New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unixPb: GPG signature verification added to jdk downloads #2999
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A block has been put on this Pull Request as this repository is temporarily under a code freeze due to an ongoing release cycle.
If this pull request needs to be merged during the release cycle then please comment /merge
and a PMC member will be able to remove the block.
If the code freeze is over you can remove this block by commenting /thaw
.
The api does not return a Request url: https://api.adoptium.net/v3/assets/latest/16/hotspot?architecture=x64&image_type=jdk&os=mac&vendor=eclipse |
GPG signatures were added to all current release lines last year so I would expect it will have excluded JDK16 on all platforms. However, I believe (please verify this for all platforms - I'm confident linux is ok though) that all of the JDK17 builds are now bootstrapped with JDK17, so JDK16 is no longer required on the machines, in which case it can be removed from the playbooks. (Having said that, presumably we can't check them on JDK10 for bootstrapping 11 either) |
@sxa You're right, i just checked. I've removed jdk16 from the playbook |
Can you adjust the first commit message so it has the correct |
Jdk8 s390x also does not have a signature file, so I've excluded the check for that platform |
Fails on Centos 6 in the vpc, but passes on Centos 6 in the github checks Rerunning on just Centos 6 https://ci.adoptium.net/job/VagrantPlaybookCheck/1651/console |
New vpc job centos6 only https://ci.adoptium.net/job/VagrantPlaybookCheck/1653/console |
ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/CentOS.yml
Outdated
Show resolved
Hide resolved
I dont know why the
|
New vpc https://ci.adoptium.net/job/VagrantPlaybookCheck/1654/console |
VPC looks good. I've removed one of the commits from earlier where I install |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but can you adjust the description to say you've run VPC on it - currently the checkbox is for "Doesn't need to be run" :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might be worth commenting each usage of the older API and why it is called
ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml
Show resolved
Hide resolved
ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml
Show resolved
Hide resolved
ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml
Show resolved
Hide resolved
ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml
Outdated
Show resolved
Hide resolved
Jdk 10 binaries cannot be retrieved using api.adoptium.net, so ive kept them with api.adoptopenjdk.net https://ci.adoptium.net/job/VagrantPlaybookCheck/1658/console |
Yeah I'm not sure I like this extra complexity. I would recommend leaving as-is for the purposes of this PR and if there's a desire to use the different APIs then it can be done independently since this has nothing to do with enabling GPG verification. In fact it may make more sense to consider having a separate |
Ok, i'll leave the api as it is. Any update to it can happen in a separate pr |
/thaw |
Pull Request unblocked - code freeze is over.
Solaris Host is failing to connect PLAY [Ansible Unix playbook] *************************************************** TASK [Gathering Facts] ********************************************************* PLAY RECAP ********************************************************************* |
@karianna Yes that has been a failure for sometime now. I'll raise an issue. Meanwhile this pr has passed the solaris 10 vpc check https://ci.adoptium.net/job/VagrantPlaybookCheck/1645/OS=Solaris10,label=vagrant/console |
ref #2908
Added signature verification to the linux, alpine linux, solaris and mac jdk downloads in the unix playbook.
Refactored the linux and alpine linux tasks into one.
Can't get a signature file for jdk 10, api will not return release information for jdk 10, so verification is skipped for jdk 10.
Refactored tasks into blocks for easier management.
Removed duplicate code at the bottom.