Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 36910 invoked from network); 16 Jan 2008 06:33:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 16 Jan 2008 06:33:38 -0000 Received: (qmail 52345 invoked by uid 500); 16 Jan 2008 06:33:27 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 52310 invoked by uid 500); 16 Jan 2008 06:33:27 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 52299 invoked by uid 99); 16 Jan 2008 06:33:27 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Jan 2008 22:33:27 -0800 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of pajbam@gmail.com designates 72.14.252.154 as permitted sender) Received: from [72.14.252.154] (HELO po-out-1718.google.com) (72.14.252.154) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jan 2008 06:33:00 +0000 Received: by po-out-1718.google.com with SMTP id y22so2471701pof.0 for ; Tue, 15 Jan 2008 22:33:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; bh=4oTDPLmRztnl8sO7MGCE4OELz9jX/553JCFHNExItuU=; b=vXvzCc4q5EChEUTIm7AVG0k/vO4F8N2g2jL1wQuZoCC07oL6fpUOIdDb00unzAR8a9lF7+r+RwEYpYUoiKfMEPtw4S3HKDAA2KWm1zPQg9fRLTjLCDMQ18TQDIwkh8dqfvLMsMsKPs+sQzFBBxWzOu6tBaYrzv/DIMNS8OW7OKk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=ttj+cimRqyCf1zt9cIGdcrgoUIZZK7Pk/yv7a/mpw6PraPiUXJsC1inMIs/ib3D/0/cYesjROlCF2nidY/k2jNkBOyIPs5FqwPT+8RUBfJH/Y4ysnuzX6Fv/3U8BVGzEy8OSdt9hSMxMkqyrAE8XGuUtgIipEkzjX3kJw7MxLM4= Received: by 10.141.42.10 with SMTP id u10mr292315rvj.256.1200465185946; Tue, 15 Jan 2008 22:33:05 -0800 (PST) Received: by 10.140.192.17 with HTTP; Tue, 15 Jan 2008 22:33:05 -0800 (PST) Message-ID: <98d8c0860801152233v6dbfec7bs103ddf678fbfd173@mail.gmail.com> Date: Wed, 16 Jan 2008 07:33:05 +0100 From: "Pierre-Arnaud Marcelot" Sender: pajbam@gmail.com To: "Apache Directory Developers List" Subject: Re: [Studio] Maven Build - New jars to deploy on Studio's Maven repository In-Reply-To: <478D31ED.4010703@apache.org> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_10058_31341324.1200465185920" References: <98d8c0860801110610j5fee834bo6793cbb24722f480@mail.gmail.com> <98d8c0860801140100r55251b8awd92dba929c55f005@mail.gmail.com> <478B29BA.4060900@apache.org> <98d8c0860801140129t78b04877o6b0de868eee2dd5f@mail.gmail.com> <98d8c0860801140255h6552f8a2ke9dc471508d1be34@mail.gmail.com> <478BBC62.9070806@apache.org> <98d8c0860801150250r6b4dc2ekc85c21b31ff16e81@mail.gmail.com> <478C945A.3020301@apache.org> <98d8c0860801150319u72c44f40n657d6ab1ab3dd524@mail.gmail.com> <478D31ED.4010703@apache.org> X-Google-Sender-Auth: 88157b40575d8483 X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_10058_31341324.1200465185920 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline The META-INF/ECLIPSE.RSA seems to be the Certificate used to sign the jar. The checksums can be found in the MANIFEST.MF and the ECLIPSE.SF files. Regards, Pierre-Arnaud On Jan 15, 2008 11:21 PM, Felix Knecht wrote: > Pierre-Arnaud Marcelot schrieb: > > On Jan 15, 2008 12:09 PM, Felix Knecht > > wrote: > > > > 3=B0/ We can remove the sha and md5 checksum files from the > repository, > > but this works only if eclipse doesn't has any internal checksums. > > > > > > Unfortunaltely, the SHA1 checksum we are talking about is inside the > > jar... In the manifest and other files... > > Are we talking about i.e. org.eclipse.search_3.3.1.r331_v20070831_0800.ja= r > META-INF/ECLIPSE.RSA ? > > Looks to me as created with a Verisign Certificate (which we hardly have)= : > > cat META-INF/ECLIPSE.RSA > 10 H=F7 > 0*H=F7 > *H=F7 > 0_1<0=A5p=BA*H=F74=B68=CA{=CC=BA=BF0 > 0 UUS10U > VeriSign, Inc.1705U > 280801235959Z0_1 .Class 3 Public Primary Certification Authority0 > 0 UUS10U > VeriSign, Inc.1705U > 0=C9\Y=F2=B4=DF@=DB=E3W=AFjE@ .Class 3 Public Primary Certification Au= thority00 > > =D13=D9=D9=CF=EEX%=F7*=A8D=AA=ECx=B9=AA#}=D6=AC=A2cE=C7r'= =CC=F4L=C6uq=D29=EFOB=F0u=DF > =BBL+=CF,&O=DD=A6=FB=FC=C9=E7=B1 =CBS=A5=E7=3D=BE}=FE$E3=DCv=ED=A2qdLe.hE= =A70 > 0_10( > A=A1*H=F7=DF=CFIef8Lu=C20S=F0N=D6&=C0vW^!=F1=D1=B1=FF=E7=D0!X=CDi=E3DD9\= =DCV=ED=A2EL=E4=BB=A4=3D=F02=F1=CE=F8=E8=C9Q=E6b=E6=C0}=B7r=C96:kN=A8=FFd > 0 UUS10U > VeriSign, Inc.1705U > 140715235959Z0=B41 .Class 3 Public Primary Certification Authority0 > 0 UUS10U > VeriSign, Inc.10U > VeriSign Trust Network1;09U > 0 *H=F7 2Terms of use at > https://www.verisign.com/rpa (c)041.0,U%VeriSign Class 3 > Code Signing 2004 CA0"0 > > > > Felix > ------=_Part_10058_31341324.1200465185920 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline The META-INF/ECLIPSE.RSA seems to be the Certificate used to sign the jar.<= br>
The checksums can be found in the MANIFEST.MF and the ECLIPSE.SF fil= es.

Regards,
Pierre-Arnaud

On J= an 15, 2008 11:21 PM, Felix Knecht < felixk@apache.org> wrote:
Pierre-Arnaud Marce= lot schrieb:
> On Jan 15, 2008 12:09 PM, Felix Knecht <<= a href=3D"mailto:felixk@apache.org">felixk@apache.org
> <mailto:felixk@a= pache.org >> wrote:
>
>     3=B0/ We can remove the s= ha and md5 checksum files from the repository,
>     but th= is works only if eclipse doesn't has any internal checksums.
>>
> Unfortunaltely, the SHA1  checksum we are talking about = is inside the
> jar... In the manifest and other files...

Are we talk= ing about i.e. org.eclipse.search_3.3.1.r331_v20070831_0800.jar
META-INF= /ECLIPSE.RSA ?

Looks to me as created with a Verisign Certificate (w= hich we hardly have):

cat META-INF/ECLIPSE.RSA
10      H=F7
0*H=F7        *H=F7
0_1<0=A5p=BA*H=F74=B68=CA{=CC=BA= =BF0
   0    UUS10U
VeriSign, Inc.1705U
28080= 1235959Z0_1   .Class 3 Public Primary Certification Authority0
&nb= sp;               0      = UUS10U
VeriSign, Inc.1705U
0=C9\Y=F2=B4=DF@=DB=E3W=AFjE@    .Clas= s 3 Public Primary Certification Authority00

      &= nbsp;        =D13=D9=D9=CF=EEX%=F7*=A8D=AA=ECx=B9=AA#}= =D6=AC=A2cE=C7r'=CC=F4L=C6uq=D29=EFOB=F0u=DF
=BBL+=CF,&O=DD=A6= =FB=FC=C9=E7=B1 =CBS=A5=E7=3D=BE}=FE$E3=DCv=ED=A2qdLe.hE=A70
0_10( A=A1*= H=F7=DF=CFIef8Lu=C20S=F0N=D6&=C0vW^!=F1=D1=B1=FF=E7=D0!X=CDi=E3DD9\=DCV= =ED=A2EL=E4=BB=A4=3D=F02=F1=CE=F8=E8=C9Q=E6b=E6=C0}=B7r=C96:kN=A8=FFd
   0    UUS10U
VeriSign, Inc.1705U
140715235= 959Z0=B41   .Class 3 Public Primary Certification Authority0
 = ;               0       U= US10U
VeriSign, Inc.10U
            &n= bsp;    VeriSign Trust Network1;09U
0       *H=F7             &nbs= p;                   2Terms of= use at https://= www.verisign.com/rpa (c)041.0,U%VeriSign Class 3
Code Signing 2004 C= A0"0

<snip />

Felix

------=_Part_10058_31341324.1200465185920--