diff --git a/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java b/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java index 62639d8486..994e081570 100644 --- a/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java +++ b/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java @@ -16,6 +16,7 @@ import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.plugin.MojoFailureException; +import org.apache.maven.plugin.logging.Log; import org.apache.maven.plugins.annotations.Component; import org.apache.maven.plugins.annotations.LifecyclePhase; import org.apache.maven.plugins.annotations.Mojo; @@ -231,11 +232,13 @@ public void execute() throws MojoExecutionException, MojoFailureException { private void handle(IArtifactDescriptor artifactDescriptor, File artifact, ProxySignerWithPublicKeyAccess signer, KeyStore allKeys) { + Log log = getLog(); if (artifact != null) { var existingKeys = artifactDescriptor.getProperty(PGPSignatureVerifier.PGP_SIGNER_KEYS_PROPERTY_NAME); var existingSignatures = artifactDescriptor.getProperty(PGPSignatureVerifier.PGP_SIGNATURES_PROPERTY_NAME); if (existingSignatures != null && pgpKeyBehavior == PGPKeyBehavior.skip) { + log.debug(artifact + " is already pgp signed and these should be skipped!"); return; } @@ -245,6 +248,7 @@ private void handle(IArtifactDescriptor artifactDescriptor, File artifact, Proxy var classifier = artifactKey.getClassifier(); var isBinary = "binary".equals(classifier); if (skipBinaries && isBinary) { + log.debug(artifact + " is a binary and these should be skipped!"); return; } @@ -253,11 +257,14 @@ private void handle(IArtifactDescriptor artifactDescriptor, File artifact, Proxy var signedContent = signedContentFactory.getSignedContent(artifact); if (signedContent.isSigned()) { if (skipIfJarsigned) { + log.debug(artifact + " is already signed and signed jars should be skipped!"); return; } if (skipIfJarsignedAndAnchored) { for (var signerInfo : signedContent.getSignerInfos()) { if (signerInfo.getTrustAnchor() != null) { + log.debug(artifact + + " is already signed and signed jars should be skipped if anchored!"); return; } } @@ -265,6 +272,7 @@ private void handle(IArtifactDescriptor artifactDescriptor, File artifact, Proxy } } catch (Exception e) { //$FALL-THROUGH$ Treat as unsigned. + log.error("Can't check signature " + artifact + " :: " + e, e); } } } @@ -294,6 +302,8 @@ private void handle(IArtifactDescriptor artifactDescriptor, File artifact, Proxy } catch (MojoExecutionException | IOException e) { throw new RuntimeException(e.getMessage(), e); } + } else { + log.error("No artifact file for " + artifactDescriptor); } } } diff --git a/tycho-its/src/test/java/org/eclipse/tycho/test/pgp/TestPGPSigning.java b/tycho-its/src/test/java/org/eclipse/tycho/test/pgp/TestPGPSigning.java index fc93e0992a..1841234b11 100644 --- a/tycho-its/src/test/java/org/eclipse/tycho/test/pgp/TestPGPSigning.java +++ b/tycho-its/src/test/java/org/eclipse/tycho/test/pgp/TestPGPSigning.java @@ -13,7 +13,10 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; +import java.io.File; import java.io.IOException; import java.io.OutputStream; import java.net.URL; @@ -26,6 +29,7 @@ import java.util.LinkedHashMap; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Set; import java.util.TreeMap; import java.util.TreeSet; @@ -43,11 +47,18 @@ import org.codehaus.plexus.util.xml.Xpp3DomBuilder; import org.codehaus.plexus.util.xml.pull.XmlPullParserException; import org.eclipse.equinox.p2.repository.spi.PGPPublicKeyService; +import org.eclipse.osgi.launch.EquinoxFactory; +import org.eclipse.osgi.signedcontent.SignedContent; +import org.eclipse.osgi.signedcontent.SignedContentFactory; import org.eclipse.tycho.gpg.BouncyCastleSigner; import org.eclipse.tycho.gpg.KeyStore; import org.eclipse.tycho.gpg.SignatureStore; import org.eclipse.tycho.test.AbstractTychoIntegrationTest; import org.junit.Test; +import org.osgi.framework.BundleContext; +import org.osgi.framework.BundleException; +import org.osgi.framework.launch.Framework; +import org.osgi.util.tracker.ServiceTracker; import org.tukaani.xz.XZInputStream; public class TestPGPSigning extends AbstractTychoIntegrationTest { @@ -138,17 +149,18 @@ public void testSigning() throws Exception { verifier.setSystemProperty("test.signer", "gpg"); verify(verifier); - var data = verifySignatures(verifier); + try (var data = verifySignatures(verifier)) { + assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); - assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); + assertEquals( + "[bcpg, bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - assertEquals( - "[bcpg, bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - - Set signedIUs = data.signedIUs.keySet(); - assertEquals("[bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); + Set signedIUs = data.signedIUs.keySet(); + assertEquals( + "[bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); + } } @Test @@ -157,17 +169,18 @@ public void testSigningWithBouncyCastle() throws Exception { verifier.setSystemProperty("test.signer", "bc"); verify(verifier); - var data = verifySignatures(verifier); + try (var data = verifySignatures(verifier)) { + assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); - assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); + assertEquals( + "[bcpg, bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - assertEquals( - "[bcpg, bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - - Set signedIUs = data.signedIUs.keySet(); - assertEquals("[bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); + Set signedIUs = data.signedIUs.keySet(); + assertEquals( + "[bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); + } } @Test @@ -179,18 +192,19 @@ public void testSigningWithBouncyCastleWithDirectlyLoadedSecretKeys() throws Exc verifier.setSystemProperty("tycho.pgp.signer.bc.secretKeys", PGP_SECRET_KEYS.toString()); verify(verifier); - var data = verifySignatures(verifier); + try (var data = verifySignatures(verifier)) { + assertEquals(Set.of(PRIMARY_KEY_FINGERPRINT).toString(), data.repositoryKeys.toString(), + "Exactly this one key is expected"); - assertEquals(Set.of(PRIMARY_KEY_FINGERPRINT).toString(), data.repositoryKeys.toString(), - "Exactly this one key is expected"); + assertEquals( + "[bcpg, bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - assertEquals( - "[bcpg, bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - - Set signedIUs = data.signedIUs.keySet(); - assertEquals("[bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); + Set signedIUs = data.signedIUs.keySet(); + assertEquals( + "[bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); + } } @Test @@ -203,18 +217,19 @@ public void testSigningWithBouncyCastleWithDirectlyLoadedSecretKeysAndSpecifiedK verifier.setSystemProperty("tycho.pgp.signer.bc.secretKeys", PGP_SECRET_KEYS.toString()); verify(verifier); - var data = verifySignatures(verifier); - - assertEquals(Set.of(SECONDARY_KEY_FINGERPRINT).toString(), data.repositoryKeys.toString(), - "Exactly this one key is expected"); + try (var data = verifySignatures(verifier)) { + assertEquals(Set.of(SECONDARY_KEY_FINGERPRINT).toString(), data.repositoryKeys.toString(), + "Exactly this one key is expected"); - assertEquals( - "[bcpg, bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); + assertEquals( + "[bcpg, bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - Set signedIUs = data.signedIUs.keySet(); - assertEquals("[bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); + Set signedIUs = data.signedIUs.keySet(); + assertEquals( + "[bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); + } } @Test @@ -222,19 +237,37 @@ public void testSigningSkipIfJarSignedAndAnchored() throws Exception { var verifier = createVerifier(); verifier.setSystemProperty("test.skipIfJarsigned", "false"); verify(verifier); + try (Data data = verifySignatures(verifier)) { + assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); + + String fullLog = getLog(verifier); + assertAllArtifactsJarSigned(data, data.unsignedIUs, true, + "artifact %s is not jar signed and anchored but was not pgp signed", fullLog); + assertAllArtifactsNotJarSigned(data, data.signedIUs.keySet(), true, + "artifact %s is jar signed and anchored but was pgp signed", fullLog); + Set skipped = data.getSkipped(); + assertEquals(1, skipped.size(), skipped.toString() + fullLog); + } + } - var data = verifySignatures(verifier); - - assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); - - assertEquals( - "[org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); + public void assertAllArtifactsJarSigned(Data data, Set artifacts, boolean anchored, String msg, String log) + throws Exception { + assertFalse(artifacts.isEmpty(), + "There should be some items to be checked" + Objects.requireNonNullElse(log, "")); + for (String artifact : artifacts) { + assertTrue(data.isJarSigned(artifact, anchored), + String.format(msg, artifact) + Objects.requireNonNullElse(log, "")); + } + } - Set signedIUs = data.signedIUs.keySet(); - assertEquals( - "[bcpg, bcpg.source, bcprov, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); + public void assertAllArtifactsNotJarSigned(Data data, Set artifacts, boolean anchored, String msg, + String log) throws Exception { + assertFalse(artifacts.isEmpty(), + "There should be some items to be checked" + Objects.requireNonNullElse(log, "")); + for (String artifact : artifacts) { + assertFalse(data.isJarSigned(artifact, anchored), + String.format(msg, artifact) + Objects.requireNonNullElse(log, "")); + } } @Test @@ -244,18 +277,18 @@ public void testSigningBinaries() throws Exception { verifier.setSystemProperty("test.skipBinaries", "false"); verify(verifier); - var data = verifySignatures(verifier); - - assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); + try (var data = verifySignatures(verifier, true)) { + assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); - assertEquals( - "[org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); + assertEquals( + "[org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - Set signedIUs = data.signedIUs.keySet(); - assertEquals( - "[bcpg, bcpg.source, bcprov, bcprov.source, org.eclipse.platform_root, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); + Set signedIUs = data.signedIUs.keySet(); + assertEquals( + "[bcpg, bcpg.source, bcprov, bcprov.source, org.eclipse.platform_root, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); + } } @Test @@ -265,18 +298,18 @@ public void testForceSigning() throws Exception { verifier.setSystemProperty("test.forceSignature", "bcpg"); verify(verifier); - var data = verifySignatures(verifier); - - assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); + try (var data = verifySignatures(verifier)) { + assertEquals(1, data.repositoryKeys.size(), "Exactly one key is expected"); - assertEquals( - "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); + assertEquals( + "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - Set signedIUs = data.signedIUs.keySet(); - assertEquals( - "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); + Set signedIUs = data.signedIUs.keySet(); + assertEquals( + "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); + } } @Test @@ -294,23 +327,24 @@ public void testResigningMerge() throws Exception { verifier.setSystemProperty("gpg-keyname-2", SECONDARY_KEY_NAME); verify(verifier); - var data = verifySignatures(verifier); + try (var data = verifySignatures(verifier)) { + var expectedFingerprints = KEY_FINGERPRINTS.toString(); + assertEquals(expectedFingerprints, data.repositoryKeys.toString(), "Exactly these two keys are expected"); - var expectedFingerprints = KEY_FINGERPRINTS.toString(); - assertEquals(expectedFingerprints, data.repositoryKeys.toString(), "Exactly these two keys are expected"); + assertEquals( + "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - assertEquals( - "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); + var signedIUs = data.signedIUs.keySet(); + for (var fingerprints : data.signedIUs.values()) { + assertEquals(expectedFingerprints, fingerprints.toString(), + "Expecting two merged signature fingerprints."); + } - var signedIUs = data.signedIUs.keySet(); - for (var fingerprints : data.signedIUs.values()) { - assertEquals(expectedFingerprints, fingerprints.toString(), "Expecting two merged signature fingerprints."); + assertEquals( + "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); } - - assertEquals( - "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); } @Test @@ -328,23 +362,24 @@ public void testResigningMergeSameKey() throws Exception { verifier.setSystemProperty("gpg-keyname-2", PRIMARY_KEY_NAME); verify(verifier); - var data = verifySignatures(verifier); + try (var data = verifySignatures(verifier)) { + var expectedFingerprints = Set.of(PRIMARY_KEY_FINGERPRINT).toString(); + assertEquals(expectedFingerprints, data.repositoryKeys.toString(), "Exactly these two keys are expected"); - var expectedFingerprints = Set.of(PRIMARY_KEY_FINGERPRINT).toString(); - assertEquals(expectedFingerprints, data.repositoryKeys.toString(), "Exactly these two keys are expected"); + assertEquals( + "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - assertEquals( - "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); + var signedIUs = data.signedIUs.keySet(); + for (var fingerprints : data.signedIUs.values()) { + assertEquals(expectedFingerprints, fingerprints.toString(), + "Expecting two merged signature fingerprints."); + } - var signedIUs = data.signedIUs.keySet(); - for (var fingerprints : data.signedIUs.values()) { - assertEquals(expectedFingerprints, fingerprints.toString(), "Expecting two merged signature fingerprints."); + assertEquals( + "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); } - - assertEquals( - "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); } @Test @@ -362,24 +397,25 @@ public void testResigningReplace() throws Exception { verifier.setSystemProperty("gpg-keyname-2", SECONDARY_KEY_NAME); verify(verifier); - var data = verifySignatures(verifier); + try (var data = verifySignatures(verifier)) { + var expectedFingerprints = Set.of(SECONDARY_KEY_FINGERPRINT).toString(); + assertEquals(expectedFingerprints, data.repositoryKeys.toString(), + "Exactly the one replacement key is expected"); - var expectedFingerprints = Set.of(SECONDARY_KEY_FINGERPRINT).toString(); - assertEquals(expectedFingerprints, data.repositoryKeys.toString(), - "Exactly the one replacement key is expected"); + assertEquals( + "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - assertEquals( - "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); + var signedIUs = data.signedIUs.keySet(); + for (var fingerprints : data.signedIUs.values()) { + assertEquals(expectedFingerprints, fingerprints.toString(), + "Expecting replaced signature fingerprint."); + } - var signedIUs = data.signedIUs.keySet(); - for (var fingerprints : data.signedIUs.values()) { - assertEquals(expectedFingerprints, fingerprints.toString(), "Expecting replaced signature fingerprint."); + assertEquals( + "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); } - - assertEquals( - "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); } @Test @@ -397,42 +433,117 @@ public void testResigningSkip() throws Exception { verifier.setSystemProperty("gpg-keyname-2", SECONDARY_KEY_NAME); verify(verifier); - var data = verifySignatures(verifier); + try (var data = verifySignatures(verifier)) { + var expectedFingerprints = Set.of(PRIMARY_KEY_FINGERPRINT).toString(); + assertEquals(expectedFingerprints, data.repositoryKeys.toString(), + "Exactly the one orginal key is expected"); - var expectedFingerprints = Set.of(PRIMARY_KEY_FINGERPRINT).toString(); - assertEquals(expectedFingerprints, data.repositoryKeys.toString(), "Exactly the one orginal key is expected"); + assertEquals( + "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source]", + data.unsignedIUs.toString(), "Unexpected unsigned IUs."); - assertEquals( - "[bcprov, org.eclipse.equinox.common, org.eclipse.equinox.common.source, org.eclipse.osgi, org.eclipse.osgi.source, org.eclipse.platform_root]", - data.unsignedIUs.toString(), "Unexpected unsigned IUs."); + var signedIUs = data.signedIUs.keySet(); + for (var fingerprints : data.signedIUs.values()) { + assertEquals(expectedFingerprints, fingerprints.toString(), + "Expecting the first signature fingerprints."); + } - var signedIUs = data.signedIUs.keySet(); - for (var fingerprints : data.signedIUs.values()) { - assertEquals(expectedFingerprints, fingerprints.toString(), "Expecting the first signature fingerprints."); + assertEquals( + "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", + signedIUs.toString(), "Unexpected signed IUs."); } - - assertEquals( - "[bcpg, bcpg.source, bcprov.source, org.eclipse.tycho.maven.all, org.eclipse.tycho.maven.all.source]", - signedIUs.toString(), "Unexpected signed IUs."); } - private static class Data { + private static class Data implements AutoCloseable { public final Set repositoryKeys = new TreeSet<>(); public final Set allIUs = new TreeSet<>(); public final Map> signedIUs = new TreeMap<>(); public final Set unsignedIUs = new TreeSet<>(); + private Path repository; + private Framework framework; + private SignedContentFactory service; + + public Data(Path repository) { + this.repository = repository; + } + + public Set getSkipped() { + TreeSet set = new TreeSet<>(allIUs); + set.removeAll(unsignedIUs); + set.removeAll(signedIUs.keySet()); + return set; + } + + public Path getArtifact(String name) { + File[] files = assertFileExists(repository.toFile(), "**/" + name + "_*"); + return files[0].toPath(); + } @Override public String toString() { return "Data [repositoryKeys=" + repositoryKeys + ", allIUs=" + allIUs + ", signedIUs=" + signedIUs + ", unsignedIUs=" + unsignedIUs + "]"; } + + public SignedContentFactory getSignedContentFactory() { + try { + if (framework == null) { + framework = new EquinoxFactory() + .newFramework(Map.of("osgi.instance.area", repository + File.separator + "instance")); + framework.init(); + framework.start(); + } + if (service == null) { + BundleContext bundleContext = framework.getBundleContext(); + ServiceTracker tracker = new ServiceTracker<>( + bundleContext, SignedContentFactory.class, null); + tracker.open(); + service = tracker.getService(); + } + return service; + } catch (Exception e) { + throw new AssertionError("Loading OSGi Framework failed", e); + } + } + + public boolean isJarSigned(String artifact, boolean anchored) throws Exception { + Path path = getArtifact(artifact); + SignedContent signedContent = getSignedContentFactory().getSignedContent(path.toFile()); + if (signedContent.isSigned()) { + if (anchored) { + for (var signerInfo : signedContent.getSignerInfos()) { + if (signerInfo.getTrustAnchor() != null) { + return true; + } + } + } else { + return true; + } + + } + return false; + } + + @Override + public void close() { + if (framework != null) { + try { + framework.stop(); + } catch (BundleException e) { + } + } + } + } private Data verifySignatures(Verifier verifier) throws Exception { - var data = new Data(); + return verifySignatures(verifier, true); + } + + private Data verifySignatures(Verifier verifier, boolean skipBinaries) throws Exception { var basedir = verifier.getBasedir(); var repository = Path.of(basedir, "site/target/repository"); + var data = new Data(repository); Xpp3Dom xzDOM; try (var stream = new XZInputStream(Files.newInputStream(repository.resolve("artifacts.xml.xz")))) { xzDOM = Xpp3DomBuilder.build(stream, StandardCharsets.UTF_8.displayName()); @@ -459,9 +570,10 @@ private Data verifySignatures(Verifier verifier) throws Exception { var id = artifact.getAttribute("id"); var version = artifact.getAttribute("version"); var classifier = artifact.getAttribute("classifier"); - data.allIUs.add(id); - + if ("binary".equals(classifier) && skipBinaries) { + continue; + } var properties = getProperties(artifact); var key = properties.get("pgp.publicKeys"); var signature = properties.get("pgp.signatures"); diff --git a/tycho-testing-harness/src/main/java/org/eclipse/tycho/test/AbstractTychoIntegrationTest.java b/tycho-testing-harness/src/main/java/org/eclipse/tycho/test/AbstractTychoIntegrationTest.java index 3e71c90c0c..ee3761877b 100644 --- a/tycho-testing-harness/src/main/java/org/eclipse/tycho/test/AbstractTychoIntegrationTest.java +++ b/tycho-testing-harness/src/main/java/org/eclipse/tycho/test/AbstractTychoIntegrationTest.java @@ -210,7 +210,7 @@ protected String getTychoVersion() { * the pattern to match * @return an array of matching files (will contain at least one file) */ - protected File[] assertFileExists(File baseDir, String pattern) { + public static File[] assertFileExists(File baseDir, String pattern) { DirectoryScanner ds = scan(baseDir, pattern); File[] includedFiles = Arrays.stream(ds.getIncludedFiles()).map(file -> new File(baseDir, file)) .toArray(File[]::new); @@ -252,7 +252,7 @@ protected String toURI(File file) throws IOException { } public static void verifyTextInLogMatches(Verifier verifier, Pattern pattern) throws VerificationException { - List lines = verifier.loadFile(verifier.getBasedir(), verifier.getLogFileName(), false); + List lines = getLogLines(verifier); for (String line : lines) { if (pattern.matcher(Verifier.stripAnsi(line)).find()) { @@ -263,7 +263,7 @@ public static void verifyTextInLogMatches(Verifier verifier, Pattern pattern) th } public static void verifyTextNotInLog(Verifier verifier, String text) throws VerificationException { - List lines = verifier.loadFile(verifier.getBasedir(), verifier.getLogFileName(), false); + List lines = getLogLines(verifier); for (String line : lines) { if (Verifier.stripAnsi(line).contains(text)) { @@ -272,6 +272,15 @@ public static void verifyTextNotInLog(Verifier verifier, String text) throws Ver } } + public static List getLogLines(Verifier verifier) throws VerificationException { + return verifier.loadFile(verifier.getBasedir(), verifier.getLogFileName(), false); + } + + public static String getLog(Verifier verifier) throws VerificationException { + String fullLog = getLogLines(verifier).stream().collect(Collectors.joining(System.lineSeparator())); + return "\n\n=================== MAVEN LOG =======================\n\n" + fullLog; + } + /** * Variant of verifyErrorFreeLog that do not skip stacktraces * @@ -279,7 +288,7 @@ public static void verifyTextNotInLog(Verifier verifier, String text) throws Ver * @throws VerificationException */ protected static void verifyErrorFreeLog(Verifier verifier) throws VerificationException { - List lines = verifier.loadFile(verifier.getBasedir(), verifier.getLogFileName(), false); + List lines = getLogLines(verifier); int size = lines.size(); Pattern pattern = Pattern.compile("\\[\\w+\\]"); for (int i = 0; i < size; i++) {