-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recent versions of Java, including the most recent Java 17 release, now consider some bundles to be unsigned #661
Comments
I'll start version bumping them (touch is not enough as it will bump only qualifier). |
Thank you * 💯 |
Some of them moved to Java 11 BREE where they were stuck on older BREE. Tracked in eclipse-platform/eclipse.platform.releng.aggregator#661
Needed to get bundles resigned for eclipse-platform/eclipse.platform.releng.aggregator#661
Some of them moved to Java 11 BREE where they were stuck on older BREE. Tracked in eclipse-platform/eclipse.platform.releng.aggregator#661
Needed to force resigning. Tracked in eclipse-platform/eclipse.platform.releng.aggregator#661
Needed to get bundles resigned for eclipse-platform/eclipse.platform.releng.aggregator#661
Needed to get the bundle resigned for eclipse-platform/eclipse.platform.releng.aggregator#661
Needed for resigning for eclipse-platform/eclipse.platform.releng.aggregator#661
Bundles need resigning for eclipse-platform/eclipse.platform.releng.aggregator#661
Needed for resigning for eclipse-platform/eclipse.platform.releng.aggregator#661
Needed for resigning for eclipse-platform/eclipse.platform.releng.aggregator#661
I hope I did it all. Please tell if there is anything left after the next build is analyzed. |
I will keep an eye out for a new build and provide feedback. |
Only Obit things left now: One potential problem I noticed with split-package signatures:
I think it's best to open a new issue for that. |
@akurtakov I opened this as a follow up: |
I overlooked that org.eclipse.equinox.simpleconfigurator.manipulator is still in the list. 😢 |
I'll look to provide a PR... |
Another thing I overlooked 😱 is that we are pulling content from a very old version of Orbit for bundles that have not been migrated to recipes... https://download.eclipse.org/tools/orbit/downloads/drops/R20201118194144/repository Most of that content suffers from this signing problem: Only if we PGP sign these bundles will the problem be resolved. So I think all the ones list here: eclipse.platform.releng.aggregator/eclipse.platform.releng.prereqs.sdk/eclipse-sdk-prereqs.target Lines 50 to 88 in e1890a4
Would need to be listed here: eclipse.platform.releng.aggregator/eclipse.platform.releng.tychoeclipsebuilder/pom.xml Lines 48 to 51 in e1890a4
What do you think? |
@akurtakov I'm not asking you to do anything just asking your opinion. The latest test report: Shows these remaining issues: We could force PGP sign these. Should we? |
+1 for that. |
@mickaelistria Thank goodness we improved p2 to support the verification of this during that last release and that you did the Tycho stuff to generate it too!! |
Needed to get the bundle resigned for eclipse-platform/eclipse.platform.releng.aggregator#661
In particular this issue has kicked in
https://www.oracle.com/java/technologies/javase/17-relnote-issues.html#JDK-8196415
As a result, everything signed by this certificate between January 1, 2019 and when it expired is treated as unsigned:
For the platform specifically, this repository content of the most recent 4.26 I-Build is treated as unsigned:
https://download.eclipse.org/oomph/archive/reports-extra/4.26-I-builds/download.eclipse.org/eclipse/updates/4.26-I-builds/I20221109-1850/index.html
This includes many Orbit bundles, which needs to be fixed in Orbit, but also these platform project bundles:
I assume these would need to be touched to force a new version.
CC @akurtakov @jonahgraham @sravanlakkimsetti
The text was updated successfully, but these errors were encountered: