[jbosstools-issues] [JBoss JIRA] (JBIDE-13407) Jar signing for JBT plugins/features
Nick Boldt (JIRA)
issues at jboss.org
Wed Jan 31 12:31:00 EST 2018
[ https://issues.jboss.org/browse/JBIDE-13407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13526820#comment-13526820 ]
Nick Boldt commented on JBIDE-13407:
------------------------------------
If we build in brew, we get signing for free.
If we don't build in brew, we have to sign each and every plugin by hand (via RCM ticket), then re-assemble the update site. For every CI or milestone or GA build.
Owners would be in PnT or RCM. Maybe Dave Russo's team (PST/SecOps) has budget for this.
There's also a maven mojo [1] that is used at eclipse.org for signing services which if we could hook up a similar back end, we could incorporate into our builds too - here's how it's used for DTP [2].
[1] https://repo.eclipse.org/#nexus-search;quick~eclipse-jarsigner-plugin
[2] http://git.eclipse.org/c/datatools/org.eclipse.datatools.git/tree/pom.xml#n290
> Jar signing for JBT plugins/features
> ------------------------------------
>
> Key: JBIDE-13407
> URL: https://issues.jboss.org/browse/JBIDE-13407
> Project: Tools (JBoss Tools)
> Issue Type: Feature Request
> Components: build, updatesite
> Affects Versions: 3.3.2.Final, 4.0.0.Final, 4.1.0.Alpha1
> Reporter: Nick Boldt
> Assignee: Nick Boldt
> Priority: Optional
> Fix For: LATER
>
> Attachments: JBDS6-STS272-install-from-central-Unsigned-Content-Warning.png, dialog_do-you-trust-these-certs.png, jbds-signed-plugins.png, no-more-jboss-unsigned-content-but-what-about-org.sonatype.png
>
>
> Investigate jar signing processes/options and locations of certs we can use for signing of JBIDE / JBTIS community jars for repackaging into JBDS product.
> Goal is to avoid seeing warning about installing unsigned content from Eclipse Marketplace, p2 installer, or JBoss Central.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jbosstools-issues
mailing list