FYI,
If anyone else wants such tests, please ask me via direct email to avoid
so much traffic on this list. And *thanks *to those of you who have
already taken action and have asked for help directly!
Christian,
Both look good:
https://download.eclipse.org/oomph/archive/reports-extra/mwe/download.eclipse.org/modeling/emft/mwe/updates/nightly/index.html
https://download.eclipse.org/oomph/archive/reports-extra/xtext/download.eclipse.org/modeling/tmf/xtext/updates/nightly/index.html
Thanks!
On 16.11.2022 10:07, Christian Dietrich wrote:
@Ed could you please give these two repos a test if we are fine:
https://download.eclipse.org/modeling/emft/mwe/updates/nightly/
https://download.eclipse.org/modeling/tmf/xtext/updates/nightly/
Thanks and kind regards,
Christian
Am 14.11.2022 um 13:43 schrieb Ed Merks:
Recent versions of Java, including the most recent Java 17 release,
now consider some jar-signed bundles to be unsigned. This affects all
bundles and features signed between January 1, 2019 and April 14,
2022 with the Eclipse certificate available at that time.
This is a *very *long list with many affected projects:
https://download.eclipse.org/oomph/archive/reports-extra/staging-2022-12/download.eclipse.org/staging/2022-12/index.html
The Platform has resigned their problematic bundles already:
https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/issues/661
Orbit too has resigned the problematic bundles:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=581039
But the Orbit repo with the resigned bundles is *NOT *the one used by
the Platform for their M3 contribution and is not the one you/we
should be using for M3 which is this one:
https://download.eclipse.org/tools/orbit/downloads/drops/S20221109014815/repository
*These projects need to do new builds*:
* *org.eclipse.acceleo*
* *org.eclipse.bpmn2*
* *org.eclipse.dltk*
* *org.eclipse.ecf*
* *org.eclipse.eef*
* *org.eclipse.emf.edapt*
* *org.eclipse.emf.parsley*
* *org.eclipse.fx*
* *org.eclipse.gmf*
* *org.eclipse.mylyn*
* *org.eclipse.uml2*
You should *ensure that the qualifiers of your bundles and features
are newer than 2021-04*, so that you don't have two the "same
artifacts" but with different signatures, which is especially
important if you are doing baseline replacement in your build. I can
help test your repository if you need help. Please reach out to me.
*Everyone **needs to ensure that they consume from the next RC1
version of Orbit*, otherwise we are likely to end up with massive
duplicate Orbit bundles and that is likely to cause problems.
I hope someone from Mylyn is paying attention!
https://bugs.eclipse.org/bugs/show_bug.cgi?id=581029
________________________________________________
Meanwhile, I'm trying to enable PGP signing of the bundles and
features with this poor certificates to "repair" them. But, Tycho
does appear to detect that a signature will be ignored, provides no
way to specify how to treat artifacts that already have a PGP
signature (it actually produces duplicate properties in the
artifacts.xml), and it appears the PGP signatures for features are
invalid, so I'm not sure I'll be 100% successful in finding a
workaround. The following might be the best I can do on your behalf
unless the PGP feature signing issue is fixed:
https://download.eclipse.org/oomph/archive/reports-extra/2022-12-gpg/download.eclipse.org/staging/2022-12-gpg/index.html
Note that in this scenario, I am *adding *the sim-bot PGP
key/signature in addition to the key/signature already present from
the project. So all PGP-signed bundles will generally have two PGP
signatures, and in this exceptional case, the bundle is jar-signed
and has two PGP signatures:
https://download.eclipse.org/oomph/archive/reports-extra/2022-12-gpg/download.eclipse.org/staging/2022-12-gpg/index/bcpg_1.72.0.html
With PGP-signed features, p2 fails to validate them making them
impossible to download/install, so in this case the cure is worse
than the disease:
https://download.eclipse.org/oomph/archive/reports-extra/2022-12-gpg-bad/download.eclipse.org/staging/2022-12-gpg-bad/index/org.eclipse.acceleo.equinox.launcher.feature.jar_3.7.11.202102190929.html
Perhaps this issue can be fixed in the coming days...
Regards,
Ed
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list,
visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
Vorstand/Board: Jens Wagener (Vors./chairman), Dr. Stephan Eberle,
Wolfgang Neuhaus, Franz-Josef Schuermann
Aufsichtsrat/Supervisory Board: Michael Neuhaus (Vors./chairman),
Harald Goertz, Eric Swehla
Sitz der Gesellschaft/Registered Office: Am Brambusch 15-24, 44536
Lünen (Germany)
Registergericht/Registry Court: Amtsgericht Dortmund | HRB 20621
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list,
visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev