diff options
author | Mickael Istria | 2021-04-13 20:42:05 +0000 |
---|---|---|
committer | Mickael Istria | 2021-06-15 13:34:02 +0000 |
commit | 45af7098437c45a46e7637d9aeb0177ca998e209 (patch) | |
tree | 0d50d16f52f6f79fc49979661462666823c91f37 /bundles/org.eclipse.equinox.p2.touchpoint.eclipse | |
parent | ddd6fcd94de359b9861685fa325fe8778398c691 (diff) | |
download | rt.equinox.p2-45af7098437c45a46e7637d9aeb0177ca998e209.tar.gz rt.equinox.p2-45af7098437c45a46e7637d9aeb0177ca998e209.tar.xz rt.equinox.p2-45af7098437c45a46e7637d9aeb0177ca998e209.zip |
Bug 572816 - p2 strategy to trust PGP signatures
This makes users declare whether PGP keys are trusted or not at
installation, and to skip installation if one artifact has no
signature/signer being trusted.
* Propagate the pgp.signatures on local artifact description, so it's
usable for CheckTrust
* Add support in the Trust model for PGP keys
* Add (limited) support for PGP approval in TrustCertificationDialog
* Skip installation is PGP Keys are not trusted (similarly to
certificates).
Current limitations:
* Dialog doesn't show whether a subset of PGP Keys is sufficient to
complete installation (eg 1 artifact may have mulitple signature, only 1
is necessary to be approved for installation to complete, dialog doesn't
show that and gives impression all keys need to be approved)
* The dialog doesn't give any form of hint about how to decide whether
to trust a key or net (eg check PGP key registries and so on); but it's
also the case for certificates apparently...
Change-Id: I65f698c7412027fedefc28ddfaa344caa6bfecdc
# Conflicts:
# bundles/org.eclipse.equinox.p2.ui/src/org/eclipse/equinox/internal/p2/ui/dialogs/TrustCertificateDialog.java
Reviewed-on: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/179275
Tested-by: Equinox Bot <equinox-bot@eclipse.org>
Reviewed-by: Mickael Istria <mistria@redhat.com>
Diffstat (limited to 'bundles/org.eclipse.equinox.p2.touchpoint.eclipse')
4 files changed, 19 insertions, 8 deletions
diff --git a/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/META-INF/MANIFEST.MF index 5c3932fcc..71901cee2 100644 --- a/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/META-INF/MANIFEST.MF +++ b/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/META-INF/MANIFEST.MF @@ -2,7 +2,7 @@ Manifest-Version: 1.0 Bundle-ManifestVersion: 2 Bundle-Name: %pluginName Bundle-SymbolicName: org.eclipse.equinox.p2.touchpoint.eclipse;singleton:=true -Bundle-Version: 2.3.0.qualifier +Bundle-Version: 2.3.100.qualifier Bundle-Activator: org.eclipse.equinox.internal.p2.touchpoint.eclipse.Activator Bundle-Vendor: %providerName Bundle-Localization: plugin @@ -19,8 +19,10 @@ Bundle-RequiredExecutionEnvironment: JavaSE-11 Bundle-ActivationPolicy: lazy Import-Package: javax.xml.parsers, org.eclipse.equinox.frameworkadmin;version="[2.0.0,3.0.0)", + org.eclipse.equinox.internal.p2.artifact.processors.pgp, org.eclipse.equinox.internal.p2.core.helpers, org.eclipse.equinox.internal.p2.engine, + org.eclipse.equinox.internal.p2.engine.phases, org.eclipse.equinox.internal.p2.garbagecollector, org.eclipse.equinox.internal.p2.metadata, org.eclipse.equinox.internal.provisional.frameworkadmin, diff --git a/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/pom.xml b/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/pom.xml index 7fc6bae69..12d492815 100644 --- a/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/pom.xml +++ b/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/pom.xml @@ -9,6 +9,6 @@ </parent> <groupId>org.eclipse.equinox</groupId> <artifactId>org.eclipse.equinox.p2.touchpoint.eclipse</artifactId> - <version>2.3.0-SNAPSHOT</version> + <version>2.3.100-SNAPSHOT</version> <packaging>eclipse-plugin</packaging> </project> diff --git a/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/src/org/eclipse/equinox/internal/p2/touchpoint/eclipse/actions/ActionConstants.java b/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/src/org/eclipse/equinox/internal/p2/touchpoint/eclipse/actions/ActionConstants.java index ee394cfcf..ec918b53c 100644 --- a/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/src/org/eclipse/equinox/internal/p2/touchpoint/eclipse/actions/ActionConstants.java +++ b/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/src/org/eclipse/equinox/internal/p2/touchpoint/eclipse/actions/ActionConstants.java @@ -17,7 +17,6 @@ public class ActionConstants { public static final String PARM_AGENT = "agent"; //$NON-NLS-1$ public static final String PARM_AT_ARTIFACT = "@artifact"; //$NON-NLS-1$ - public static final String PARM_ARTIFACT_FILES = "artifactFiles"; //$NON-NLS-1$ public static final String PARM_ARTIFACT_REQUESTS = "artifactRequests"; //$NON-NLS-1$ public static final String PARM_BUNDLE = "bundle"; //$NON-NLS-1$ public static final String PARM_FEATURE = "feature"; //$NON-NLS-1$ diff --git a/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/src/org/eclipse/equinox/internal/p2/touchpoint/eclipse/actions/CheckTrustAction.java b/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/src/org/eclipse/equinox/internal/p2/touchpoint/eclipse/actions/CheckTrustAction.java index 201535517..7c7b51c17 100644 --- a/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/src/org/eclipse/equinox/internal/p2/touchpoint/eclipse/actions/CheckTrustAction.java +++ b/bundles/org.eclipse.equinox.p2.touchpoint.eclipse/src/org/eclipse/equinox/internal/p2/touchpoint/eclipse/actions/CheckTrustAction.java @@ -18,6 +18,7 @@ import java.util.Collection; import java.util.Map; import org.eclipse.core.runtime.IStatus; import org.eclipse.core.runtime.Status; +import org.eclipse.equinox.internal.p2.engine.phases.CheckTrust; import org.eclipse.equinox.internal.p2.touchpoint.eclipse.EclipseTouchpoint; import org.eclipse.equinox.internal.p2.touchpoint.eclipse.Util; import org.eclipse.equinox.p2.core.IProvisioningAgent; @@ -26,6 +27,8 @@ import org.eclipse.equinox.p2.engine.spi.ProvisioningAction; import org.eclipse.equinox.p2.metadata.IArtifactKey; import org.eclipse.equinox.p2.metadata.IInstallableUnit; import org.eclipse.equinox.p2.query.QueryUtil; +import org.eclipse.equinox.p2.repository.artifact.IArtifactDescriptor; +import org.eclipse.equinox.p2.repository.artifact.IFileArtifactRepository; /** * This action collects the set of bundle files on which the signature trust @@ -47,14 +50,21 @@ public class CheckTrustAction extends ProvisioningAction { if (!profile.available(QueryUtil.createIUQuery(iu), null).isEmpty()) return null; @SuppressWarnings("unchecked") - Collection<File> bundleFiles = (Collection<File>) parameters.get(ActionConstants.PARM_ARTIFACT_FILES); + Map<IArtifactDescriptor, File> bundleFiles = (Map<IArtifactDescriptor, File>) parameters + .get(CheckTrust.PARM_ARTIFACTS); Collection<IArtifactKey> artifacts = iu.getArtifacts(); - if (artifacts == null) + if (artifacts == null) { return null; + } + IFileArtifactRepository repo = Util.getAggregatedBundleRepository(agent, profile); for (IArtifactKey key : artifacts) { - File bundleFile = Util.getArtifactFile(agent, key, profile); - if (!bundleFiles.contains(bundleFile)) - bundleFiles.add(bundleFile); + for (IArtifactDescriptor descriptor : repo.getArtifactDescriptors(key)) { + IFileArtifactRepository currentRepo = descriptor.getRepository() instanceof IFileArtifactRepository + ? (IFileArtifactRepository) descriptor.getRepository() + : repo; + File artifactFile = currentRepo.getArtifactFile(descriptor); + bundleFiles.put(descriptor, artifactFile); + } } return null; } |