From f8038b6b586f32a417609600c45f1e1ced45be9c Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Tue, 23 May 2023 19:45:12 +0200 Subject: Revert 'Use net.i2p.crypto:eddsa directly from Maven Central' This reverts commit 7e094c6cf32d6b6c2e49c72d506149427e97c5ab. Reason: the maven artifact has a broken MANIFEST.MF with a mandatory dependency to sun.security.x509, which is an internal package in the JDK and moreover not needed by the bundle except for one test class that isn't in the bundle at all. This extra dependency makes the JGit tycho packaging build fail when Tycho 4 is used. We must keep using the Orbit re-packaging of this artifact, which does not have this unnecessary mandatory dependency. Change-Id: Ica15a5ddcada09686de3055b2b3daf081e3c5ffc Signed-off-by: Thomas Wolf --- .../org.eclipse.jgit.target/jgit-4.17.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.18.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.19.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.20.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.21.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.22.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.23.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.24.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.25.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.26.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.27.target | 14 +++----------- .../org.eclipse.jgit.target/jgit-4.28.target | 14 +++----------- .../org.eclipse.jgit.target/maven/dependencies.tpd | 13 ------------- .../orbit/R20230302014618-2023-03.tpd | 2 ++ 14 files changed, 38 insertions(+), 145 deletions(-) (limited to 'org.eclipse.jgit.packaging') diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.17.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.17.target index 0d735fe327..64dc0b1c40 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.17.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.17.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.18.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.18.target index 0f8cc197d5..137ea8091c 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.18.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.18.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.19.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.19.target index 0bc8f116cb..ce9239b755 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.19.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.19.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.20.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.20.target index a65894ceec..5251b63a2d 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.20.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.20.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.21.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.21.target index b66c977bd7..1777f44a64 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.21.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.21.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.22.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.22.target index 6692b4f596..91b6faee2e 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.22.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.22.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.23.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.23.target index 5ce07dbba1..fa4806b3be 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.23.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.23.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.24.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.24.target index 09b8fccaa6..76cbdea71e 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.24.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.24.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.25.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.25.target index 47f2af56af..1c82c39258 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.25.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.25.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.26.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.26.target index f3e052535c..4b20653cbe 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.26.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.26.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.27.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.27.target index 66de83ec80..3749fcda73 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.27.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.27.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.28.target b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.28.target index 150c051a64..62fcd32b5b 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.28.target +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.28.target @@ -1,13 +1,15 @@ - + + + @@ -170,16 +172,6 @@ - - - - net.i2p.crypto - eddsa - 0.3.0 - jar - - - diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/maven/dependencies.tpd b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/maven/dependencies.tpd index 05ba2f972f..cbb7d1e104 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/maven/dependencies.tpd +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/maven/dependencies.tpd @@ -96,19 +96,6 @@ maven bytebuddy } } -maven eddsa - scope = compile - dependencyDepth = none - missingManifest = error - includeSources -{ - dependency { - groupId = "net.i2p.crypto" - artifactId = "eddsa" - version = "0.3.0" - } -} - maven gson scope = compile dependencyDepth = none diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/orbit/R20230302014618-2023-03.tpd b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/orbit/R20230302014618-2023-03.tpd index 3b85df2778..8578b2cdf5 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.target/orbit/R20230302014618-2023-03.tpd +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.target/orbit/R20230302014618-2023-03.tpd @@ -6,6 +6,8 @@ location "https://download.eclipse.org/tools/orbit/downloads/drops/R202303020146 com.jcraft.jsch.source [0.1.55.v20221112-0806,0.1.55.v20221112-0806] com.jcraft.jzlib [1.1.3.v20220502-1820,1.1.3.v20220502-1820] com.jcraft.jzlib.source [1.1.3.v20220502-1820,1.1.3.v20220502-1820] + net.i2p.crypto.eddsa [0.3.0.v20220506-1020,0.3.0.v20220506-1020] + net.i2p.crypto.eddsa.source [0.3.0.v20220506-1020,0.3.0.v20220506-1020] org.apache.ant [1.10.12.v20211102-1452,1.10.12.v20211102-1452] org.apache.ant.source [1.10.12.v20211102-1452,1.10.12.v20211102-1452] org.apache.httpcomponents.httpclient [4.5.14.v20221207-1049,4.5.14.v20221207-1049] -- cgit v1.2.3 From 0d92f543f5a41d707daf9a8fd12bac26674f1502 Mon Sep 17 00:00:00 2001 From: Matthias Sohn Date: Wed, 3 May 2023 14:39:17 +0200 Subject: PGP sign p2 artefacts This ensures bundles directly pulled from Maven Central are PGP signed by Tycho. See https://docs.google.com/document/d/1MnDBvOUwKvKacB-QKnH_PzK88dUlHkjs-D-DWEKmvkY Change-Id: I2a9308c091e602d40a1c143edb506a3e43dd0dc2 --- .../org.eclipse.jgit.repository/pom.xml | 33 ++++++++++++++++++++++ org.eclipse.jgit.packaging/pom.xml | 5 ++++ 2 files changed, 38 insertions(+) (limited to 'org.eclipse.jgit.packaging') diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.repository/pom.xml b/org.eclipse.jgit.packaging/org.eclipse.jgit.repository/pom.xml index 2a127bc9b6..058aa695db 100644 --- a/org.eclipse.jgit.packaging/org.eclipse.jgit.repository/pom.xml +++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.repository/pom.xml @@ -107,4 +107,37 @@ ${project.version} + + + + gpg-sign + + + + org.eclipse.tycho + tycho-gpg-plugin + + + pgpsigner + package + + sign-p2-artifacts + + + E3E144E1 + true + + bcpg + bcpkix + bcprov + bcutil + + + + + + + + + diff --git a/org.eclipse.jgit.packaging/pom.xml b/org.eclipse.jgit.packaging/pom.xml index 8e0af18870..c9c2c4367b 100644 --- a/org.eclipse.jgit.packaging/pom.xml +++ b/org.eclipse.jgit.packaging/pom.xml @@ -286,6 +286,11 @@ tycho-packaging-plugin ${tycho-version} + + org.eclipse.tycho + tycho-gpg-plugin + ${tycho-version} + org.eclipse.cbi.maven.plugins eclipse-jarsigner-plugin -- cgit v1.2.3 From d3d0ec4290393d71d1557b7bd582234ab023e9eb Mon Sep 17 00:00:00 2001 From: Matthias Sohn Date: Tue, 9 May 2023 09:44:03 +0200 Subject: Update to Tycho 4.0.0-SNAPSHOT We need to update to Tycho in order to force PGP signing of the bouncycastle libraries which isn't supported by earlier Tycho versions. For that we need to run Maven on Java 17 or higher. In order to run tests on Java 11 add a `toolchain.xml` file into the `~/.m2` directory providing the path to Java installations: jdk JavaSE-11 11 /path/to/java-11 jdk JavaSE-17 17 /path/to/java-17 Change-Id: Ib0f18147826e5b4a7fa1f41590772516269de702 --- org.eclipse.jgit.packaging/pom.xml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'org.eclipse.jgit.packaging') diff --git a/org.eclipse.jgit.packaging/pom.xml b/org.eclipse.jgit.packaging/pom.xml index c9c2c4367b..0e1bea7b19 100644 --- a/org.eclipse.jgit.packaging/pom.xml +++ b/org.eclipse.jgit.packaging/pom.xml @@ -23,7 +23,7 @@ 11 - 2.7.5 + 4.0.0-SNAPSHOT jgit-4.17 @@ -36,6 +36,10 @@ repo.eclipse.org.cbi-snapshots https://repo.eclipse.org/content/repositories/cbi-snapshots/ + + tycho-snapshots + https://repo.eclipse.org/content/repositories/tycho-snapshots/ + -- cgit v1.2.3