Project

General

Profile

Task #5057

Avatar?id=6023&size=22x22

Not all nightly maven artifacts are signed

Added by Wojciech Kapcia TigaseTeam about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Start date:
2017-03-13
Due date:
2017-03-17
% Done:

100%

Estimated time:
Database:
n/a

Description

Investigate why not all binaries are signed:

$ for f in `ls jars/tigase-*.jar` ; do echo -n "${f} :: " ; jarsigner -verify  ${f} ; done
jars/tigase-acs-muc.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-acs-pubsub.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-acs.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-ext-mailer.jar :: jar verified.
jars/tigase-extras.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-http-api-jetty.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-http-api.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-message-archiving.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-mongodb.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-muc.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-pubsub.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-server.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-socks5.jar :: jar verified.
jars/tigase-stats-collector-library.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-stats-collector-provider.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-stun.jar :: jar verified.
jars/tigase-unified-archive.jar :: jar is unsigned. (signatures missing or not parsable)

Related issues

Related to Tigase MongoDB support library - Bug #5091: tigase-mongodb - Build # 2098 - Failure!Closed2017-03-162017-03-17

History

#1 Updated by Wojciech Kapcia TigaseTeam about 2 years ago

  • Assignee changed from Wojciech Kapcia to Artur Hefczyc

After initial looking into the issue I found that jenkins is configured with:

<sign-skip>true</sign-skip>

I've tried:

  • enabling signing again, but this won't work because of SecurityException so it was intentionally disabled for maven artifacts:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.18.1:test (default-test) on project tigase-mongodb: Execution default-test of goal org.apache.maven.plugins:maven-surefire-plugin:2.18.1:test failed: There was an error in the forked process
[ERROR] java.lang.SecurityException: class "tigase.muc.history.AbstractHistoryProvider"'s signer information does not match signer information of other classes in the same package
  • in order to bring all artifacts to same sign state I tried tinkering with jenkins git-plugin and the strategy that we use for building all branches - however after trying various configuration options and perusing the code and tinkering it the internals (as well as chatting with the maintainer of the git-plugin) it was stated that currently, due to how it's marked, it's not possible to achieve what we want (we may consider utilising other solution, but that would entail re-doing all jobs and current setup works just fine for majority of the time); in the end I've re-deployed all artifacts manually (in un-signed form)

  • in the end I've change tigase-server configuration so now it would pull all dependencies, sign the and then include those in the resulting package - explicitly collecting signed binaries instead of relying on the maven dependency resolution:

tigase-server-7.2.0-SNAPSHOT-b4716 $ for f in `ls jars/tigase-*` ; do echo -n "${f} :: " ; jarsigner -verify -keystore /Users/wojtek/dev/tigase/.ssh/tigase_nightly_builds.keystore -storepass 'superSecretTigasePassword123456789' -keypass 'superSecretTigasePasswordPrivateKey123456789' ${f} 'tigase_nightly_builds'; done
jars/tigase-acs-muc.jar :: jar verified.
jars/tigase-acs-pubsub.jar :: jar verified.
jars/tigase-acs.jar :: jar verified.
jars/tigase-ext-mailer.jar :: jar verified.
jars/tigase-extras.jar :: jar verified.
jars/tigase-http-api-jetty.jar :: jar verified.
jars/tigase-http-api.jar :: jar verified.
jars/tigase-message-archiving.jar :: jar verified.
jars/tigase-mongodb.jar :: jar verified.
jars/tigase-muc.jar :: jar verified.
jars/tigase-pubsub.jar :: jar verified.
jars/tigase-server.jar :: jar verified.
jars/tigase-socks5.jar :: jar verified.
jars/tigase-stats-collector-library.jar :: jar verified.
jars/tigase-stats-collector-provider.jar :: jar verified.
jars/tigase-stun.jar :: jar verified.
jars/tigase-unified-archive.jar :: jar verified.
<sign-skip-server>false</sign-skip-server>

#2 Updated by Wojciech Kapcia TigaseTeam about 2 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Avatar?id=6023&size=24x24 Updated by Artur Hefczyc TigaseTeam about 2 years ago

  • Status changed from Resolved to Closed

#4 Updated by Wojciech Kapcia TigaseTeam about 2 years ago

  • Related to Bug #5091: tigase-mongodb - Build # 2098 - Failure! added

Also available in: Atom PDF