eclipse-simrel / simrel.build Goto Github PK
View Code? Open in Web Editor NEWThe aggregation model and build infrastructure.
The aggregation model and build infrastructure.
Now that we have support for auto-merge via #103 should we also enable delete_branch_on_merge so that one really has to do nothing else manually if the verification build succeeds?
https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/4156#note_1612521
In order to ensure we can address any problems, e.g., CVEs, that might arise in 3rd party bundles in the future, we need to be prepared to update those dependencies. The following dependencies are not currently part of the restructured Orbit aggregation and need to be investigated to determine where and why these outdated versions are being used:
The above list was produced by adding validation repositories to both validation sets in simrel.aggr
and specifying to exclude all IUs available from a validation repository:
With this approach, the analysis editors view shows only the subset of 3rd party libraries that do not come from the restructured Orbit aggregation:
Our creative graphic designers have created the following artwork for the SimRel project's logo:
Please vote below with a ๐ on your favorites. Note that you can remove a "reaction" by clicking on the "icon".
I'm currently using in my IDE this updatesite:
https://download.eclipse.org/releases/latest
this results in Eclipse notify me whenever a new release is published and I can update (or wait if I feel its to risky because tomorrow is deadline for my project and I need to fix this one tiny little bug).
On the other hand, the three month cycle is probably a bit long and I generally trust that Eclipse delivers good software already in their milestones and it is good to discover any issue fast.
I therefore like to have an URL like
https://download.eclipse.org/releases/upcomming
that is a composite that behaves like this:
lastest
as a child so of course any release is includedthat way I can get automatic notifications of updates with just one URL, and can decide if I want to install them to give faster feedback, getting new features faster and so on.
The one and only version of guava that should be on the train for 2023-12 is 32.1.3.jre.
There are compelling reasons why this should be the case, including wiring problems, but not the least of which is this CVE:
There are currently multiple versions for various reasons. The oldest version is pulled in by RCPTT and that project is unable to do the releng work to make the necessary updates. The project must be removed from the train until they do so. GEF 5 is also a problem indirectly by requiring com.google.inject 5.x which requires an older guava. I am working to fix that problem and have it working locally.
Removing RCPTT and updating GEF 5 reveals that a whole whack of projects just aren't paying attention. The following projects currently continue to build against and deliver old dependencies, in each case track by the associated bug/issue:
I will edit this description with additional details as they become available.
This issue affects all projects that sign jars, not just SimRel projects.
This issue directly related to the problem is already opened:
https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/4662
Here is a (hopefully correct) short list of affected projects:
The signing certificate expired May 21, 2024:
Any content signed with this certificate after that date is considered unsigned, e.g.,
$/c/Program\ Files/Java/jdk-21.0.2+13/bin/jarsigner.exe -verbose -verify /d/stuff/org.eclipse.e4.ui.dialogs_1.5.0.v20240424-0957.jar
s 4608 Wed Apr 24 22:09:26 CEST 2024 META-INF/MANIFEST.MF
3961 Wed Apr 24 22:09:26 CEST 2024 META-INF/ECLIPSE_.SF
9554 Wed Apr 24 22:09:26 CEST 2024 META-INF/ECLIPSE_.RSA
0 Wed Apr 24 22:09:24 CEST 2024 META-INF/
0 Wed Apr 24 22:09:24 CEST 2024 org/
0 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/
0 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/
0 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/
0 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/
0 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/
0 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/textbundles/
0 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/
0 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/
0 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/
0 Wed Apr 24 22:09:24 CEST 2024 icons/
0 Wed Apr 24 22:09:24 CEST 2024 icons/full/
0 Wed Apr 24 22:09:24 CEST 2024 icons/full/dtool16/
0 Wed Apr 24 22:09:24 CEST 2024 icons/full/etool16/
sm 2520 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/BasicUIJob.class
sm 13542 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/FilteredTree.class
sm 3362 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/FilteredTree$NotifyingTreeViewer.class
sm 1397 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/FilteredTree$5.class
sm 1199 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/FilteredTree$4.class
sm 2604 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/FilteredTree$2.class
sm 1270 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/FilteredTree$3.class
sm 4743 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/FilteredTree$1.class
sm 7594 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/filteredtree/PatternFilter.class
sm 1258 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/dialogs/textbundles/E4DialogMessages.class
sm 1663 Wed Apr 24 22:03:14 CEST 2024 org/eclipse/e4/ui/dialogs/textbundles/messages.properties
sm 9637 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/AboutDialogE4.class
sm 1838 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/AboutText$1.class
sm 11033 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/AboutText.class
sm 2222 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/AboutText$2.class
sm 4111 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/BrandingProperties.class
sm 2556 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/HyperlinkExtractor.class
sm 719 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/HyperlinkRange.class
sm 421 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/IProductConstants.class
sm 1911 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/ParsedAbout.class
sm 2617 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/ProductInformation.class
sm 7441 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/ProductProperties.class
sm 1084 Wed Apr 24 22:09:24 CEST 2024 org/eclipse/e4/ui/internal/dialogs/about/UnavailableProduct.class
sm 397 Wed Apr 24 22:03:14 CEST 2024 icons/full/dtool16/clear_co.png
sm 755 Wed Apr 24 22:03:14 CEST 2024 icons/full/dtool16/[email protected]
sm 463 Wed Apr 24 22:03:14 CEST 2024 icons/full/etool16/clear_co.png
sm 1015 Wed Apr 24 22:03:14 CEST 2024 icons/full/etool16/[email protected]
sm 214 Wed Apr 24 22:09:24 CEST 2024 .api_description
sm 1460 Wed Apr 24 22:03:14 CEST 2024 about.html
sm 614 Wed Apr 24 22:03:14 CEST 2024 plugin.properties
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
- Signed by "[email protected], CN="Eclipse.org Foundation, Inc.", OU=IT, O="Eclipse.org Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA"
Digest algorithm: SHA-256
Signature algorithm: SHA384withRSA, 4096-bit key
Timestamped by "CN=Symantec SHA256 TimeStamping Signer - G3, OU=Symantec Trust Network, O=Symantec Corporation, C=US" on Mi. Apr. 24 22:09:27 UTC 2024
Timestamp digest algorithm: SHA-256
Timestamp signature algorithm: SHA256withRSA, 2048-bit key
jar verified.
Warning:
This jar contains entries whose TSA certificate chain is invalid. Reason: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
POSIX file permission and/or symlink attributes detected. These attributes are ignored when signing and are not protected by the signature.
Re-run with the -verbose and -certs options for more details.
The signer certificate expired on 2024-05-22. However, the JAR will be valid until the timestamp expires on 2029-03-23.
We see SimRel staging is badly affected by this:
Note that some shown with strikeout and some are not. That's because some artifacts were signed by the certificate when it was still valid while others are signed by the certificate after is expired.
Here are JUnit-style test results:
Apologies if I'm jumping the gun here by targetting the repo at https://download.eclipse.org/staging/2024-06
but I like to test our product against the latest builds so I thought I better report this in case there's a problem.
Our .product
file includes the following feature:
<feature id="org.eclipse.ecf.filetransfer.httpclient5.feature"/>
Now when we try to build our product using Tycho (4.0.8) and our pom.xml
targetting the staging repo the build is unsuccessful:
[WARNING] Mirror tool: Problems resolving provisioning plan.:
Unable to satisfy dependency from org.eclipse.ecf.filetransfer.httpclient5.feature.feature.group 1.1.702.v20231114-1017 to org.eclipse.equinox.p2.iu; org.eclipse.ecf.provider.filetransfer.httpclient5.win32 [1.1.0.v20230423-0417,1.1.0.v20230423-0417], filter=(osgi.os=win32).
Unable to satisfy dependency from org.eclipse.ecf.filetransfer.httpclient5.feature.feature.group 1.1.702.v20231114-1017 to org.eclipse.equinox.p2.iu; org.apache.httpcomponents.client5.httpclient5-win [5.2.1.v20230802-0847,5.2.1.v20230802-0847], filter=(osgi.os=win32).
and:
[ERROR] Failed to execute goal org.eclipse.tycho:tycho-p2-director-plugin:4.0.7:materialize-products (create-distributions) on project com.archimatetool.editor.product: Installation of product com.archimatetool.editor.product for environment win32/win32/x86_64 failed: Call to p2 director application failed:Cannot complete the install because one or more required items could not be found.: [Software being installed: Archi 5.4.0.202405311403 (com.archimatetool.editor.product 5.4.0.202405311403); Missing requirement for filter properties ~= $0: ECF Apache Httpclient 5 FileTransfer Provider 1.1.702.v20231114-1017 (org.eclipse.ecf.filetransfer.httpclient5.feature.feature.group 1.1.702.v20231114-1017) requires 'org.eclipse.equinox.p2.iu; org.eclipse.ecf.provider.filetransfer.httpclient5.win32 [1.1.0.v20230423-0417,1.1.0.v20230423-0417], filter=(osgi.os=win32)' but it could not be found; Cannot satisfy dependency:: [From: Archi 5.4.0.202405311403 (com.archimatetool.editor.product 5.4.0.202405311403); To: org.eclipse.equinox.p2.iu; org.eclipse.ecf.filetransfer.httpclient5.feature.feature.group [1.1.702.v20231114-1017,1.1.702.v20231114-1017]]].
Without it people looking at the new repo will not find these instructions directly.
Getting error opening simrel.aggr with Aggregator Model Editor after #48.
Using Eclipse IDE 2023-09 with CBI Aggregator Editor 1.0.300 from https://www.eclipse.org/cbi/downloads/aggregatorLatest/
org.eclipse.emf.ecore.xmi.FeatureNotFoundException: Feature 'includeSources' not found. (platform:/resource/org.eclipse.simrel.build/simrel.aggr, 2, 523)
at org.eclipse.emf.ecore.xmi.impl.XMLHandler.reportUnknownFeature(XMLHandler.java:2057)
at org.eclipse.emf.ecore.xmi.impl.XMLHandler.handleUnknownFeature(XMLHandler.java:2021)
at org.eclipse.emf.ecore.xmi.impl.XMIHandler.handleUnknownFeature(XMIHandler.java:172)
at org.eclipse.emf.ecore.xmi.impl.XMLHandler.setAttribValue(XMLHandler.java:2773)
Using latest Oomph (1.32.0 Build 418) the SimRel setup doesn't work. After the IDE installs and starts I can see the setup check run briefly, but then nothing further happens.
There is an error log entry that says: The location '/scratch/eclipse/oomph/simrel-main3/git/simrel.github' is not empty but is not a Git repository.
and the contents of the mentioned directory are:
$ tree -a $PWD
/scratch/eclipse/oomph/simrel-main3/git/simrel.github
โโโ .gitignore
โโโ .project
โโโ .settings
โโโ org.eclipse.core.resources.prefs
1 directory, 3 files
I tried this on a Linux and Windows machine and got the same results.
I'm not sure the purpose of this file:
https://github.com/eclipse-simrel/simrel.build/blob/main/.mailmap
With the changes for #402 the list of contracts has been cleaned up and updated.
But given I don't know the purpose of .mailmap, there is little point in updating it, especially manually, if it's not actually used for anything.
Do you know the purpose of this file?
I haven't used it much, but auto-merge looks like it would be very well suited to the workflow of SimRel.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.