Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Even more webstart codesigning changes #2271

Merged
merged 9 commits into from
Apr 16, 2014
Merged

Even more webstart codesigning changes #2271

merged 9 commits into from
Apr 16, 2014

Conversation

manics
Copy link
Member

@manics manics commented Apr 8, 2014

The commit logs should explain everything, main points:

  • If http_proxy and/or https_proxy environment variables are defined they will be converted into the form required by Java when signing with timestamping
  • Removed release-webstart, add release-webstart-unsigned (no signing) and release-webstart-signed (self signed). release-all calls release-webstart-unsigned
  • Removed all existing jarsigning code, everything is done using omero_insight_sign.py (so update-version won't sign, since there's no way for it to know whether it should or not)

Possibly for discussion:

  • omero_insight_sign.py sits under docs/hudson but is called from build.xml
  • docs/hudson/OMERO.sh calls release-all to created unsigned artifacts, then signs the zip with omero_insight_sign.py. I could add a release-all-signed target instead to sign the jars in dist/lib/insight before zipping but this would mean we're not following the release signing workflow so closely.

Since most of the original PRs were done in a rush this should probably have a proper review- I've created a dummy PR at manics#2 which I think includes all changes (#2069 #2088 #2193 #2241 ... unless I've missed one).

@manics
Use system proxy environment variables
9528827
@manics
Add verbose option (prints out full jarsigner command)
91e4794
@manics
Check jarsigner is executable
f56a544
@manics
Log proxy args and directory to be zipped. Warn about password logging.
352f569
@manics
release-webstart build target replaced with signed/unsigned targets
b5bc770 
Removed release-webstart build target
Add release-webstart-unsigned target (doesn't sign jars)
Add release-webstart-signed target (self signs jars using omero_insight_sign.py).
release-all runs release-webstart-unsigned so the final artifacts will be unsigned.

webstart-sign target has been changed to use the omero_insight_sign.py script instead of the old jarsigner ant calls
@manics
Remove sign option from jar_update_if
9ea04a0 
This means update-version won't sign any updated webstart jars.
(Actually it didn't anyway since it was removed in commit ff99355, this just cleans up build.xml)
@manics
Remove the remaining unused code-signing ant tasks
a2740cc
@manics manics mentioned this pull request Apr 8, 2014
Closed
@joshmoore
Copy link
Member

@manics: major thanks for bearing with us for all these changes, but I have to ask: what's the definitive place to look for how to use all these wonders you've built?

@manics manics added the dev_5_0 label Apr 8, 2014
@manics
Copy link
Member Author

manics commented Apr 8, 2014

docs/hudson/omero_insight_sign.py will print out a help message. There were some changes to the Inisght manifest in an earlier PR (which is why we can't just sign an existing 4.4.10). Everything else is basically making sure things aren't self-signed for release, without breaking the expectations of developers who want things self-signed for non-release builds. It just took a few iterations and dead-ends to get there.

@sbesson sbesson added the exclude label Apr 9, 2014
@sbesson
Copy link
Member

sbesson commented Apr 9, 2014

Failed http://ci.openmicroscopy.org/job/OMERO-5.0-merge-daily/626/console. Excluding.

@manics
Copy link
Member Author

manics commented Apr 9, 2014

This is due to different jarsigner versions. I added a check to see if jarsigner was executable, on Java 1.7 running it without arguments prints out a help message and returns 0, on gretzky (1.6) it returns 1. Thoughts? Take out the check, or allow 0|1 as a return code and hope that works on all versions/platforms?

@manics
Allow jarsigner without args to return 0 or 1
86e8891 
Return code depends on Java version
@sbesson sbesson removed the exclude label Apr 9, 2014
@kennethgillen
Copy link
Member

86e8891 of omero_insight_sign.py will sign jars.

@manics manics mentioned this pull request Apr 10, 2014
Merged
@joshmoore
Copy link
Member 

(ome1)jamoore@blue:/opt/ome3$ git show simon/webstart_codesigning-dev_4_4:docs/hudson/omero_insight_sign.py > /tmp/sign44.py
(ome1)jamoore@blue:/opt/ome3$ git show simon/more_webstart_codesigning_tweaks:docs/hudson/omero_insight_sign.py > /tmp/sign50.py
(ome1)jamoore@blue:/opt/ome3$ diff /tmp/sign*

i.e. the just merged 4.4.11 version is identical to this new tweaked version, so in my opinion, 🚢. Will do tomorrow start-of-day unless there are objections.

@joshmoore
Copy link
Member

Missed start-of-day, but merging regardless. Thanks ever so much, @manics

joshmoore added a commit that referenced this pull request Apr 16, 2014
@joshmoore
Merge pull request #2271 from manics/more_webstart_codesigning_tweaks
ccd2df5 
Even more webstart codesigning changes
@joshmoore joshmoore merged commit ccd2df5 into ome:dev_5_0 Apr 16, 2014
@manics manics mentioned this pull request Apr 16, 2014
Merged
@manics
Copy link
Member Author

manics commented Apr 16, 2014

--rebased-to #2321

@manics manics deleted the more_webstart_codesigning_tweaks branch April 17, 2014 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dev_5_0
Projects
None yet
Milestone
5.0.2
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@manics @joshmoore @sbesson @kennethgillen