This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to branch issue/SLING-11680 in repository https://gitbox.apache.org/repos/asf/sling-ide-tooling.git
commit 4706fb9b5031d40a04657b3999f2a84c0abc5f4c Author: Robert Munteanu <[email protected]> AuthorDate: Mon Sep 15 13:15:12 2025 +0200 SLING-11680 - Eclipse plugins: Switch from Jarsigning to external GPG signatures - drop the jarsigner profile altogether - use the GPG profile when creating releases - remove jarsigner references from the Jenkinsfile --- Jenkinsfile | 29 ++++----------- eclipse/p2update/pom.xml | 92 +----------------------------------------------- 2 files changed, 7 insertions(+), 114 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index f2cc92e7..72fcf954 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -85,31 +85,14 @@ def generateStages(String os, def mvnVersion, def javaVersion) { } def buildAndDeployP2Repository( def mvnVersion, def javaVersion ) { - // for optional signing a dedicated node needs to be leveraged - node('ubuntu') { // use label pkcs11 for signing with digicert + node('ubuntu') { stage('Build P2 Repository') { - echo "Running on node ${env.NODE_NAME} with PKCS#11 config at ${env.PKCS11_CONFIG}" + echo "Running on node ${env.NODE_NAME}" checkout scm - // set up environment variables according to https://docs.digicert.com/de/digicert-one/secure-software-manager/ci-cd-integrations/maven-integration-with-pkcs11.html - withCredentials([ - file(credentialsId: 'sling-digicert-pkcs-certificate', variable: 'SM_CLIENT_CERT_FILE'), - string(credentialsId: 'sling-digicert-pkcs-cert-pw', variable: 'SM_CLIENT_CERT_PASSWORD'), - string(credentialsId: 'sling-digicert-pkcs-api-key', variable: 'SM_API_KEY')]) { - // https://docs.digicert.com/de/digicert-one/secure-software-manager/client-tools/configure-environment-variables.html - // redirecting log to another file does not work for some reason - withEnv(['SM_LOG_LEVEL=ERROR','SM_HOST=https://clientauth.one.digicert.com']) { - try { - withMaven(maven: mvnVersion, jdk: javaVersion, mavenLocalRepo: '.repository', options: [artifactsPublisher(disabled: true)]) { - timeout(20) { - // build with profile "sign-with-jarsigner" for signing - runCmd 'mvn -f eclipse/p2update clean verify -e' - } - } - } catch (e) { - // reenable next line to expose further infos about signature errors - //echo('smpkcs11.log: ' + readFile(file: "${env.HOME}/.signingmanager/logs/smpkcs11.log")) - throw e - } + withMaven(maven: mvnVersion, jdk: javaVersion, mavenLocalRepo: '.repository', options: [artifactsPublisher(disabled: true)]) { + timeout(20) { + // nightly builds are not GPG-signed + runCmd 'mvn -f eclipse/p2update clean verify -e' } } } diff --git a/eclipse/p2update/pom.xml b/eclipse/p2update/pom.xml index 66718e08..03229062 100644 --- a/eclipse/p2update/pom.xml +++ b/eclipse/p2update/pom.xml @@ -89,103 +89,13 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-release-plugin</artifactId> <configuration> - <releaseProfiles>apache-release,sign-with-jarsigner</releaseProfiles> + <releaseProfiles>apache-release,sign-with-gpg</releaseProfiles> </configuration> </plugin> </plugins> </pluginManagement> </build> <profiles> - <profile> - <!-- this profile is automatically active during release:perform - each signature costs the ASF money, therefore only activate during releases - --> - <id>sign-with-jarsigner</id> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-enforcer-plugin</artifactId> - <executions> - <execution> - <id>enforce-digicert-one-env-variables</id> - <goals> - <goal>enforce</goal> - </goals> - <configuration> - <rules> - <requireProperty> - <property>env.PKCS11_CONFIG</property> - </requireProperty> - <!-- the ones listed at https://docs.digicert.com/de/digicert-one/secure-software-manager/ci-cd-integrations/maven-integration-with-pkcs11.html --> - <requireProperty> - <property>env.SM_CLIENT_CERT_PASSWORD</property> - </requireProperty> - <requireProperty> - <property>env.SM_CLIENT_CERT_FILE</property> - </requireProperty> - <requireProperty> - <property>env.SM_API_KEY</property> - </requireProperty> - </rules> - </configuration> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jarsigner-plugin</artifactId> - <version>3.0.0</version> - <executions> - <execution> - <id>sign</id> - <goals> - <goal>sign</goal> - </goals> - <phase>prepare-package</phase> <!-- must happen after "assemble-repository" but before "fix-artifacts-metadata" --> - <configuration> - <keystore>NONE</keystore> - <alias>Sling-PMC-2022-09</alias> - <storepass>none</storepass> - <providerClass>sun.security.pkcs11.SunPKCS11</providerClass> - <storetype>PKCS11</storetype> - <providerArg>${env.PKCS11_CONFIG}</providerArg> - <tsa>http://timestamp.digicert.com</tsa> - <verbose>true</verbose> - <processMainArtifact>false</processMainArtifact> - <archiveDirectory>${project.build.directory}/repository/plugins</archiveDirectory> - <includes> - <!-- only sign our own artifacts --> - <include>org.apache.sling.*.jar</include> - </includes> - </configuration> - </execution> - </executions> - </plugin> - <!-- fix metadata of repository after signing --> - <plugin> - <groupId>org.eclipse.tycho</groupId> - <artifactId>tycho-p2-repository-plugin</artifactId> - <version>${tycho.version}</version> - <executions> - <execution> - <id>update-metadata-after-signing</id> - <goals> - <goal>fix-artifacts-metadata</goal> - </goals> - <phase>prepare-package</phase><!-- must happen after "sign" but before "archive-repository" --> - </execution> - <execution> - <id>verify</id> - <goals> - <goal>verify-repository</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> <profile> <id>sign-with-gpg</id> <build>
