Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Timesheets
Builds
Packages
Statistics
Child Projects
OneDev 10.9.4
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #775
Not all nightly maven artifacts are signed (#775)
Closed
wojciech.kapcia@tigase.net opened 8 years ago
Due Date
2017-03-16

Investigate why not all binaries are signed:

$ for f in `ls jars/tigase-*.jar` ; do echo -n "${f} :: " ; jarsigner -verify  ${f} ; done
jars/tigase-acs-muc.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-acs-pubsub.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-acs.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-ext-mailer.jar :: jar verified.
jars/tigase-extras.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-http-api-jetty.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-http-api.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-message-archiving.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-mongodb.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-muc.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-pubsub.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-server.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-socks5.jar :: jar verified.
jars/tigase-stats-collector-library.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-stats-collector-provider.jar :: jar is unsigned. (signatures missing or not parsable)
jars/tigase-stun.jar :: jar verified.
jars/tigase-unified-archive.jar :: jar is unsigned. (signatures missing or not parsable)
wojciech.kapcia@tigase.net commented 8 years ago

After initial looking into the issue I found that jenkins is configured with:

<sign-skip>true</sign-skip>

I've tried:

  • enabling signing again, but this won't work because of SecurityException so it was intentionally disabled for maven artifacts:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.18.1:test (default-test) on project tigase-mongodb: Execution default-test of goal org.apache.maven.plugins:maven-surefire-plugin:2.18.1:test failed: There was an error in the forked process
[ERROR] java.lang.SecurityException: class "tigase.muc.history.AbstractHistoryProvider"'s signer information does not match signer information of other classes in the same package

  • in order to bring all artifacts to same sign state I tried tinkering with jenkins git-plugin and the strategy that we use for building all branches - however after trying various configuration options and perusing the code and tinkering it the internals (as well as chatting with the maintainer of the git-plugin) it was stated that currently, due to how it's marked, it's not possible to achieve what we want (we may consider utilising other solution, but that would entail re-doing all jobs and current setup works just fine for majority of the time); in the end I've re-deployed all artifacts manually (in un-signed form)

  • in the end I've change tigase-server configuration so now it would pull all dependencies, sign the and then include those in the resulting package - explicitly collecting signed binaries instead of relying on the maven dependency resolution:

tigase-issue #7.2.0-SNAPSHOT-b4716 $ for f in `ls jars/tigase-*` ; do echo -n "${f} :: " ; jarsigner -verify -keystore /Users/wojtek/dev/tigase/.ssh/tigase_nightly_builds.keystore -storepass 'superSecretTigasePassword123456789' -keypass 'superSecretTigasePasswordPrivateKey123456789' ${f} 'tigase_nightly_builds'; done
jars/tigase-acs-muc.jar :: jar verified.
jars/tigase-acs-pubsub.jar :: jar verified.
jars/tigase-acs.jar :: jar verified.
jars/tigase-ext-mailer.jar :: jar verified.
jars/tigase-extras.jar :: jar verified.
jars/tigase-http-api-jetty.jar :: jar verified.
jars/tigase-http-api.jar :: jar verified.
jars/tigase-message-archiving.jar :: jar verified.
jars/tigase-mongodb.jar :: jar verified.
jars/tigase-muc.jar :: jar verified.
jars/tigase-pubsub.jar :: jar verified.
jars/tigase-server.jar :: jar verified.
jars/tigase-socks5.jar :: jar verified.
jars/tigase-stats-collector-library.jar :: jar verified.
jars/tigase-stats-collector-provider.jar :: jar verified.
jars/tigase-stun.jar :: jar verified.
jars/tigase-unified-archive.jar :: jar verified.

<sign-skip-server>false</sign-skip-server>
issue 1 of 1
Type
Task
Priority
Normal
Assignee
Artur Hefczyc
RedmineID
5057
Version
tigase-server-8.0.0
Spent time
66h 15m
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#775
Please wait...
Page is in error, reload to recover