( date +%Y%m%d ) \
diff --git a/org.eclipse.e4.sdk/builder/build.properties b/org.eclipse.e4.sdk/builder/build.properties
index d0b9eb5..f9dcb31 100644
--- a/org.eclipse.e4.sdk/builder/build.properties
+++ b/org.eclipse.e4.sdk/builder/build.properties
@@ -270,6 +270,8 @@
p2.repo=${buildDirectory}/${buildLabel}/repository
p2.build.repo=file:${p2.repo}
+signingArchive=${buildDirectory}/${buildLabel}/eclipse-master-${buildId}.zip
+
#p2.category.definition=file:${builder}/e4-category.xml
skipMirroring=true
p2.gathering=true
diff --git a/org.eclipse.e4.sdk/builder/customAssembly.xml b/org.eclipse.e4.sdk/builder/customAssembly.xml
new file mode 100644
index 0000000..89aa413
--- /dev/null
+++ b/org.eclipse.e4.sdk/builder/customAssembly.xml
@@ -0,0 +1,12 @@
+<project name="CustomAssemble.overrides" default="noDefault">
+
+ <import file="${eclipse.pdebuild.templates}/headless-build/customAssembly.xml" />
+
+ <!-- every time gather.bin.parts is called, we will add the resulting artifact into a separate archive to be sent for signing -->
+ <target name="gather.bin.parts" >
+ <zip basedir="${p2.repo}" destfile="${signingArchive}" includes="**/${projectName}.jar" update="true" duplicate="preserve" />
+ <!-- remember this file pattern so that later we can pack only these things we signed -->
+ <echo append="true" file="${buildDirectory}/pack.list" message="**/${projectName}.jar${line.separator}" />
+ </target>
+
+</project>
diff --git a/org.eclipse.e4.sdk/builder/customTargets.xml b/org.eclipse.e4.sdk/builder/customTargets.xml
index 59558d3..cbb7972 100644
--- a/org.eclipse.e4.sdk/builder/customTargets.xml
+++ b/org.eclipse.e4.sdk/builder/customTargets.xml
@@ -191,6 +191,24 @@
<target name="postBuild">
<antcall target="gatherLogs" />
+ <!--sign the build -->
+ <ant antfile="${org.eclipse.e4.builder}/builder/general/sign.xml" dir="${basedir}" target="signMasterFeature" />
+
+ <!--unzip signed build over top of the repository -->
+ <unzip dest="${p2.repo}" src="${buildDirectory}/${buildLabel}/eclipse-master-${buildId}.zip" />
+
+ <!-- use eclipse.jarProcessor directly instead of the "pack" on p2.process.artifacts so that we
+ can specify the file to pack instead of doing everything
+
+ TODO: this doesn't look so good when the p2.repo doesn't already have publishPackAsSiblings
+ <eclipse.jarProcessor inputFolder="${p2.repo}" pack="true" >
+ <file dir="${p2.repo}" includesfile="${buildDirectory}/pack.list" />
+ </eclipse.jarProcessor>
+ -->
+ <!--update repository with new checksums for signed bundles -->
+ <p2.process.artifacts repositoryPath="file://${p2.repo}" />
+ <delete file="${p2.repo}/pack.properties" />
+
<replace token="@qualifier@" file="${eclipse.build.configs}/sdk/builder/sdk.product" value="${buildLabel}" />
<echo message="Publishing ${eclipse.build.configs}/sdk/builder/sdk.product to file:${p2.repo}" />
<p2.publish.product flavor="tooling" repository="file:${p2.repo}" productFile="${eclipse.build.configs}/sdk/builder/sdk.product" compress="true">
