Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update signJar Gradle task to use the new Windows jar signing client #1305

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

niravrsynopsys
Copy link
Contributor

Description

The new windows jar signing client enables signing jars using a Black Duck certificate and this server is centrally managed by release engineering. The code signing process is controlled by the "signJar" Gradle task.

This task needs to be updated to use the new signing client only for Detect versions 10.1.0 and above.

For all previous Detect versions, the Gradle task should continue using the existing code signing workfow that signs the jar with Synopsys certs.

JIRA

IDETECT-4518

@@ -256,7 +256,7 @@ task signJar() {
finalizedBy 'verifyJar'
doLast {
exec {
commandLine 'jarsigner', '-tsa', 'http://rfc3161timestamp.globalsign.com/advanced', '-storetype', 'pkcs12', '-storepass', "${jarSigningKeystorePassword}", '-keystore', "${jarSigningKeystorePath}", "${createArtifactName()}", "${jarSigningCertificateAlias}"
commandLine 'signing-client', '--username', "${System.getenv('SIGNING_USER')}", '--password', "env:SIGNING_TOKEN", '--server', "${System.getenv('SIGNING_SERVER')}", '--port', '8000', '--signer', 'jarsigner', '--output', "${createArtifactName()}", "${createArtifactName()}"
Copy link
Contributor

@shantyk shantyk Nov 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you check what certificate (BD or Synopsys IT) was used to sign the JAR after these changes? (Would running "jarsigner -verify -strict -certs -verbose detect-10.1.0.jar" and confirming there are no mention of Synopsys be good enough during the 10.1.0 release?)

@dmamidibd dmamidibd self-requested a review November 29, 2024 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants