From 823a3551423fd522f10e680470147d64d47cfdae Mon Sep 17 00:00:00 2001 From: Andreas Dangel Date: Wed, 18 Dec 2024 18:04:23 +0100 Subject: [PATCH] Use gpg signature --- .ci/README.md | 65 +++------ .ci/build.sh | 28 +--- .ci/files/pmd-eclipse-plugin.p12.asc | 125 ------------------ ReleaseNotes.md | 3 + .../pom.xml | 22 +++ pom.xml | 36 ++--- 6 files changed, 56 insertions(+), 223 deletions(-) delete mode 100644 .ci/files/pmd-eclipse-plugin.p12.asc diff --git a/.ci/README.md b/.ci/README.md index 25e1e2f4..caead13e 100644 --- a/.ci/README.md +++ b/.ci/README.md @@ -1,53 +1,30 @@ # Build Scripts for pmd-eclipse-plugin -## JAR Signing +## GPG Signing -Same solution as , using the Let's Encrypt certificate -for pmd-code.org: +Since 7.9.0, the plugin is signed with the same GPG key, that is used to sign the main PMD artifacts +for maven central. -``` -$ export CI_SIGN_PASSPHRASE=... -$ openssl pkcs12 -export -in Lets_Encrypt_pmd-code.org_2024-09-26.pem \ - -name eclipse-plugin \ - -password env:CI_SIGN_PASSPHRASE \ - -out pmd-eclipse-plugin.p12 \ - -legacy -$ jarsigner -verbose \ - -keystore .ci/files/pmd-eclipse-plugin.p12 \ - -storepass changeit \ - -keypass changeit \ - -tsa http://timestamp.digicert.com \ - path/to/plugin-jar.jar \ - eclipse-plugin -``` +See . -Note: The file "Lets_Encrypt_pmd-code.org_2024-09-26.pem" contains the private key, the certificate -and intermediate certificates. +Tycho's [GPG Plugin](https://tycho.eclipseprojects.io/doc/latest/tycho-gpg-plugin/sign-p2-artifacts-mojo.html) +is used for that. -Note: with openssl 3, the option `-legacy` is required in order to use the pkcs12 keystore with java8. -See +There is no need anymore to use jar signer and use a real Let's Encrypt certificate. -The file `pmd-eclipse-plugin.p12` is stored as `.ci/files/pmd-eclipse-plugin.p12.asc`, encrypted with PMD_CI_SECRET_PASSPHRASE. +**How it works:** -Encrypt it via: +* During build setup, `.m2/settings.xml` contains properties for signing: + ```xml + + sign + + ${env.CI_SIGN_KEYNAME} + ${env.CI_SIGN_PASSPHRASE} + + + ``` +* These environment variables (`CI_SIGN_KEYNAME`) are set by `pmd_ci_setup_secrets_private_env` + which is called by `build.sh` (but not for pull requests). - printenv PMD_CI_SECRET_PASSPHRASE | gpg --symmetric --cipher-algo AES256 --batch --armor \ - --passphrase-fd 0 \ - pmd-eclipse-plugin.p12 - -Decrypt it via: - - printenv PMD_CI_SECRET_PASSPHRASE | gpg --batch --yes --decrypt \ - --passphrase-fd 0 \ - --output pmd-eclipse-plugin.p12 pmd-eclipse-plugin.p12.asc - chmod 600 pmd-eclipse-plugin.p12 - -Signing the jar manually via `jarsigner` is difficult, since it changes the jar file and the p2 repo metadata -fails with the wrong checksum. Therefore jarsigning is integrated via [maven-jarsigner-plugin](https://maven.apache.org/plugins/maven-jarsigner-plugin/). See also . - -Note: The Let's Encrypt certificate is valid until 2024-12-25. But while signing a digital timestamp is created -using [DigiCert's Timestamp Server](https://knowledge.digicert.com/generalinformation/INFO4231.html). That's -why the signature is valid longer than the certificate. - -Note: Eclipse 2022-03 seems to check now the expiration date of the certificates. -See . +* The tycho gpg plugin is activated only when profile `sign` is activated. diff --git a/.ci/build.sh b/.ci/build.sh index 27de9c55..2f804474 100755 --- a/.ci/build.sh +++ b/.ci/build.sh @@ -51,7 +51,6 @@ function build() { pmd_ci_setup_secrets_private_env pmd_ci_setup_secrets_ssh pmd_ci_maven_setup_settings - extract_keystore pmd_ci_log_group_end if pmd_ci_maven_isSnapshotBuild; then @@ -68,17 +67,10 @@ function snapshot_build() { pmd_ci_log_group_start "Snapshot Build: ${PMD_CI_MAVEN_PROJECT_VERSION}" pmd_ci_log_info "This is a snapshot build on branch ${PMD_CI_BRANCH} (version: ${PMD_CI_MAVEN_PROJECT_VERSION})" - # Build 1 - without signing but with tests - ${xvfb_cmd} ./mvnw clean verify \ - --show-version --errors --batch-mode --no-transfer-progress \ - -Dtarget.platform=${TARGET_PLATFORM} - - # Build 2 - with signing, but skipping tests, pmd, checkstyle ${xvfb_cmd} ./mvnw clean verify \ --show-version --errors --batch-mode --no-transfer-progress \ --activate-profiles sign \ - -Dtarget.platform=${TARGET_PLATFORM} \ - -Dpmd.skip=true -DskipTests -Dcheckstyle.skip + -Dtarget.platform=${TARGET_PLATFORM} # Upload update site to sourceforge local qualifiedVersion @@ -125,17 +117,10 @@ function release_build() { pmd_ci_log_group_start "Release Build: ${PMD_CI_MAVEN_PROJECT_VERSION}" pmd_ci_log_info "This is a release build for tag ${PMD_CI_TAG} (version: ${PMD_CI_MAVEN_PROJECT_VERSION})" - # Build 1 - without signing but with tests - ${xvfb_cmd} ./mvnw clean verify \ - --show-version --errors --batch-mode --no-transfer-progress \ - -Dtarget.platform=${TARGET_PLATFORM} - - # Build 2 - with signing, but skipping tests, pmd, checkstyle ${xvfb_cmd} ./mvnw clean verify \ --show-version --errors --batch-mode --no-transfer-progress \ --activate-profiles sign \ - -Dtarget.platform=${TARGET_PLATFORM} \ - -Dpmd.skip=true -DskipTests -Dcheckstyle.skip + -Dtarget.platform=${TARGET_PLATFORM} pmd_ci_log_group_end @@ -289,13 +274,4 @@ For older versions, see index.md } -function extract_keystore() { - local -r keystore=".ci/files/pmd-eclipse-plugin.p12" - pmd_ci_log_info "Extracting keystore ${keystore}..." - printenv PMD_CI_SECRET_PASSPHRASE | gpg --batch --yes --decrypt \ - --passphrase-fd 0 \ - --output "${keystore}" "${keystore}.asc" - chmod 600 "${keystore}" -} - build diff --git a/.ci/files/pmd-eclipse-plugin.p12.asc b/.ci/files/pmd-eclipse-plugin.p12.asc deleted file mode 100644 index 7c10d3c2..00000000 --- a/.ci/files/pmd-eclipse-plugin.p12.asc +++ /dev/null @@ -1,125 +0,0 @@ ------BEGIN PGP MESSAGE----- - -jA0ECQMC3lYjPizwIg//0uwBZKdSRgKFZBPhwg3biULxedCJ1mg9PDuMfxXlwGSO -sesVx/czjuCdm2clDCqgFGGuTMLp8Mwzj1hEqfrVcsNda6l76VBVEkRYX4xPq3to -2BCnRlt/8CnJjozkkbvHxysel9L3oNmX2T81xpVoITw/+EqcdWeLL3geh37gxaa9 -h72VRSPOTJAvjsKo/gAKZJXq/6fSeS/RtAzEufCOZUOVcKIeCXVKhmnkVRwWLYvm -6TxlHuGvIH2YZfwr0QH1AC/U+iziBkfnVuQ8DBIVVRiI0LtYfROT+Sty2HKOwQWF -FPQe34bbYlL//JUzYgv6D8YaJXR9vobl/RTbdL5DwGySowkbvsRh7B99DMq9xTAs -zBkHzyeLUcxfzpvu+yQ4FDSv1CByLVSZR9shATd6BMQA4venAHmB8jwjNKx4F1JN -6qPwcvUAYorwrKwdBIN2tEiEAlSnPYxgEhpxh1rxwDTGwiiI1y3COehnuDUr/o08 -2vf9rAbN9p7n/sMjOP0K0852oWV+BZnpuQgszMP+gDrTMkso+IENOi1Ze8KJxGbt -ZRfV7O4eVDdKcCILGFsfGUX1pEl9DhDUxWDwP/DrPdKsQ1iOzNgilO3ThNwt2i1+ -t0gQyrun/02zytpUz7dvidTH5JkJkI2q0mg6cZpdQTUHnyZYwOmeELFEcCxXQqAY -B4EIjAD4llL/UlUBCSEOJ+bgojehml5rjmGiome4mIt/lpWAx39sxU98EUORsSiU -l8mSzzqnhvYGaO+4Fi08dB7vVsDcTOac6h7y/tDV7R1di7jxxeEuXILXB3sVXDrn -ipoYd+7XRtaZzsyapiPCGVAB2MNcux+n7GuKAD29Ix9Cx0LBYqhg2yLvKyApShJq -bTFDYkthcOzP5EEVnCgIvt95DRYv++6QeXHNnoG1ULxtvIGQATxlbRgKdRwY798C -rkJyU2QQgcFSCjf4qx38Y5dyzpGPIccNNoSLuDqsjuYDQ23oFG8Mg9y3uw7CzWuz -sa2KzK4oXndugG1mKmcBq3kJdhq3K5E2ybacUWwEwegWxQZzVhX7dLlCrmOq5bp9 -O/3GAEWTke3HHBv4K8CyCqhrAyBNPI/PG6zQ4PrvOYMc9YjwqO3glAKEVN6In+fJ -Lqa7zes4HN+XgPQf7OAL65KpnmH+qfj/OTle1I6Pf+7KOM8GxyC/3RCmdW5Zefwx -W1SIfFBhUZcWXWAuixbY1k4AN5dmKFm36CuCe5lG6pLG/jrrCilsNuWzWIl+Kd2N -9exKRYetL9ZC4P+Fe3IA/EQcmxE0jBc0eJvxLyzpDech//kIHez9zgCoYlinuGeV -xvqwWHeLFAA8a39dMGsglanD2vRGxsWXfrDLe+hri8COZVsOMrRR0cyRxcM6jCff -0yOyQ2zuf/K06jd3u4eCH9B+uEGUfGNIJigJIhUTQu1JkWVvNPw8MQvUYAJvxHf5 -pg/nG5+6HE4Q4tgQIaCwBhg8pNFRYG/8BNYGCea1f9cyoakQjwdbeqBjZGU5dyHU -jyVr0wTcUJlcMq8W19vUqEkTGBeEUlxLcUrtQPFtO4yWGpCwtoDvCWm83zzYIYYn -yh0Lvy26mLLp05HVL4DkWdNUhCS6fq91WWk4L3CZmF9JZiI6Oi6GwGeY0upDDoc/ -8Jwq4/gTzML3VRTyqy1UD+iP/gthmyS+6efpeU7cUzvuphc0qJHAJSUE8s0HHZTD -W+sTP5BFw2frRHUw9uXEg+8KF+Cw9vJ+pSS7wm43FR8UOFf1COXRDPu1lrc3vfJa -hECeiPhyx0sf9hL6BUyVkdPrFwqg44zZrL7svR1G52jrggWFfvlDwNR5MMJsUIq/ -ecSpTqHEwb30xXXs69COIzIQ+i6rGkZqy0NNV37qreQh83+CPdxlXkwfN9sTosYj -xcCtkkBwVyATlvhoF3wMSih3P0ttTc1f1R/vOVx+/cAhtO/Xh0M0nwEYPCfhlB1y -3HzmKVRlOiZNDTgb4kyAnnsujNyCuoVzAS2Om3GmurbnItb9XRxfvCjkUAzT6yZd -QNMR+196dPSQgzXJt59+o6PZNbSHRz6PahxucD1fjRAkRI7SyU2cJUu9jXo9opPU -mXj/GwJJNwVq5uX/WKisLfqnAg9YAttRXGCYYotW0MHQEdXBbMK0p3Qj0ftc8xzX -mp7aIjlt//y6l64SA3HBRGoJel04xishBLdKtvsj9Olg7kN6rzwYrrAW7kLEGY3s -4eADauxxe3pDsgl8Lwnt0+tYFQZIpfuiG0NHTPfgRZ/6LFmic1deLgsSQsccm7hR -bqGSDgBDaPSfA4+ga1GweGqusNmZ3xT1Pea4rCCyK1VwH7j/oGewQEODhXlQG8YB -iDz55a8UZt/2tyEueLhq19zx2RyDqgAubjX/4QFPNlypfau/kCuqtzTj9Ntr50qC -AupibMzN2Qm10MSUfnigDVHLG3WSSdH0TpNC+KG3Ep6AraSO5Uj8QH7pcQJnz8R4 -vD61uY7JJA1unjsi7foDm7yV9gHi52V16kAw5sMlI0lFxOHOF1SnU20mWVY3Zo/7 -E8lI2IT9NqBAK6ydGwmsgxU/knEB152sNsSu4dgmSuSBgfIctELBRCqE1Ni/cLI+ -3RmHsnk3r885DvvCNaKp7Mc7v+2mNPlsR6+zToNGc7K1twh2DA2AzTmMpA9+FEfD -aB5J0btjr18QXrYHGonfgd7HlcOWkkfW+pyAsslZBm7HE3VmS/MGKTBi3N9JVgqk -xa8p0Nte309s69Rc7qbIW4fPdoYBD/qR6daafia8/FI5d7ySTU9XfQuXtDT8izuP -zyMZl/W2gVp/j/7XQb885K5n8YVeisSc2TNsMs4pZdDRKr0Iat2EfGeFoTH/nR7I -fTdxfAGZ74JrMUdP+erguL3JJdVNZFopBgrbtazmjRBs2YuFAvNn8UyBBgbZP2Pz -Sshgii1NkxH9EfEnNJ9C1dfcSEbLwTO/PqS4KVFN3iA0Ea1czVEqS5+DSmKiK1yN -YGuKEHGNz1azjsu4DwwEDJeiKxwLOlK03Wou44HQYY5dE4nAW9D1nWxaNlp6NngH -5Xq/dQ529NCeM4LlW7CIUYWRijakaH4UfkK0SFTNKB3YLsp6bnYFOhwR8SN2OIkM -KxfiTDt5D0AeNwtfvCz2Xhdta+ERQiYqfpcccrMDuqR+pexqxOYYKxcn1u5AfWo4 -0wYriPmzvEK2AwY2QerCaAjR/WCSZpklXA7mNXEpAZ5Q3ghsFhf3FUEnk+3UdVF6 -q883ryHy5EoHWWl4IKbAhSOjQiWiI5j+cq2hO8hZZ3YCtkj0nM/tIpl8Xjo4oBAf -NPPQfQDPpNMTQqmvAMWYoIZkEjIWZXQSCXXzlYnUVslSqeWdmvIcgzGdDDSW572y -tm9U+E0mZ0VYjT6t0ivbjNgrJnSnrTkHO85rlUTTj3a8qhzMea/S5HkJc0W/DSrY -U4iF/QwiSZvZGcppWwS4/coHRL2s0DtMCiYLpV0jrrh7e7tBf7IylhU+fwVlVTCp -aeoz1Ype349nCat5y4eB6J86M+zkoT3oag6UUwMqioezWXgqV8TRPinVjhXcnN0X -Wlll+gE5mLaG19PBZXWuLCvA8CkDd4DsJfqDKbvAn6ToNOUFeJ/YTT02zaSYEO+z -BmgrGk47EWkgwEtmTqc12j7IvAtgLEM37uV3vn/NZ34LV0rnvuzL4zgVJ73AP+pK -UqZwHAxHY6MoLijnhjePNrWaiEzxismoTnuGXoicyTSQjKuqzMS6A/GI9ve4qp1A -wHnSPG8Bhzju23Qi/XYUYQwX3B4sHb7gokJjzsRa0O8KFjeGmRVBVXo7td7l9vJ2 -zLRkslJEV8JYml2mdLCjDuknxDI+NyWj0CCYdmX865kg6S+QZHyvVovY/Y24/KRa -Z1+SujJRD6oXSHMznyOcL4VMn074vjVxUvygN7CXi0ksWKFozdOnX+psGXFC2sJu -7qdbf9RUOtRXl/ttxL5kkw1PYMOmxouQ73NzfHyr2OCvjg4XT8XeQDswcgoluWIb -41gdaC38xvD9FnKDP47Gp6mS5wkIuYe9SDZhH7qByX+c8ttFQRF99of/U3yARBKi -BD9dPbBKhNbdz7E6sSObnpwfGPRkbh9Xvi4vHd8WPatpBfeoV/uZcsLPyWzls7oa -FmjGQRQ2qf862ilbjcjc0Mv1U6bh+4Ci/roVAiAFp5LcxhbfU/t0LHVsHjF45fcb -fgibvzW69eRzd5ARGj+6yNqnrbI6I7uGGkzmbYvnpw4KA+jVh5CSTewdcmY2bhKy -mItQMuF51DE/MMn5WoATKFXJQOI/ZxKeX/a+L9p515zZCR/IuT5xH/pdWyX8mD8T -Lj+P21wFQsJlXGNQPurEiaHc4jtS+1D+y9PaEqsC3AZB3uDCG/y4xSLbn6QwGog/ -lAhzeOVpXp8bhABDXgkfEs/ISVcp3tsKcVriVNpCu06ipSDOSCBK9dVIC4pWAeYU -BMmRAdTjlEYvnYUgYeNo2QhObpH+Vq7QtmZV+6XN3vBqOpMh7nSFnTdEin9YDlgD -TWLhVE5DehvFaQhkXmc7ldqGb/egGn1XDcwVZSqp4TDo1qMSyM3LnwrxLpJKZDje -ZI00SA99EN2cZf3f49REWeI9f2BF/H5AsDpMbhVXYKqEULLmI/OUO4Jfk55B2c85 -ncTVajif9GQn22qRp14Lqy4f1wbzoCIIt2mh7lRlomHXM5jUSeF8a8Kdbh8SU+Di -jAmFMUe5fpaQ/e0JwPQeIW1Lu2aciod8ey/KjCjQghtrRmqNm3f8eKNVkgS97WaJ -gwCrcsOPfanE0kjLsKwTSy62f8kS9U+NhP7fBo/on98yZBcY+edj4cm/5U325GUY -jRPNZjp3gRRJh5v7d6ac6ueEVojFPsTvvQeyhCkpws4i/dl4npStXQ+QVKRGXxS8 -dueWcr/oI2gEsC00JvMbMO9uOK2VzcvQteI5WnLeE7iCjx9J6NcX9Gh6v1VQGwd+ -93fyX0kjLzgLBAKfO7zokffJxtnMAc42vS8BQ111SNbvul9eZtWrs+su352OCcZO -RoRNRk0JXA+LSaUC/32u3PRcXtEz6CJE1F1vQrOAdpE3Ineche27e5Wq8J8oHJmg -+T3m5P/eGObqSHCYVgAGvHhZSmoW7VkOCYHB1JYT1t1916BmHBZ1tfCDK58oT9z/ -YqOgyhKA/vETDKQtRNdEITA4BAlqkS6MCSjA4N2QY97zkV846aPLvJhouYz33B4y -YBCJyoRdD6yggekPYX2HZZ0PcNNcW2It4TsvI2PtmdFXX7c6ucWqiS85gLFbk4jD -79XlgwBndVXGGlEL4j9AKJgXz084ZNf2OUH/WculZ0MQ2Uh41qSUQz/kAMitS1WH -Dc6NwA4coZlSZOkG8R5ReeoBCQKulrilZNfQ+bohnYeP51/LYcJyLl8MTTOFhGDx -MKWvV22F0Xy2koXbF28rKv99IUPccbK4XFkC6RadKNEQ6hyWOfDypJonPWPSm/57 -8wU5Bel/4KJ+rihMBE+7ScvxFIj2jj3HtSPac2LH1z/FUlzAOeTvWcfWvlbCtIdu -HRtZASIHbvi+DayrtSJXH8mxfGTQp8ckNC2XUmQIeCw7RqSj0n0Fr7FDesjXwbeS -H2qp2qJ6HVRf+91avdK8tNc8L23wHPAvOu4sI7XgopSXPxmNHX2C4/fQjivbyeMD -uYvKzbBSexUTZ+/LzUkSo7exRc5UXon/s6K5hvm2FB5NGMg+HKVeWwW3FQcR3N5l -32RcXgRjE1THiAqRstPsMejIwvZbz/D505QOKjAVEGLWv/p/jcKpdNpYUyvqePV0 -gJMsXZktbaLjK+dppATdQeFUXmVv7wJNuXgPyC8ydG+2aH8wwgol+Yk5LMFmNZ/u -bYT1yYYO5vqFqsf6sbZLq5ceBl3pkuTRFaAiH3XxIcWBKX6v48qD1SdDiCFQqbD1 -nsRRdglx+aiia/4bwSK9NcArlxDtsfkiG6X6DZRJiqmZrshs1twNeHciQ6jAgzUA -QsLoV0XAjjiBx5mNbgpbtySVeQ3g//6+fdMvWNgSzNhGKX+nncsTjmYfFcVbGaKE -1ohRYgNmRgN4jT/pFafLFro9VgHmlPgS0m/H+Fa9u4ym6RO+M++PDIQ05YAVKkxc -xMcAo+wEUyzjq5F+J2GzjnnZ827lUzi9UzN47WRHw8DLxDJyHVXFfVdIlnNkeuqz -1ba8WX5NJ7egxMxMk+ZrcOmGO6cFIrWoDK5dQgzgK+2ifz0POLMcpwLi/HHCJwTl -14V1PjpV3U5a/HtmyefwqfpyyGGGiXyXQM30sGxFtfmoslTcY7E4j7pwGJJVN+yp -TChxWZ8E7BkPnqfpyvD+Z3pGHJo2vsvNBzGvqKbp5TJSr+twzWSi9G5UbKPQ2QaQ -VYegU63840FrwWp4biVbIoYV1TFVqyVDsny4/azykils9o6EHgbai89IuxAaQj8F -EUwRZErbGakjnlUy2RZA3g1gtAzJx6UKHrv6AwIgrxfBv2XrwGz+FNLq/ZwPmmTx -5U2dB3ujm0+ZPAftZzkKakKbvc+oB2vG4/m4+b8vyyEAe+GZCnu1DcglmXuUIKAz -7nkvzrgZ8W4Zyn7y9QiulPR9rL38H/13A2/VFCjLDHnvWKs30BzWBQTl0c2OCJg6 -6Z1jNsPjT6tuL1JKXIYEFLNIWibdyvoQwB2460XRS632OVGi15rgPXaxFqsbzSrr -wvtWYAyUPDD8QHhXMStHuQTPupd+Wl4VrG8Xk3jsVyrhT4DsIDzDMHHg8LLf3rmg -5/Xo46u8Rgn7kftMbKQz+IlFXm4Gm3qujehEaZIcVxXbqOlYHOB0hLatOkUt3mzs -5tHpi7Jq/DEDK8qjXJCsd43mv6eJHAQa/rx3INEDOmJq4tANd2VxXPo40oTZHU4m -z6qMPyJSq07F4rGIz0cwdiOSbiUuAX3P8v91PdmU9JDoAjicWZ85FJ6L0rmhwM5o -+mAVhflJnFFCO7ESKY1CM2HouCT4ah41STteiYAd6Kxd3ziOjeq8qy7FjKt1oPWR -7EYJEijsITU/gok/7Lip2vOHcTtwZR5GwhN05EvKdO/JqHdFMIdhalUhMdr9g3Z6 -0Q3mbML5Ubjjbr3NuWSia+LP4YlebkImdeBP5F1WFtQ1dbzkoYbGAifGqhBahSY7 -2LAAgUaxEe+slWVBtMslHY66o9v3oju6r/lH+tPducD8w9y+jrnrju1a/w1VERVB -7TdxbfJ9+HrLWpkn8YUPsdO9rnH/ledWJ24FR94Vn5WDDT4qD8nCW4NzNyMRtIjL -13Td4UyDEqN7JuORrwrEtEz5HrurxtHpXL7ys8HGQxjfnLZESa3O/jziE0XoLy70 -//2VOLQPfuZ07P0IEosBI4rdpYPGEtY3w9eJWHA+G6v0eObPHCHPidsSu8jC8ULJ -0a1/bCLt3kAwG2cq/sqoAYEDftlpnRrjy1+Qe1e4Li36RS2vtQ9pWD+ZOCQvatAf -6No0Uzbs3DcT7eC8DtJ0SEXEBOUqMPcW+bQ/7jVWId3yC6GPz1M1yOUiBq3Tcpm2 -EjJQb8VbiebB9XJTAFwPcopFFKZgd6PT/4hsjQcklAXuDYtisLAg/gSkTi1NHdeg -woaqKLZYXvGz7HPA1jN0s+pi7GlAi/hzihk2+x8VDQgQtYDDG8JJyeVBADzvNQpN -TUagZzbWX4e6S/fkqneEYc/IuCSERiwNdjmdEYyEuAjRn1s= -=m6W8 ------END PGP MESSAGE----- diff --git a/ReleaseNotes.md b/ReleaseNotes.md index 4395f45a..357d9132 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -14,6 +14,9 @@ This is a minor release. ### New and noteworthy * Support for Eclipse 2024-12 added * Support for Eclipse 2023-12 removed +* The plugin now uses GPG signatures. Releases are signed with + [D0BF1D737C9A1C22](https://keyserver.ubuntu.com/pks/lookup?search=D0BF1D737C9A1C22&fingerprint=on&op=index). + The full fingerprint is `EBB2 41A5 45CB 17C8 7FAC B2EB D0BF 1D73 7C9A 1C22`. ### Fixed Issues diff --git a/net.sourceforge.pmd.eclipse.p2updatesite/pom.xml b/net.sourceforge.pmd.eclipse.p2updatesite/pom.xml index 86d49021..e1543f58 100644 --- a/net.sourceforge.pmd.eclipse.p2updatesite/pom.xml +++ b/net.sourceforge.pmd.eclipse.p2updatesite/pom.xml @@ -36,4 +36,26 @@ + + + + sign + + + + org.eclipse.tycho + tycho-gpg-plugin + + + sign + + sign-p2-artifacts + + + + + + + + diff --git a/pom.xml b/pom.xml index 58731810..dee6b8ef 100644 --- a/pom.xml +++ b/pom.xml @@ -332,6 +332,14 @@ tycho-bnd-plugin ${tycho.version} + + org.eclipse.tycho + tycho-gpg-plugin + ${tycho.version} + + true + + org.apache.maven.plugins maven-checkstyle-plugin @@ -508,33 +516,5 @@ - - - sign - - - - org.apache.maven.plugins - maven-jarsigner-plugin - 3.0.0 - - eclipse-plugin - ${keystore} - ${env.CI_SIGN_PASSPHRASE} - ${env.CI_SIGN_PASSPHRASE} - http://timestamp.digicert.com - - - - sign - - sign - - - - - - -