mirror of
https://github.com/eclipse-cdt/cdt
synced 2025-07-23 00:45:28 +02:00
Bug 572875 and Bug 572878: Sign .jnilib/.dll in production builds
Because the dll/jnilib is modified in place, the natives are qualified with their build date, rather than their git date as the checked-in libraries are not signed. Change-Id: I3078f5040f7ef9590bb4ab5d031dcb29b3c3bdde
This commit is contained in:
Jonah Graham
parent
cb56590d4c
commit
919f0a0086
12 changed files with 150 additions and 6 deletions
|
|
@ -2,7 +2,7 @@ Manifest-Version: 1.0
|
|||
Bundle-ManifestVersion: 2
|
||||
Bundle-Name: %fragmentName.linux.aarch64
|
||||
Bundle-SymbolicName: org.eclipse.cdt.core.linux.aarch64;singleton:=true
|
||||
Bundle-Version: 6.0.100.qualifier
|
||||
Bundle-Version: 6.0.200.qualifier
|
||||
Bundle-Vendor: %providerName
|
||||
Fragment-Host: org.eclipse.cdt.core.native;bundle-version="[6.0.0,7.0.0)"
|
||||
Bundle-Localization: plugin
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
<relativePath>../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<version>6.0.100-SNAPSHOT</version>
|
||||
<version>6.0.200-SNAPSHOT</version>
|
||||
<artifactId>org.eclipse.cdt.core.linux.aarch64</artifactId>
|
||||
<packaging>eclipse-plugin</packaging>
|
||||
|
||||
|
|
@ -58,6 +58,17 @@
|
|||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.eclipse.tycho</groupId>
|
||||
<artifactId>tycho-packaging-plugin</artifactId>
|
||||
<configuration>
|
||||
<!-- When signing binaries, the result is not checked into repo, so the
|
||||
jgit timestamp provider cannot be used. This has the side effect
|
||||
that the version of this bundle needs to be incremented on each
|
||||
CDT release. -->
|
||||
<timestampProvider>default</timestampProvider>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ Bundle-SymbolicName: org.eclipse.cdt.core.linux.ppc64le;singleton:=true
|
|||
Bundle-ManifestVersion: 2
|
||||
Bundle-Localization: plugin
|
||||
Bundle-Name: %fragmentName.linux.ppc64le
|
||||
Bundle-Version: 6.0.100.qualifier
|
||||
Bundle-Version: 6.0.200.qualifier
|
||||
Fragment-Host: org.eclipse.cdt.core.native;bundle-version="[6.0.0,7.0.0)"
|
||||
Bundle-Vendor: %providerName
|
||||
Eclipse-PlatformFilter: (&(osgi.os=linux)(osgi.arch=ppc64le))
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
<relativePath>../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<version>6.0.100-SNAPSHOT</version>
|
||||
<version>6.0.200-SNAPSHOT</version>
|
||||
<artifactId>org.eclipse.cdt.core.linux.ppc64le</artifactId>
|
||||
<packaging>eclipse-plugin</packaging>
|
||||
|
||||
|
|
@ -58,6 +58,17 @@
|
|||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.eclipse.tycho</groupId>
|
||||
<artifactId>tycho-packaging-plugin</artifactId>
|
||||
<configuration>
|
||||
<!-- When signing binaries, the result is not checked into repo, so the
|
||||
jgit timestamp provider cannot be used. This has the side effect
|
||||
that the version of this bundle needs to be incremented on each
|
||||
CDT release. -->
|
||||
<timestampProvider>default</timestampProvider>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ Manifest-Version: 1.0
|
|||
Bundle-ManifestVersion: 2
|
||||
Bundle-Name: %fragmentName.linux.x86_64
|
||||
Bundle-SymbolicName: org.eclipse.cdt.core.linux.x86_64;singleton:=true
|
||||
Bundle-Version: 6.0.100.qualifier
|
||||
Bundle-Version: 6.0.200.qualifier
|
||||
Bundle-Vendor: %providerName
|
||||
Fragment-Host: org.eclipse.cdt.core.native;bundle-version="[6.0.0,7.0.0)"
|
||||
Bundle-Localization: plugin
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
<relativePath>../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<version>6.0.100-SNAPSHOT</version>
|
||||
<version>6.0.200-SNAPSHOT</version>
|
||||
<artifactId>org.eclipse.cdt.core.linux.x86_64</artifactId>
|
||||
<packaging>eclipse-plugin</packaging>
|
||||
|
||||
|
|
@ -58,6 +58,17 @@
|
|||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.eclipse.tycho</groupId>
|
||||
<artifactId>tycho-packaging-plugin</artifactId>
|
||||
<configuration>
|
||||
<!-- When signing binaries, the result is not checked into repo, so the
|
||||
jgit timestamp provider cannot be used. This has the side effect
|
||||
that the version of this bundle needs to be incremented on each
|
||||
CDT release. -->
|
||||
<timestampProvider>default</timestampProvider>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -43,6 +43,17 @@
|
|||
</environments>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.eclipse.tycho</groupId>
|
||||
<artifactId>tycho-packaging-plugin</artifactId>
|
||||
<configuration>
|
||||
<!-- When signing binaries, the result is not checked into repo, so the
|
||||
jgit timestamp provider cannot be used. This has the side effect
|
||||
that the version of this bundle needs to be incremented on each
|
||||
CDT release. -->
|
||||
<timestampProvider>default</timestampProvider>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
|
|
|
|||
|
|
@ -66,6 +66,19 @@ clean :
|
|||
|
||||
rebuild: clean all
|
||||
|
||||
MAC_TO_SIGN=$(OS_DIR_MACOS_X86_64)/libspawner.jnilib \
|
||||
$(OS_DIR_MACOS_X86_64)/libpty.jnilib \
|
||||
$(OS_DIR_MACOS_X86)/libspawner.jnilib \
|
||||
$(OS_DIR_MACOS_X86)/libpty.jnilib
|
||||
WIN_TO_SIGN=$(OS_DIR_WIN32_X86_64)/starter.exe \
|
||||
$(OS_DIR_WIN32_X86_64)/spawner.dll \
|
||||
$(OS_DIR_WIN32_X86_64)/pty.dll
|
||||
production: $(MAC_TO_SIGN) $(WIN_TO_SIGN)
|
||||
$(foreach tosign,$(MAC_TO_SIGN) $(WIN_TO_SIGN),mv $(tosign) $(tosign)-unsigned &&) true
|
||||
$(foreach tosign,$(MAC_TO_SIGN),curl -o $(tosign) -F file=@$(tosign)-unsigned https://cbi.eclipse.org/macos/codesign/sign &&) true
|
||||
$(foreach tosign,$(WIN_TO_SIGN),curl -o $(tosign) -F file=@$(tosign)-unsigned https://cbi.eclipse.org/authenticode/sign &&) true
|
||||
$(foreach tosign,$(MAC_TO_SIGN) $(WIN_TO_SIGN),rm $(tosign)-unsigned &&) true
|
||||
|
||||
|
||||
# Windows x86_64
|
||||
# Windows DLLs have a build timestamp in them. This makes it impossible to have reproducible builds.
|
||||
|
|
|
|||
|
|
@ -133,5 +133,31 @@
|
|||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>production</id>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-antrun-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>natives</id>
|
||||
<phase>process-resources</phase>
|
||||
<configuration>
|
||||
<target>
|
||||
<exec executable="make" newenvironment="false" failOnError="true" dir="./native_src">
|
||||
<arg value="production" />
|
||||
</exec>
|
||||
</target>
|
||||
</configuration>
|
||||
<goals>
|
||||
<goal>run</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -58,6 +58,17 @@
|
|||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.eclipse.tycho</groupId>
|
||||
<artifactId>tycho-packaging-plugin</artifactId>
|
||||
<configuration>
|
||||
<!-- When signing binaries, the result is not checked into repo, so the
|
||||
jgit timestamp provider cannot be used. This has the side effect
|
||||
that the version of this bundle needs to be incremented on each
|
||||
CDT release. -->
|
||||
<timestampProvider>default</timestampProvider>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -47,6 +47,15 @@ all: $(LIBS)
|
|||
clean :
|
||||
$(RM) $(LIBS)
|
||||
|
||||
MAC_TO_SIGN=$(OS_DIR)/macosx/x86_64/libserial.jnilib
|
||||
WIN_TO_SIGN=$(OS_DIR)/win32/x86_64/serial.dll
|
||||
production: $(MAC_TO_SIGN) $(WIN_TO_SIGN)
|
||||
$(foreach tosign,$(MAC_TO_SIGN) $(WIN_TO_SIGN),mv $(tosign) $(tosign)-unsigned &&) true
|
||||
$(foreach tosign,$(MAC_TO_SIGN),curl -o $(tosign) -F file=@$(tosign)-unsigned https://cbi.eclipse.org/macos/codesign/sign &&) true
|
||||
$(foreach tosign,$(WIN_TO_SIGN),curl -o $(tosign) -F file=@$(tosign)-unsigned https://cbi.eclipse.org/authenticode/sign &&) true
|
||||
$(foreach tosign,$(MAC_TO_SIGN) $(WIN_TO_SIGN),rm $(tosign)-unsigned &&) true
|
||||
|
||||
|
||||
rebuild: clean all
|
||||
|
||||
# Windows DLLs have a build timestamp in them. This makes it impossible to have reproducible builds.
|
||||
|
|
|
|||
|
|
@ -227,5 +227,46 @@
|
|||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>production</id>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-antrun-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>natives</id>
|
||||
<phase>process-resources</phase>
|
||||
<configuration>
|
||||
<target>
|
||||
<exec executable="make" newenvironment="false" failOnError="true" dir="./native_src">
|
||||
<arg value="production" />
|
||||
</exec>
|
||||
</target>
|
||||
</configuration>
|
||||
<goals>
|
||||
<goal>run</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.eclipse.tycho</groupId>
|
||||
<artifactId>tycho-packaging-plugin</artifactId>
|
||||
<configuration>
|
||||
<!-- When signing binaries, the result is not checked into repo, so the
|
||||
jgit timestamp provider cannot be used. This has the side effect
|
||||
that the version of this bundle needs to be incremented on each
|
||||
CDT release. -->
|
||||
<timestampProvider>default</timestampProvider>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue