Details

    • Type: Task Task
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.0.1
    • Fix Version/s: 1.1.0
    • Component/s: None
    • Labels:
      None

      Description

      When I tried to install the latest Studio version (1.0.1) from the update site, I got a popup telling me that some packages weren't signed. (see attachement)

        Activity

        Hide
        Pierre-Arnaud Marcelot added a comment -

        Fixed now that we have the maven build.

        Show
        Pierre-Arnaud Marcelot added a comment - Fixed now that we have the maven build.
        Hide
        Pierre-Arnaud Marcelot added a comment -

        I confirm that verification is done against the signature applied by the jarsigner tool from Sun.

        Once we have moved to maven as build system, it'll be easy to sign every single jar in one shot using the 'jar:sign' task and a keystore.

        More information: http://maven.apache.org/plugins/maven-jar-plugin/usage.html

        Show
        Pierre-Arnaud Marcelot added a comment - I confirm that verification is done against the signature applied by the jarsigner tool from Sun. Once we have moved to maven as build system, it'll be easy to sign every single jar in one shot using the 'jar:sign' task and a keystore. More information: http://maven.apache.org/plugins/maven-jar-plugin/usage.html
        Hide
        Pierre-Arnaud Marcelot added a comment -

        Assigned to 1.1.0 and me.

        Show
        Pierre-Arnaud Marcelot added a comment - Assigned to 1.1.0 and me.
        Hide
        Pierre-Arnaud Marcelot added a comment -

        More information can be found here: http://wiki.eclipse.org/index.php/JAR_Signing#Overview

        Show
        Pierre-Arnaud Marcelot added a comment - More information can be found here: http://wiki.eclipse.org/index.php/JAR_Signing#Overview
        Hide
        Pierre-Arnaud Marcelot added a comment -

        This issue is not related to the package signing at Apache (when we release new version).

        I need to find more documentation about the way eclipse verifies plugin packages but it seems the verification is done on the jar signing (http://java.sun.com/docs/books/tutorial/deployment/jar/signing.html) done with the "jarsigner" utility from Sun.

        Show
        Pierre-Arnaud Marcelot added a comment - This issue is not related to the package signing at Apache (when we release new version). I need to find more documentation about the way eclipse verifies plugin packages but it seems the verification is done on the jar signing ( http://java.sun.com/docs/books/tutorial/deployment/jar/signing.html ) done with the "jarsigner" utility from Sun.

          People

          • Assignee:
            Pierre-Arnaud Marcelot
            Reporter:
            Emmanuel Lecharny
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development