www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Code signing
Date Tue, 23 Sep 2014 14:20:36 GMT
On 22/09/2014 21:39, Raymond DeCampo wrote:
> Mark,
> 
> Do you have any documentation on the web service that is being used to
> sign the code?

I do, but it was under an NDA. Symantec were going to relax that so we
could share the API information. Let me check where we are with that.

Also, I'm moving this discussion to the appropriate list -
infrastructure-dev@apache.org. Please subscribe to that list.

Mark


> 
> Thanks,
> Ray
> 
> On Fri, Sep 12, 2014 at 2:42 PM, Mark Thomas <markt@apache.org
> <mailto:markt@apache.org>> wrote:
> 
>     On 12/09/2014 19:34, Raymond DeCampo wrote:
>     > Mark,
>     >
>     > I haven't coded a maven plugin before but I am willing to figure it out
>     > as I have been looking for some way to contribute.
>     >
>     > Just dump me whatever information/code you have and I will take it from
>     > there.  Given you have an ANT plug in already working I don't anticipate
>     > it will be too difficult.
> 
>     Thanks for the offer. Am I correct in thinking you aren't an Apache
>     Committer? Getting you access to the test instance in that case might be
>     a little tricky. We can cross that bridge when we come to it.
> 
>     The Ant task is here:
>     http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/buildutil/SignCode.java?view=annotate
> 
>     It does have an issue in that it loads the Base64 of the zip of of the
>     files to be signed into memory. It would be much better if it was
>     streamed. If you fancy taking at a look at that first...
> 
>     > Although, I did want to ask if ASF has any existing maven plugins so I
>     > can stay consistent with the established style.
> 
>     This is going to be an infrastructure tool and we don't have any Maven
>     plugins I am aware of. To be perfectly honest I am far more concerned
>     about getting something working than style.
> 
>     We should probably continue this on a list somewhere. Let me figure out
>     which one is best.
> 
>     Mark
> 
> 
>     >
>     > Thanks,
>     > Ray
>     >
>     >
>     > On Thu, Sep 11, 2014 at 3:05 PM, Mark Thomas <markt@apache.org <mailto:markt@apache.org>
>     > <mailto:markt@apache.org <mailto:markt@apache.org>>> wrote:
>     >
>     >     All,
>     >
>     >     You may be aware that the ASF infra team has been working on
>     getting a
>     >     code signing service set up.
>     >
>     >     The test project for this is Apache Tomcat and we are at the
>     point where
>     >     we are ready to do our first real signing. So why am I writing
>     to the
>     >     Commons dev list? Daemon.
>     >
>     >     Tomcat uses Commons Daemon so we'd like to build the signed Tomcat
>     >     release with signed Commons Daemon binaries. I have the
>     signing for the
>     >     Tomcat build automated but the Commons one is manual for now
>     so there
>     >     are no tools to check in.
>     >
>     >     The ASF will eventually need a Maven plugin to do signing as
>     part of the
>     >     build. If anyone would like volunteer (I have a simple Ant plug-in
>     >     written) let me know.
>     >
>     >     Shortly I will be starting a release vote for a signed version of
>     >     Commons Daemon 1.0.15. This will be exactly the same as the
>     binaries we
>     >     have already shipped apart from that the Windows binaries in the
>     >     packages will be signed executables. I plan to stage them
>     alongside the
>     >     existing 1.0.15 binaries rather than replace them. Eventually,
>     I expect
>     >     the Daemon release process to generate signed binaries.
>     >
>     >     Any questions, just ask.
>     >
>     >     Mark
>     >
>     >   
>      ---------------------------------------------------------------------
>     >     To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>     <mailto:dev-unsubscribe@commons.apache.org>
>     >     <mailto:dev-unsubscribe@commons.apache.org
>     <mailto:dev-unsubscribe@commons.apache.org>>
>     >     For additional commands, e-mail: dev-help@commons.apache.org <mailto:dev-help@commons.apache.org>
>     >     <mailto:dev-help@commons.apache.org
>     <mailto:dev-help@commons.apache.org>>
>     >
>     >
> 
> 


Mime
View raw message