| ... | ... | @@ -4,7 +4,7 @@ IT Infrastructure Doc |
|
|
|
|
|
|
|
## Website
|
|
|
|
|
|
|
|
### How do I setup my project website?
|
|
|
|
### How do I set up my project website?
|
|
|
|
|
|
|
|
Project websites are stored in a git repository separate from the actual
|
|
|
|
project code. Once a website repository has been created for your project, files you commit to the website repository are automatically published to eclipse.dev/xyz, where xyz is your project's short name. You are free to use any tools (eg: Hugo, Jekyl) to author and build your website, but the hosting service only supports plain HTML files (historically PHP was supported, but that is being deprecated here: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/1934).
|
| ... | ... | @@ -24,7 +24,7 @@ It also covers how to actually build your site via a CI job hosted at the Eclips |
|
|
|
|
|
|
|
### How do I use the Solstice theme?
|
|
|
|
|
|
|
|
Please see [this document](https://eclipse.org/eclipse.org-common/themes/solstice/docs/)
|
|
|
|
Please refer to [this document](https://eclipse.org/eclipse.org-common/themes/solstice/docs/)
|
|
|
|
for information on using Solstice.
|
|
|
|
|
|
|
|
### Use a database for my website?
|
| ... | ... | @@ -58,7 +58,7 @@ PHP support has been deprecated, and will be removed in the near future. |
|
|
|
### Upload files to the download server?
|
|
|
|
|
|
|
|
Downloadable files must be placed in the downloads area (\~/downloads,
|
|
|
|
or /home/data/httpd/download.eclipse.org) so they can be mirrored to our
|
|
|
|
or `/home/data/httpd/download.eclipse.org`) so they can be mirrored to our
|
|
|
|
mirror sites worldwide. **Please ensure only pertinent, current files
|
|
|
|
are in the downloads area**, as we cannot store an eternity of nightly,
|
|
|
|
integration and stable builds. Production releases can be kept forever;
|
| ... | ... | @@ -69,13 +69,11 @@ To upload your files: |
|
|
|
|
|
|
|
- Use [Jenkins](https://github.com/eclipse-cbi/jiro/wiki/Jenkins) to upload your files, see [How do I
|
|
|
|
deploy artifacts to
|
|
|
|
download.eclipse.org?](https://github.com/eclipse-cbi/jiro/wiki/Jenkins#How_do_I_deploy_artifacts_to_download.eclipse.org.3F).
|
|
|
|
download.eclipse.org?](https://github.com/eclipse-cbi/jiro/wiki/FAQ#how-do-i-deploy-artifacts-to-downloadeclipseorg).
|
|
|
|
(Formerly, SFTP or SCP client (in SFTP mode) was used to connect to
|
|
|
|
build.eclipse.org using your committer account, however this is no
|
|
|
|
longer supported).
|
|
|
|
- **Please ensure that the file permissions include world-readable (664;
|
|
|
|
rw-rw-r--) and directory permissions allow for world-executable (775,
|
|
|
|
rwxrwxr-x).**
|
|
|
|
- **Please ensure that the file permissions include world-readable (`664; rw-rw-r--`) and directory permissions allow for world-executable (`775, rwxrwxr-x`).**
|
|
|
|
|
|
|
|
<!-- -->
|
|
|
|
|
| ... | ... | @@ -158,7 +156,7 @@ Link to your download files like this: |
|
|
|
- **r** (DEPRECATED): specify 1 to automatically redirect to the best
|
|
|
|
mirror (the one that would normally be at the top) without asking the
|
|
|
|
user to choose.
|
|
|
|
- **nf** (DERECATED): specify 1 to get an actual 404 Not Found error if
|
|
|
|
- **nf** (DEPRECATED): specify 1 to get an actual 404 Not Found error if
|
|
|
|
the file doesn't exist (instead of a lovely page saying so).
|
|
|
|
|
|
|
|
The script will examine the Last Modified timestamp of the given file
|
| ... | ... | @@ -245,13 +243,15 @@ Your artifacts.xml (jar) should have a p2.mirrorsURL property. Here is a |
|
|
|
an example from
|
|
|
|
<https://download.eclipse.org/eclipse/updates/3.6/R-3.6.2-201102101200/artifacts.jar>
|
|
|
|
|
|
|
|
` <repository name='"Eclipse Project Test Site"' type='org.eclipse.equinox.p2.artifact.repository.simpleRepository' version='1'>`
|
|
|
|
` <properties size='4'>`
|
|
|
|
` <property name='p2.compressed' value='true'/>`
|
|
|
|
` <property name='p2.timestamp' value='1297373227427'/>`
|
|
|
|
` <property name='publishPackFilesAsSiblings' value='true'/>`
|
|
|
|
` <property name='p2.mirrorsURL' value='`[`https://www.eclipse.org/downloads/download.php?file=/eclipse/updates/3.6/R-3.6.2-201102101200&format=xml'/>`](https://www.eclipse.org/downloads/download.php?file=/eclipse/updates/3.6/R-3.6.2-201102101200&format=xml'/%3E)`;`
|
|
|
|
` </properties>`
|
|
|
|
```xml
|
|
|
|
<repository name='"Eclipse Project Test Site"' type='org.eclipse.equinox.p2.artifact.repository.simpleRepository' version='1'>
|
|
|
|
<properties size='4'>
|
|
|
|
<property name='p2.compressed' value='true'/>
|
|
|
|
<property name='p2.timestamp' value='1297373227427'/>
|
|
|
|
<property name='publishPackFilesAsSiblings' value='true'/>
|
|
|
|
<property name='p2.mirrorsURL' value='https://www.eclipse.org/downloads/download.php?file=/eclipse/updates/3.6/R-3.6.2-201102101200&format=xml'/>
|
|
|
|
</properties>
|
|
|
|
```
|
|
|
|
|
|
|
|
A more detailed description can be found at
|
|
|
|
[Equinox/p2/p2.mirrorsURL](Equinox/p2/p2.mirrorsURL "wikilink").
|
| ... | ... | @@ -307,74 +307,80 @@ performed at the end of a Maven Tycho build. |
|
|
|
Ensure that all created JAR files are correctly signed by using the
|
|
|
|
[eclipse-jarsigner-plugin](https://www.eclipse.org/cbi/sitedocs/eclipse-jarsigner-plugin/plugin-info.html)
|
|
|
|
|
|
|
|
` <plugin>`
|
|
|
|
` <groupId>org.eclipse.cbi.maven.plugins</groupId>`
|
|
|
|
` <artifactId>eclipse-jarsigner-plugin</artifactId>`
|
|
|
|
` <version>${cbi-version}</version>`
|
|
|
|
` <executions>`
|
|
|
|
` <execution>`
|
|
|
|
` <id>sign</id>`
|
|
|
|
` <phase>verify</phase>`
|
|
|
|
` <goals>`
|
|
|
|
` <goal>sign</goal>`
|
|
|
|
` </goals>`
|
|
|
|
` </execution>`
|
|
|
|
` </executions>`
|
|
|
|
` </plugin>`
|
|
|
|
```xml
|
|
|
|
<plugin>
|
|
|
|
<groupId>org.eclipse.cbi.maven.plugins</groupId>
|
|
|
|
<artifactId>eclipse-jarsigner-plugin</artifactId>
|
|
|
|
<version>${cbi-version}</version>
|
|
|
|
<executions>
|
|
|
|
<execution>
|
|
|
|
<id>sign</id>
|
|
|
|
<phase>verify</phase>
|
|
|
|
<goals>
|
|
|
|
<goal>sign</goal>
|
|
|
|
</goals>
|
|
|
|
</execution>
|
|
|
|
</executions>
|
|
|
|
</plugin>
|
|
|
|
```
|
|
|
|
|
|
|
|
#### Windows signing
|
|
|
|
|
|
|
|
To sign the Windows executables use the
|
|
|
|
[eclipse-winsigner-plugin](https://www.eclipse.org/cbi/sitedocs/eclipse-winsigner-plugin/plugin-info.html)
|
|
|
|
|
|
|
|
` <plugin>`
|
|
|
|
` <groupId>org.eclipse.cbi.maven.plugins</groupId>`
|
|
|
|
` <artifactId>eclipse-winsigner-plugin</artifactId>`
|
|
|
|
` <version>${cbi-version}</version>`
|
|
|
|
` <executions>`
|
|
|
|
` <execution>`
|
|
|
|
` <id>sign</id>`
|
|
|
|
` <goals>`
|
|
|
|
` <goal>sign</goal>`
|
|
|
|
` </goals>`
|
|
|
|
` <phase>package</phase>`
|
|
|
|
` <configuration>`
|
|
|
|
` <signFiles>`
|
|
|
|
` <signFile>${project.build.directory}/products/${product-folder}/win32/win32/x86_64/eclipse.exe</signFile>`
|
|
|
|
` <signFile>${project.build.directory}/products/${product-folder}/win32/win32/x86_64/eclipsec.exe</signFile>`
|
|
|
|
` </signFiles>`
|
|
|
|
` </configuration>`
|
|
|
|
` </execution>`
|
|
|
|
` </executions>`
|
|
|
|
` </plugin>`
|
|
|
|
```xml
|
|
|
|
<plugin>
|
|
|
|
<groupId>org.eclipse.cbi.maven.plugins</groupId>
|
|
|
|
<artifactId>eclipse-winsigner-plugin</artifactId>
|
|
|
|
<version>${cbi-version}</version>
|
|
|
|
<executions>
|
|
|
|
<execution>
|
|
|
|
<id>sign</id>
|
|
|
|
<goals>
|
|
|
|
<goal>sign</goal>
|
|
|
|
</goals>
|
|
|
|
<phase>package</phase>
|
|
|
|
<configuration>
|
|
|
|
<signFiles>
|
|
|
|
<signFile>${project.build.directory}/products/${product-folder}/win32/win32/x86_64/eclipse.exe</signFile>
|
|
|
|
<signFile>${project.build.directory}/products/${product-folder}/win32/win32/x86_64/eclipsec.exe</signFile>
|
|
|
|
</signFiles>
|
|
|
|
</configuration>
|
|
|
|
</execution>
|
|
|
|
</executions>
|
|
|
|
</plugin>
|
|
|
|
```
|
|
|
|
|
|
|
|
#### macOS signing
|
|
|
|
|
|
|
|
To sign the macOS executables use the
|
|
|
|
[eclipse-macsigner-plugin](https://www.eclipse.org/cbi/sitedocs/eclipse-macsigner-plugin/plugin-info.html)
|
|
|
|
|
|
|
|
` <plugin>`
|
|
|
|
` <groupId>org.eclipse.cbi.maven.plugins</groupId>`
|
|
|
|
` <artifactId>eclipse-macsigner-plugin</artifactId>`
|
|
|
|
` <version>${cbi-version}</version>`
|
|
|
|
` <executions>`
|
|
|
|
` <execution>`
|
|
|
|
` <id>sign</id>`
|
|
|
|
` <goals>`
|
|
|
|
` <goal>sign</goal>`
|
|
|
|
` </goals>`
|
|
|
|
` <phase>package</phase>`
|
|
|
|
` <configuration>`
|
|
|
|
` <signFiles>`
|
|
|
|
` <signFile>${project.build.directory}/products/${product-folder}/macosx/cocoa/x86_64/Eclipse.app</signFile>`
|
|
|
|
` </signFiles>`
|
|
|
|
` <timeoutMillis>300000</timeoutMillis> <!-- 5 min -->`
|
|
|
|
` <continueOnFail>${macSigner.forceContinue}</continueOnFail>`
|
|
|
|
` <entitlements>${project.basedir}/application.entitlement</entitlements>`
|
|
|
|
` </configuration>`
|
|
|
|
` </execution>`
|
|
|
|
` </executions>`
|
|
|
|
` </plugin>`
|
|
|
|
```xml
|
|
|
|
<plugin>
|
|
|
|
<groupId>org.eclipse.cbi.maven.plugins</groupId>
|
|
|
|
<artifactId>eclipse-macsigner-plugin</artifactId>
|
|
|
|
<version>${cbi-version}</version>
|
|
|
|
<executions>
|
|
|
|
<execution>
|
|
|
|
<id>sign</id>
|
|
|
|
<goals>
|
|
|
|
<goal>sign</goal>
|
|
|
|
</goals>
|
|
|
|
<phase>package</phase>
|
|
|
|
<configuration>
|
|
|
|
<signFiles>
|
|
|
|
<signFile>${project.build.directory}/products/${product-folder}/macosx/cocoa/x86_64/Eclipse.app</signFile>
|
|
|
|
</signFiles>
|
|
|
|
<timeoutMillis>300000</timeoutMillis> <!-- 5 min -->
|
|
|
|
<continueOnFail>${macSigner.forceContinue}</continueOnFail>
|
|
|
|
<entitlements>${project.basedir}/application.entitlement</entitlements>
|
|
|
|
</configuration>`
|
|
|
|
</execution>
|
|
|
|
</executions>
|
|
|
|
</plugin>
|
|
|
|
```
|
|
|
|
|
|
|
|
#### macOS DMG file creation
|
|
|
|
|
| ... | ... | @@ -384,66 +390,69 @@ to avoid that the application gets tampered. To create a DMG file the |
|
|
|
[eclipse-dmg-packager](https://www.eclipse.org/cbi/sitedocs/eclipse-dmg-packager/plugin-info.html)
|
|
|
|
can be used.
|
|
|
|
|
|
|
|
` <plugin>`
|
|
|
|
` <groupId>org.eclipse.cbi.maven.plugins</groupId>`
|
|
|
|
` <artifactId>eclipse-dmg-packager</artifactId>`
|
|
|
|
` <version>${cbi-version}</version>`
|
|
|
|
` <executions>`
|
|
|
|
` <execution>`
|
|
|
|
` <goals>`
|
|
|
|
` <goal>package-dmg</goal>`
|
|
|
|
` </goals>`
|
|
|
|
` <phase>integration-test</phase>`
|
|
|
|
` <configuration>`
|
|
|
|
` <source>${project.build.directory}/products/${product-id}-macosx.cocoa.x86_64.tar.gz</source>`
|
|
|
|
` <continueOnFail>true</continueOnFail>`
|
|
|
|
` <timeoutMillis>600000</timeoutMillis> <!-- 10 min -->`
|
|
|
|
` <continueOnFail>${macSigner.forceContinue}</continueOnFail>`
|
|
|
|
` <sign>true</sign>`
|
|
|
|
` </configuration>`
|
|
|
|
` </execution>`
|
|
|
|
` </executions>`
|
|
|
|
` </plugin>`
|
|
|
|
```xml
|
|
|
|
<plugin>
|
|
|
|
<groupId>org.eclipse.cbi.maven.plugins</groupId>
|
|
|
|
<artifactId>eclipse-dmg-packager</artifactId>
|
|
|
|
<version>${cbi-version}</version>
|
|
|
|
<executions>
|
|
|
|
<execution>
|
|
|
|
<goals>
|
|
|
|
<goal>package-dmg</goal>
|
|
|
|
</goals>
|
|
|
|
<phase>integration-test</phase>
|
|
|
|
<configuration>
|
|
|
|
<source>${project.build.directory}/products/${product-id}-macosx.cocoa.x86_64.tar.gz</source>
|
|
|
|
<continueOnFail>true</continueOnFail>
|
|
|
|
<timeoutMillis>600000</timeoutMillis> <!-- 10 min -->
|
|
|
|
<continueOnFail>${macSigner.forceContinue}</continueOnFail>
|
|
|
|
<sign>true</sign>
|
|
|
|
</configuration>
|
|
|
|
</execution>
|
|
|
|
</executions>
|
|
|
|
</plugin>
|
|
|
|
```
|
|
|
|
|
|
|
|
#### macOS Notarization
|
|
|
|
|
|
|
|
Since macOS Catalina macOS software that is published outside the
|
|
|
|
AppStore needs to be
|
|
|
|
Since macOS Catalina macOS software that is published outside the AppStore needs to be
|
|
|
|
[notarized](https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution),
|
|
|
|
so the Gatekeeper gets information about trusting the software or not.
|
|
|
|
|
|
|
|
As of now the notarization is not available as Tycho plugin. Therefore
|
|
|
|
As of now, the notarization is not available as a Tycho plugin. Therefore
|
|
|
|
the macos-notarization-service webservice needs to be used in the
|
|
|
|
Jenkins job similar to the following snippet:
|
|
|
|
|
|
|
|
` PRODUCT_ID=...`
|
|
|
|
` BUILD_DIR="${WORKSPACE}/${PRODUCT_ID}/target/products/"`
|
|
|
|
` DMG=${PRODUCT_ID}-macosx.cocoa.x86_64.dmg`
|
|
|
|
` `
|
|
|
|
` pushd $BUILD_DIR`
|
|
|
|
` `
|
|
|
|
` PRIMARY_BUNDLE_ID="app-bundle"`
|
|
|
|
` `
|
|
|
|
` RESPONSE=$(curl -s -X POST -F file=@${DMG} -F 'options={"primaryBundleId": "'${PRIMARY_BUNDLE_ID}'", "staple": true};type=application/json' `[`https://cbi.eclipse.org/macos/xcrun/notarize`](https://cbi.eclipse.org/macos/xcrun/notarize)`)`
|
|
|
|
` `
|
|
|
|
` UUID=$(echo $RESPONSE | grep -Po '"uuid"\s*:\s*"\K[^"]+')`
|
|
|
|
` STATUS=$(echo $RESPONSE | grep -Po '"status"\s*:\s*"\K[^"]+')`
|
|
|
|
` `
|
|
|
|
` while `[`${STATUS} == 'IN_PROGRESS'`](${STATUS}_==_'IN_PROGRESS' "wikilink")`; do`
|
|
|
|
` sleep 1m`
|
|
|
|
` RESPONSE=$(curl -s `[`https://cbi.eclipse.org/macos/xcrun/${UUID}/status`](https://cbi.eclipse.org/macos/xcrun/$%7BUUID%7D/status)`)`
|
|
|
|
` STATUS=$(echo $RESPONSE | grep -Po '"status"\s*:\s*"\K[^"]+')`
|
|
|
|
` done`
|
|
|
|
` `
|
|
|
|
` if `[`${STATUS} != 'COMPLETE'`](${STATUS}_!=_'COMPLETE' "wikilink")`; then`
|
|
|
|
` echo "Notarization failed: ${RESPONSE}"`
|
|
|
|
` exit 1`
|
|
|
|
` fi`
|
|
|
|
` `
|
|
|
|
` rm "${DMG}"`
|
|
|
|
` `
|
|
|
|
` curl -JO `[`https://cbi.eclipse.org/macos/xcrun/${UUID}/download`](https://cbi.eclipse.org/macos/xcrun/$%7BUUID%7D/download)
|
|
|
|
` popd`
|
|
|
|
```bash
|
|
|
|
PRODUCT_ID=...
|
|
|
|
BUILD_DIR="${WORKSPACE}/${PRODUCT_ID}/target/products/"
|
|
|
|
DMG=${PRODUCT_ID}-macosx.cocoa.x86_64.dmg
|
|
|
|
|
|
|
|
pushd $BUILD_DIR
|
|
|
|
|
|
|
|
PRIMARY_BUNDLE_ID="app-bundle"
|
|
|
|
|
|
|
|
RESPONSE=$(curl -s -X POST -F file=@${DMG} -F 'options={"primaryBundleId": "'${PRIMARY_BUNDLE_ID}'", "staple": true};type=application/json' https://cbi.eclipse.org/macos/xcrun/notarize)
|
|
|
|
|
|
|
|
UUID=$(echo $RESPONSE | grep -Po '"uuid"\s*:\s*"\K[^"]+')
|
|
|
|
STATUS=$(echo $RESPONSE | grep -Po '"status"\s*:\s*"\K[^"]+')
|
|
|
|
|
|
|
|
while [${STATUS} == 'IN_PROGRESS'](${STATUS}_==_'IN_PROGRESS' "wikilink"); do
|
|
|
|
sleep 1m
|
|
|
|
RESPONSE=$(curl -s https://cbi.eclipse.org/macos/xcrun/${UUID}/status)
|
|
|
|
STATUS=$(echo $RESPONSE | grep -Po '"status"\s*:\s*"\K[^"]+')
|
|
|
|
done
|
|
|
|
|
|
|
|
if [${STATUS} != 'COMPLETE'](${STATUS}_!=_'COMPLETE' "wikilink"); then
|
|
|
|
echo "Notarization failed: ${RESPONSE}"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
rm "${DMG}"
|
|
|
|
|
|
|
|
curl -JO "https://cbi.eclipse.org/macos/xcrun/${UUID}/download"
|
|
|
|
popd
|
|
|
|
```
|
|
|
|
|
|
|
|
A more detailed script is the [Oomph
|
|
|
|
script](https://git.eclipse.org/c/oomph/org.eclipse.oomph.git/tree/releng/org.eclipse.oomph.releng/hudson/repackage.sh#n91).
|
| ... | ... | @@ -458,42 +467,52 @@ Note that these plugins use the web services in the background. |
|
|
|
Using a web POST method, individual JAR files can be signed from any of
|
|
|
|
the internal Jenkins servers with this service:
|
|
|
|
|
|
|
|
` `[`https://cbi.eclipse.org/jarsigner/sign`](https://cbi.eclipse.org/jarsigner/sign)
|
|
|
|
[https://cbi.eclipse.org/jarsigner/sign](https://cbi.eclipse.org/jarsigner/sign)
|
|
|
|
|
|
|
|
The output of that service will be the signed file. **Please note** that
|
|
|
|
the web service does not pack or process jar files. You must
|
|
|
|
condition/pack them yourself **prior** to signing if you wish to do so.
|
|
|
|
|
|
|
|
` # JAR FILES: Submit unsigned-jar.jar and save signed output to signedfile.jar`
|
|
|
|
` curl -o signedfile.jar -F file=@unsigned-jar.jar `[`https://cbi.eclipse.org/jarsigner/sign`](https://cbi.eclipse.org/jarsigner/sign)
|
|
|
|
|
|
|
|
` # WINDOWS EXE: Submit Windows unsigned.exe and save signed output to signed.exe`
|
|
|
|
` curl -o signed.exe -F file=@unsigned.exe `[`https://cbi.eclipse.org/authenticode/sign`](https://cbi.eclipse.org/authenticode/sign)
|
|
|
|
|
|
|
|
` # WINDOWS MSI: Submit Windows unsigned.msi and save signed output to signed.msi`
|
|
|
|
` curl -o signed.msi -F file=@unsigned.msi `[`https://cbi.eclipse.org/authenticode/sign`](https://cbi.eclipse.org/authenticode/sign)
|
|
|
|
|
|
|
|
` # MAC: Submit unsigned and save signed output to signed.zip`
|
|
|
|
` # Note: You must zip your entire *.app directory for example: zip -r unsigned.zip Eclipse.app`
|
|
|
|
` curl -o signed.zip -F file=@unsigned.zip `[`https://cbi.eclipse.org/macos/codesign/sign`](https://cbi.eclipse.org/macos/codesign/sign)
|
|
|
|
|
|
|
|
` # If you need to set entitlements on your app / binary (see `[`https://developer.apple.com/documentation/security/hardened_runtime?preferredLanguage=occ`](https://developer.apple.com/documentation/security/hardened_runtime?preferredLanguage=occ)` for details), `
|
|
|
|
`` # add an `entitlements` part to the request like below ``
|
|
|
|
` curl -o signed.zip -F file=@unsigned.zip -F entitlements=@file.entitlements `[`https://cbi.eclipse.org/macos/codesign/sign`](https://cbi.eclipse.org/macos/codesign/sign)
|
|
|
|
|
|
|
|
Using the webservice is equally easy from Ant. Note that \${filename}
|
|
|
|
cannot be a path. Input and output file name can be the same.
|
|
|
|
|
|
|
|
` <exec dir="${dirname}" executable="curl">`
|
|
|
|
` <arg value="--output"/>`
|
|
|
|
` <arg value="${filename}"/>`
|
|
|
|
` <arg value="--form"/>`
|
|
|
|
` <arg value="file=@${filename}"/>`
|
|
|
|
` <arg value="--silent"/>`
|
|
|
|
` <arg value="--show-error"/>`
|
|
|
|
` <arg value="--fail"/>`
|
|
|
|
` <arg value="`[`https://cbi.eclipse.org/jarsigner/sign"/>`](https://cbi.eclipse.org/jarsigner/sign%22/%3E)`;`
|
|
|
|
` </exec>`
|
|
|
|
the web service does not pack or process jar files. You must condition/pack them yourself **prior** to signing if you wish to do so.
|
|
|
|
|
|
|
|
|
|
|
|
**JAR FILES: Submit unsigned-jar.jar and save signed output to signedfile.jar**
|
|
|
|
```
|
|
|
|
curl -o signedfile.jar -F file=@unsigned-jar.jar "https://cbi.eclipse.org/jarsigner/sign"
|
|
|
|
```
|
|
|
|
|
|
|
|
**WINDOWS EXE: Submit Windows unsigned.exe and save signed output to signed.exe**
|
|
|
|
```
|
|
|
|
curl -o signed.exe -F file=@unsigned.exe "https://cbi.eclipse.org/authenticode/sign"
|
|
|
|
```
|
|
|
|
|
|
|
|
**WINDOWS MSI: Submit Windows unsigned.msi and save signed output to signed.msi**
|
|
|
|
```
|
|
|
|
curl -o signed.msi -F file=@unsigned.msi "https://cbi.eclipse.org/authenticode/sign"
|
|
|
|
```
|
|
|
|
|
|
|
|
**MAC: Submit unsigned and save signed output to signed.zip**
|
|
|
|
**Note: You must zip your entire *.app directory, for example: `zip -r unsigned.zip Eclipse.app`**
|
|
|
|
```
|
|
|
|
curl -o signed.zip -F file=@unsigned.zip https://cbi.eclipse.org/macos/codesign/sign
|
|
|
|
```
|
|
|
|
|
|
|
|
**If you need to set entitlements on your app / binary (see [https://developer.apple.com/documentation/security/hardened_runtime?preferredLanguage=occ](https://developer.apple.com/documentation/security/hardened_runtime?preferredLanguage=occ) for details), add an `entitlements` part to the request like below**
|
|
|
|
```
|
|
|
|
curl -o signed.zip -F file=@unsigned.zip -F entitlements=@file.entitlements https://cbi.eclipse.org/macos/codesign/sign
|
|
|
|
```
|
|
|
|
|
|
|
|
Using the webservice is equally easy from Ant. Note that `${filename}` cannot be a path. Input and output file name can be the same.
|
|
|
|
|
|
|
|
```xml
|
|
|
|
<exec dir="${dirname}" executable="curl">
|
|
|
|
<arg value="--output"/>
|
|
|
|
<arg value="${filename}"/>
|
|
|
|
<arg value="--form"/>
|
|
|
|
<arg value="file=@${filename}"/>
|
|
|
|
<arg value="--silent"/>
|
|
|
|
<arg value="--show-error"/>
|
|
|
|
<arg value="--fail"/>
|
|
|
|
<arg value="https://cbi.eclipse.org/jarsigner/sign"/>
|
|
|
|
</exec>
|
|
|
|
```
|
|
|
|
|
|
|
|
Using the web service to sign Mac and Windows applications is also easy
|
|
|
|
from Tycho, see
|
| ... | ... | @@ -521,19 +540,21 @@ certificate, either using the Maven plugin from CBI, the command line |
|
|
|
utility, or the signing web service – see above. Once you have your
|
|
|
|
signed JAR, you can GPG sign it and stage it on Central like this:
|
|
|
|
|
|
|
|
` mvn gpg:sign-and-deploy-file \`
|
|
|
|
` -DpomFile=target/myapp-1.0.pom \`
|
|
|
|
` -Dfile=target/myapp-1.0.jar \`
|
|
|
|
` -Durl=`[`http://oss.sonatype.org/service/local/staging/deploy/maven2/`](http://oss.sonatype.org/service/local/staging/deploy/maven2/)` \`
|
|
|
|
` -DrepositoryId=sonatype_oss`
|
|
|
|
```bash
|
|
|
|
mvn gpg:sign-and-deploy-file \
|
|
|
|
-DpomFile=target/myapp-1.0.pom \
|
|
|
|
-Dfile=target/myapp-1.0.jar \
|
|
|
|
-Durl=http://oss.sonatype.org/service/local/staging/deploy/maven2/ \
|
|
|
|
-DrepositoryId=sonatype_oss
|
|
|
|
```
|
|
|
|
|
|
|
|
#### Publish to Maven Central
|
|
|
|
|
|
|
|
To deploy to Maven Central from your JIPP, you'll need the infrastructure team's
|
|
|
|
assistance to
|
|
|
|
|
|
|
|
- Create a project specific account at Sonatype OSSRH
|
|
|
|
- Generate a GPG keypair for your JIPP user
|
|
|
|
- Create a project-specific account at Sonatype OSSRH
|
|
|
|
- Generate a GPG key pair for your JIPP user
|
|
|
|
- Configure your JIPP to GPG sign and upload artifacts
|
|
|
|
|
|
|
|
It takes a bit of time but afterwards, you will only be required to use
|
| ... | ... | @@ -553,7 +574,7 @@ Central](Platform-releng/Publish_To_Maven_Central "wikilink") |
|
|
|
|
|
|
|
### Access/request Jenkins services
|
|
|
|
|
|
|
|
Please see the [Jenkins](https://github.com/eclipse-cbi/jiro/wiki/Jenkins) document.
|
|
|
|
Please refer to the [Jenkins](https://github.com/eclipse-cbi/jiro/wiki/Jenkins) document.
|
|
|
|
|
|
|
|
## Code Quality Analysis
|
|
|
|
|
| ... | ... | @@ -567,7 +588,7 @@ Please see the [Jenkins](https://github.com/eclipse-cbi/jiro/wiki/Jenkins) docum |
|
|
|
|
|
|
|
## Mailing Lists
|
|
|
|
|
|
|
|
### Setup a new mailing list?
|
|
|
|
### Set up a new mailing list?
|
|
|
|
|
|
|
|
Because Mailing Lists are subject to SPAM and can adversely affect
|
|
|
|
eclipse.org performance (imaging sending 200 e-mails to a list that
|
| ... | ... | |
