-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Even more webstart codesigning changes #2271
Even more webstart codesigning changes #2271
Conversation
Removed release-webstart build target Add release-webstart-unsigned target (doesn't sign jars) Add release-webstart-signed target (self signs jars using omero_insight_sign.py). release-all runs release-webstart-unsigned so the final artifacts will be unsigned. webstart-sign target has been changed to use the omero_insight_sign.py script instead of the old jarsigner ant calls
This means update-version won't sign any updated webstart jars. (Actually it didn't anyway since it was removed in commit ff99355, this just cleans up build.xml)
@manics: major thanks for bearing with us for all these changes, but I have to ask: what's the definitive place to look for how to use all these wonders you've built? |
|
Failed http://ci.openmicroscopy.org/job/OMERO-5.0-merge-daily/626/console. Excluding. |
This is due to different |
Return code depends on Java version
Just in case any pedants are reading
86e8891 of omero_insight_sign.py will sign jars. |
i.e. the just merged |
Missed start-of-day, but merging regardless. Thanks ever so much, @manics |
Even more webstart codesigning changes
--rebased-to #2321 |
The commit logs should explain everything, main points:
http_proxy
and/orhttps_proxy
environment variables are defined they will be converted into the form required by Java when signing with timestampingrelease-webstart
, addrelease-webstart-unsigned
(no signing) andrelease-webstart-signed
(self signed).release-all
callsrelease-webstart-unsigned
omero_insight_sign.py
(soupdate-version
won't sign, since there's no way for it to know whether it should or not)Possibly for discussion:
omero_insight_sign.py
sits underdocs/hudson
but is called frombuild.xml
docs/hudson/OMERO.sh
callsrelease-all
to created unsigned artifacts, then signs the zip withomero_insight_sign.py
. I could add arelease-all-signed
target instead to sign the jars indist/lib/insight
before zipping but this would mean we're not following the release signing workflow so closely.Since most of the original PRs were done in a rush this should probably have a proper review- I've created a dummy PR at manics#2 which I think includes all changes (#2069 #2088 #2193 #2241 ... unless I've missed one).