Eclipse distro JAR and EXE signing

Author: BoykoAlex

eclipse-distribution/org.springframework.boot.ide.product.e425/pom.xml

@@ -350,24 +350,31 @@
 
 								<taskdef resource="net/sf/antcontrib/antcontrib.properties" />
 
-								<exec executable="osslsigncode" failonerror="true">
-									<arg value="sign"/>
-									<arg value="-pkcs12"/>
-									<arg value="${env.WIN_KEY_LOCATION}"/>
-									<arg value="-pass"/>
-									<arg value="${env.bamboo_vault_signing_passphrase}"/>
-									<arg value="-n"/>
-									<arg value="Spring Tools 4"/>
-								    <arg value="-i"/>
-								    <arg value="https://spring.io"/>
-								    <arg value="-t"/>
-								    <arg value="http://timestamp.digicert.com"/>
-									<arg value="-in"/>
+								<exec executable="${project.parent.basedir}/scripts/sign-exe.sh" failonerror="true">
+									<env key="SSH_USER" path="${vm-signing.ssh.user}" />
+									<env key="SSH_KEY" path="${vm-signing.ssh.key}" />
+									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
 									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
-									<arg value="-out"/>
-								    <arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
 								</exec>
 
+<!--								<exec executable="osslsigncode" failonerror="true">-->
+<!--									<arg value="sign"/>-->
+<!--									<arg value="-pkcs12"/>-->
+<!--									<arg value="${env.WIN_KEY_LOCATION}"/>-->
+<!--									<arg value="-pass"/>-->
+<!--									<arg value="${env.bamboo_vault_signing_passphrase}"/>-->
+<!--									<arg value="-n"/>-->
+<!--									<arg value="Spring Tools 4"/>-->
+<!--								    <arg value="-i"/>-->
+<!--								    <arg value="https://spring.io"/>-->
+<!--								    <arg value="-t"/>-->
+<!--								    <arg value="http://timestamp.digicert.com"/>-->
+<!--									<arg value="-in"/>-->
+<!--									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>-->
+<!--									<arg value="-out"/>-->
+<!--								    <arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>-->
+<!--								</exec>-->
+
 							</target>
 						</configuration>
 						<goals>

eclipse-distribution/org.springframework.boot.ide.product.e426/pom.xml

@@ -362,24 +362,31 @@
 
 								<taskdef resource="net/sf/antcontrib/antcontrib.properties" />
 
-								<exec executable="osslsigncode" failonerror="true">
-									<arg value="sign"/>
-									<arg value="-pkcs12"/>
-									<arg value="${env.WIN_KEY_LOCATION}"/>
-									<arg value="-pass"/>
-									<arg value="${env.bamboo_vault_signing_passphrase}"/>
-									<arg value="-n"/>
-									<arg value="Spring Tools 4"/>
-								    <arg value="-i"/>
-								    <arg value="https://spring.io"/>
-								    <arg value="-t"/>
-								    <arg value="http://timestamp.digicert.com"/>
-									<arg value="-in"/>
+								<exec executable="${project.parent.basedir}/scripts/sign-exe.sh" failonerror="true">
+									<env key="SSH_USER" path="${vm-signing.ssh.user}" />
+									<env key="SSH_KEY" path="${vm-signing.ssh.key}" />
+									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
 									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
-									<arg value="-out"/>
-								    <arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
 								</exec>
 
+<!--								<exec executable="osslsigncode" failonerror="true">-->
+<!--									<arg value="sign"/>-->
+<!--									<arg value="-pkcs12"/>-->
+<!--									<arg value="${env.WIN_KEY_LOCATION}"/>-->
+<!--									<arg value="-pass"/>-->
+<!--									<arg value="${env.bamboo_vault_signing_passphrase}"/>-->
+<!--									<arg value="-n"/>-->
+<!--									<arg value="Spring Tools 4"/>-->
+<!--								    <arg value="-i"/>-->
+<!--								    <arg value="https://spring.io"/>-->
+<!--								    <arg value="-t"/>-->
+<!--								    <arg value="http://timestamp.digicert.com"/>-->
+<!--									<arg value="-in"/>-->
+<!--									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>-->
+<!--									<arg value="-out"/>-->
+<!--								    <arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>-->
+<!--								</exec>-->
+
 							</target>
 						</configuration>
 						<goals>

eclipse-distribution/org.springframework.boot.ide.product.e427/pom.xml

@@ -362,24 +362,31 @@
 
 								<taskdef resource="net/sf/antcontrib/antcontrib.properties" />
 
-								<exec executable="osslsigncode" failonerror="true">
-									<arg value="sign"/>
-									<arg value="-pkcs12"/>
-									<arg value="${env.WIN_KEY_LOCATION}"/>
-									<arg value="-pass"/>
-									<arg value="${env.bamboo_vault_signing_passphrase}"/>
-									<arg value="-n"/>
-									<arg value="Spring Tools 4"/>
-								    <arg value="-i"/>
-								    <arg value="https://spring.io"/>
-								    <arg value="-t"/>
-								    <arg value="http://timestamp.digicert.com"/>
-									<arg value="-in"/>
+								<exec executable="${project.parent.basedir}/scripts/sign-exe.sh" failonerror="true">
+									<env key="SSH_USER" path="${vm-signing.ssh.user}" />
+									<env key="SSH_KEY" path="${vm-signing.ssh.key}" />
+									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
 									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
-									<arg value="-out"/>
-								    <arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
 								</exec>
 
+<!--								<exec executable="osslsigncode" failonerror="true">-->
+<!--									<arg value="sign"/>-->
+<!--									<arg value="-pkcs12"/>-->
+<!--									<arg value="${env.WIN_KEY_LOCATION}"/>-->
+<!--									<arg value="-pass"/>-->
+<!--									<arg value="${env.bamboo_vault_signing_passphrase}"/>-->
+<!--									<arg value="-n"/>-->
+<!--									<arg value="Spring Tools 4"/>-->
+<!--								    <arg value="-i"/>-->
+<!--								    <arg value="https://spring.io"/>-->
+<!--								    <arg value="-t"/>-->
+<!--								    <arg value="http://timestamp.digicert.com"/>-->
+<!--									<arg value="-in"/>-->
+<!--									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>-->
+<!--									<arg value="-out"/>-->
+<!--								    <arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>-->
+<!--								</exec>-->
+
 							</target>
 						</configuration>
 						<goals>

eclipse-distribution/org.springframework.boot.ide.product.e428/pom.xml

@@ -362,24 +362,31 @@
 
 								<taskdef resource="net/sf/antcontrib/antcontrib.properties" />
 
-								<exec executable="osslsigncode" failonerror="true">
-									<arg value="sign"/>
-									<arg value="-pkcs12"/>
-									<arg value="${env.WIN_KEY_LOCATION}"/>
-									<arg value="-pass"/>
-									<arg value="${env.bamboo_vault_signing_passphrase}"/>
-									<arg value="-n"/>
-									<arg value="Spring Tools 4"/>
-								    <arg value="-i"/>
-								    <arg value="https://spring.io"/>
-								    <arg value="-t"/>
-								    <arg value="http://timestamp.digicert.com"/>
-									<arg value="-in"/>
+								<exec executable="${project.parent.basedir}/scripts/sign-exe.sh" failonerror="true">
+									<env key="SSH_USER" path="${vm-signing.ssh.user}" />
+									<env key="SSH_KEY" path="${vm-signing.ssh.key}" />
+									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
 									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
-									<arg value="-out"/>
-								    <arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>
 								</exec>
 
+<!--								<exec executable="osslsigncode" failonerror="true">-->
+<!--									<arg value="sign"/>-->
+<!--									<arg value="-pkcs12"/>-->
+<!--									<arg value="${env.WIN_KEY_LOCATION}"/>-->
+<!--									<arg value="-pass"/>-->
+<!--									<arg value="${env.bamboo_vault_signing_passphrase}"/>-->
+<!--									<arg value="-n"/>-->
+<!--									<arg value="Spring Tools 4"/>-->
+<!--								    <arg value="-i"/>-->
+<!--								    <arg value="https://spring.io"/>-->
+<!--								    <arg value="-t"/>-->
+<!--								    <arg value="http://timestamp.digicert.com"/>-->
+<!--									<arg value="-in"/>-->
+<!--									<arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>-->
+<!--									<arg value="-out"/>-->
+<!--								    <arg value="${project.build.directory}/products/org.springframework.boot.ide.branding.sts4/win32/win32/x86_64/sts-${unqualifiedVersion}.${p2.qualifier}/SpringToolSuite4.exe"/>-->
+<!--								</exec>-->
+
 							</target>
 						</configuration>
 						<goals>

eclipse-distribution/pom.xml

@@ -95,6 +95,9 @@
 		<encoding>UTF-8</encoding>
 
 		<misc.p2.repo.version>3.9.4.202211021051</misc.p2.repo.version>
+
+		<vm-signing.ssh.user>signer</vm-signing.ssh.user>
+		<vm-signing.ssh.key>/home/bamboo/.ssh/id_rsa</vm-signing.ssh.key>
 	</properties>
 
 	<profiles>
@@ -147,6 +150,32 @@
 			</properties>
 		</profile>
 
+		<profile>
+			<id>vm-signing</id>
+			<build>
+				<plugins>
+					<plugin>
+						<artifactId>exec-maven-plugin</artifactId>
+						<groupId>org.codehaus.mojo</groupId>
+						<executions>
+							<execution>
+								<id>VM JAR Sign</id>
+								<phase>package</phase>
+								<goals>
+									<goal>exec</goal>
+								</goals>
+							</execution>
+						</executions>
+						<configuration>
+							<arguments>
+								<argument>${project.build.directory}</argument>
+							</arguments>
+						</configuration>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+
 		<profile>
 			<id>e425</id>
 			<properties>
@@ -866,6 +895,18 @@
 					</dependencies>
 				</plugin>
 
+				<plugin>
+					<artifactId>exec-maven-plugin</artifactId>
+					<groupId>org.codehaus.mojo</groupId>
+					<configuration>
+						<executable>scripts/sign-jars.sh</executable>
+						<environmentVariables>
+							<SSH_USER>${vm-signing.ssh.user}</SSH_USER>
+							<SSH_KEY>${vm-signing.ssh.key}</SSH_KEY>
+						</environmentVariables>
+					</configuration>
+				</plugin>
+
 			</plugins>
 		</pluginManagement>
 	</build>

eclipse-distribution/scripts/sign-exe.sh

@@ -0,0 +1,16 @@
+set -e
+in_file=$1
+out_file=$2
+
+in_filename="$(basename -- $in_file)"
+
+echo "Copying $in_filename to remote machine..."
+scp -i $SSH_KEY $in_file $SSH_USER@vm-tools.spring.vmware.com:/opt/bamboo
+echo "Signing $in_filename..."
+ssh -i $SSH_KEY $SSH_USER@vm-tools.spring.vmware.com -- /build/apps/signing/signserver/signc -v --input=/opt/bamboo/$in_filename --keyid=authenticode_SHA2 --signmethod="winddk-8.1" --output=/opt/bamboo/$in_filename --hash sha256
+echo "Copying **signed** $in_filename back... (into $out_file)"
+scp -i $SSH_KEY $SSH_USER@vm-tools.spring.vmware.com:/opt/bamboo/$in_filename $out_file
+echo "Cleaning up remote machine..."
+ssh -i $SSH_KEY $SSH_USER@vm-tools.spring.vmware.com -- rm /opt/bamboo/$in_filename
+echo "Successfully signed $in_filename"
+

eclipse-distribution/scripts/sign-jars.sh

@@ -0,0 +1,29 @@
+set -e
+target_folder=$1
+if [ -d "$target_folder" ]
+then
+  echo "Sign JARs in directory: $target_folder"
+  files=`ls $target_folder`
+  for file in $files
+  do
+#    echo "Found $file..."
+    if ! [ -d $file ]
+    then
+#      echo "Looking at: $target_folder/$file"
+      extension="${file##*.}"
+#      echo "Detected extension = $extension"
+      if [ "$extension" = "jar" ]
+      then
+        echo "Copying $file to remote machine..."
+        scp -i $SSH_KEY $target_folder/$file $SSH_USER@vm-tools.spring.vmware.com:/opt/bamboo
+        echo "Signing $file..."
+        ssh -i $SSH_KEY $SSH_USER@vm-tools.spring.vmware.com -- /build/apps/signing/signserver/signc -v --input=/opt/bamboo/$file --keyid=jarsign_vmware --signmethod="jdk-1.8.0_121" --output=/opt/bamboo/$file
+        echo "Copying **signed** $file back... (into $target_folder/$file)"
+        scp -i $SSH_KEY $SSH_USER@vm-tools.spring.vmware.com:/opt/bamboo/$file $target_folder/$file
+        echo "Cleaning up remote machine..."
+        ssh -i $SSH_KEY $SSH_USER@vm-tools.spring.vmware.com -- rm /opt/bamboo/$file
+        echo "Successfully signed $file"
+      fi
+    fi
+  done
+fi

eclipse-language-servers/pom.xml

@@ -160,6 +160,31 @@
 			</properties>
 		</profile>
 
+		<profile>
+			<id>vm-signing</id>
+			<build>
+				<plugins>
+					<plugin>
+						<artifactId>exec-maven-plugin</artifactId>
+						<groupId>org.codehaus.mojo</groupId>
+						<executions>
+							<execution>
+								<id>VM JAR Sign</id>
+								<phase>package</phase>
+								<goals>
+									<goal>exec</goal>
+								</goals>
+							</execution>
+						</executions>
+						<configuration>
+							<arguments>
+								<argument>${project.build.directory}</argument>
+							</arguments>
+						</configuration>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
 
 		<profile>
 			<id>e425</id>
@@ -394,32 +419,6 @@
 			</properties>
 		</profile>
 
-		<profile>
-			<id>vm-signing</id>
-			<build>
-				<plugins>
-					<plugin>
-						<artifactId>exec-maven-plugin</artifactId>
-						<groupId>org.codehaus.mojo</groupId>
-						<executions>
-							<execution><!-- Run our version calculation script -->
-								<id>VM JAR Sign</id>
-								<phase>package</phase>
-								<goals>
-									<goal>exec</goal>
-								</goals>
-							</execution>
-						</executions>
-						<configuration>
-							<arguments>
-								<argument>${project.build.directory}</argument>
-							</arguments>
-						</configuration>
-					</plugin>
-				</plugins>
-			</build>
-		</profile>
-
 	</profiles>
 
 	<repositories>
@@ -671,13 +670,13 @@
 				<plugin>
 					<artifactId>exec-maven-plugin</artifactId>
 					<groupId>org.codehaus.mojo</groupId>
-						<configuration>
-							<executable>scripts/sign-jars.sh</executable>
-							<environmentVariables>
-								<SSH_USER>${vm-signing.ssh.user}</SSH_USER>
-								<SSH_KEY>${vm-signing.ssh.key}</SSH_KEY>
-							</environmentVariables>
-						</configuration>
+					<configuration>
+						<executable>scripts/sign-jars.sh</executable>
+						<environmentVariables>
+							<SSH_USER>${vm-signing.ssh.user}</SSH_USER>
+							<SSH_KEY>${vm-signing.ssh.key}</SSH_KEY>
+						</environmentVariables>
+					</configuration>
 				</plugin>
 
 			</plugins>