Monday, April 24, 2017

Host your own eclipse signing server

We handled signing plugins with tycho some time ago already. When working in a larger company you might want to keep your certificates and passphrases hidden from your developers. For such a scenario a signing server could come in handy.

The eclipse CBI project provides such a server which just needs to get configured in the right way. Mikael Barbero posted a short howto on the mailing list, which should contain all you need. For a working setup example follow this tutorial.

To have a test vehicle for signing we will reuse the tycho 4 tutorial source files.

Step 1: Get the service

Download the latest service snapshot file and store it to a directory called signingService. Next download the test server, we will use it to create a temporary certificate and keystore.

Finally we need a template configuration file. Download it and store it to signingService/jar-signing-service.properties.

Step 2: A short test drive

Open a console and change into the signingService folder. There execute:
java -cp jar-signing-service-1.0.0-20170331.204711-10.jar:jar-signing-service-1.0.0-20170331.204711-10-tests.jar org.eclipse.cbi.webservice.signing.jar.TestServer
You should get some output giving you the local address of the signing service as long as the certificate store used:
Starting test signing server at http://localhost:3138/jarsigner
Dummy certificates, temporary files and logs are stored in folder: /tmp/TestServer-2590700922068591564
Jarsigner executable is: /opt/oracle-jdk-bin-1.8.0.121/bin/jarsigner
We are not ready yet to sign code, but at least we can test if the server is running correctly. If you try to connect with a browser you should get a message that HTTP method GET is not supported by this URL.

Step 3: Preparing the tycho project

We need some changes to our tycho project so it can make use of the signing server. Get the sources of the tycho 4 tutorial (checking out from git is fully sufficient) and add following code to com.codeandme.tycho.releng/pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

 <properties>
  <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 </properties>

 <pluginRepositories>
  <pluginRepository>
   <id>cbi</id>
   <url>https://repo.eclipse.org/content/repositories/cbi-releases/</url>
  </pluginRepository>
 </pluginRepositories>

 <build>
  <plugins>
   <!-- enable jar signing -->
   <plugin>
    <groupId>org.eclipse.cbi.maven.plugins</groupId>
    <artifactId>eclipse-jarsigner-plugin</artifactId>
    <version>${eclipse.jarsigner.version}</version>
    <executions>
     <execution>
      <id>sign</id>
      <goals>
       <goal>sign</goal>
      </goals>
      <phase>verify</phase>
     </execution>
    </executions>
    <configuration>
     <signerUrl>http://localhost:3138/jarsigner</signerUrl>
    </configuration>
   </plugin>
   
  </plugins>
 </build>
</project>
The code above shows purely additions to the pom.xml, no sections were removed or replaced.

You may try to build your project with maven already. As I had problems to connect to https://timestamp.geotrust.com/tsa my local build failed, even if maven reported SUCCESS.

Step 4: Configuring a productive instance

So lets get productive. Setting up your keystore with your certificates will not be handled by this tutorial, so I will reuse the keystore created by the test instance. Copy the keystore.jks file from the temp folder to the signingService folder. Then create a text file keystore.pass:
echo keystorePassword >keystore.pass

Now we need to adapt the jar-signing-service.properties file to our needs:
### Example configuration file

server.service.pathspec=/jarsigner
server.service.pathspec.versioned=false

jarsigner.bin=/opt/oracle-jdk-bin-1.8.0.121/bin/jarsigner

jarsigner.keystore=/somewhere/signingService/keystore.jks
jarsigner.keystore.password=/somewhere/signingService/keystore.pass
jarsigner.keystore.alias=acme.org

jarsigner.tsa=http://timestamp.entrust.net/TSS/JavaHttpTS

  • By setting the versioned flag to false in line 4 we simplify the service web address (details can be found in the sample properties file).
  • Set the jarsigner executable path in line 6 according to your local environment.
  • Lines 8-10 contain details about the keystore and certificate to use, you will need to adapt them, but above settings should result in a working build.
  • The change in line 12 was necessary at the time of writing this tutorial because of connection problems to https://timestamp.geotrust.com/tsa.
Run your service using
java -jar jar-signing-service-1.0.0-20170331.204711-10.jar
Remember that your productive instance now runs on port 8080, so adapt your pom.xml accordingly.

Wednesday, March 15, 2017

Fancy tooltips

I always liked the tooltips available in eclipse editors. Having a browser widget that may capture focus is nice to display more complex help topics in the UI. Unfortunately the eclipse implementation is heavily bound to editors and cannot be used for other parts.

Well, up to now. For EASE I wanted to reuse these tooltips to display API documentation in a treeviewer. The result looks quite satisfactory:


I built some API to add these tooltips to any kind of SWT controls. While it may not be perfect it seems rather simple to use for me.
  final HoverManager hoverManager = new HoverManager(parent);
  hoverManager.addHover(fModulesComposite.getTreeViewer(), new IHoverContentProvider() {

   @Override
   public void populateToolbar(BrowserInformationControl control, ToolBarManager toolBarManager) {
    // nothing to do
   }

   @Override
   public String getContent(Object origin, Object detail) {
    return "<p>This is HTML content</p>";
   }
  });
To see these tooltips in action get a nightly build of EASE and open the Modules Explorer view.

Now I am wondering if there is any interest in making this API available for other eclipse projects.
When extracting the functionality I had to access some internal classes from org.eclipse.jface.text and JDT - mostly because of package private methods. Porting back these changes would be possible, still I am wondering if org.eclipse.jface.text would be the right place for it. Why should a generic view depend on jface.text just to get nice tooltip support?

So lets see if there is interest in adopting this feature and where to put it.

Thursday, December 15, 2016

Helpers: TableViewer Text Export

Today I would like to present a small helper class that exports the content of a TableViewer to a String representation.

How to use

The default implementation creates a CSV output. Exporting the table is simple:
TableExporter exporter = new TableExporter(tableViewer);
exporter.print(outputStream);

// exporter.toString() // serializes into a String
The export uses sorting, filtering and column ordering so your output matches to what you see on the screen.

Other output formats

If you are interested in other output formats, have a look at HTMLTableExporter, which renders the same data into an HTML table. You can easily extend the base class to adapt the output format to your own needs.

Examples



rendered as CSV text:

First,Last,City
Obi-Wan,Kenobi,Tatooine
Leia,Organa,Alderaan
Luke,Skywalker,Tatooine
Han,Solo,Corellia

...or as HTML table

First Last City
Obi-Wan Kenobi Tatooine
Leia Organa Alderaan
Luke Skywalker Tatooine
Han Solo Corellia

Monday, October 31, 2016

Oomph 05: Git checkout

In this tutorial we will checkout a git repository and import its projects into the workspace.

Source code for this tutorial is available on github as a single zip archive, as a Team Project Set or you can browse the files online.  

For a list of all Oomph related tutorials see my Oomph Tutorials Overview.

Step 1: Git clone task

First open your CodeAndMe.setup file and look for a new child called Git Clone. Quite likely you will find it under Additional Tasks. All tasks available under that submenu are currently not installed. By selecting them eclipse triggers a background job to install the necessary components. Before you can use it a restart of your workbench will be required.

Once you added a Git Clone task open its Properties. The bare minimum information to provide is the Remote URI. Set it to your clone location, eg. https://github.com/Pontesegger/codeandme.git

We will also provide an ID so we can reference that setup task from other tasks later during the install. Therefore set ID to codeandme.git.clone.
The checkout Location is typically chosen by the user and should not be defined in the setup file. Users will set this during installation by using the Git clone location rule variable.

Step 2: Import projects

The clone task will create a local copy of the repository but that does not mean that its projects are already visible in the workspace.

We need to add a dedicated Projects Import task. Further add a subnode of type Source Locator to it. Now switch to its Properties and set the Root Folder. Instead of providing a fixed location here we will refer to the Git Clone task we defined earlier.

When a task has an ID, we can refer to it directly using a variable: ${task.id}. Further all task properties are available by just adding the property name: ${task.id.property_name}.

To get the path where our git repository was checked out to we can use: ${codeandme.git.clone.location}
Give it a try to see that your task configuration is correct.

Wednesday, October 26, 2016

ECE 2016: Elevate your IDE with scripts

Being at EclipseCon Europe for me is always a highlight throughout the year. While I am enjoying the talks and discussions (and some beer) you might be interested in what to expect from my talk on EASE today:

Well I guess lots of you are already familiar with the basic concept of running scripts in Eclipse. Therefore the talk will focus on scripts that augment the IDE (or any other RCP application) in special ways. We will use them to add toolbar and menu items, we will create a custom builder prototype, learn something about the Event Broker and finally have a look at script deployment methods. Therefore we will use a generic keyword mechanism which can be extended easily to your own needs.

Even if you do not care about scripting but prefer pure Java this talk might be for you. Using EASE you may extend the IDE without deployment of features (and without a restart).

As I am a big fan of live sessions we will rush through some slides in 3 minutes and use the rest for a live demo.

Got your interest? Join me on Wednesday, 11:45 at Silchersaal.

Wednesday, September 21, 2016

Native browser for GTK on linux

Having support for the internal browser is often not working out of the box on linux. You can check the status by opening your Preferences/General/Web Browser settings. If the radio button Use internal  web browser is enabled (not necessarily activated) internal browser support is working, otherwise not.

Most annoyingly without internal browser support help hovers in your text editors use a fallback mode not rendering links or images.

To solve this issue you may first check the SWT FAQ. For me working on gentoo linux the following command fixed the problem:
emerge net-libs/webkit-gtk:2
It is important to not only install the latest version of webkit-gtk which will not be recognized by Eclipse. After installation restart eclipse and your browser should work. Verified on Eclipse Neon.

Thursday, September 15, 2016

Oomph 04: P2 install tasks

Form this tutorial onwards we are going to extend our project setup step by step. Today we are looking how to install additional plugins and features to our setup.

Source code for this tutorial is available on github as a single zip archive, as a Team Project Set or you can browse the files online.  

For a list of all Oomph related tutorials see my Oomph Tutorials Overview.

Step 1: Add the Repository

Open your Oomph setup file and create a new task of type P2 Director. To install components we need to provide a p2 site location and components from that location to install. So create a new Repository child to our task. When selected the Properties view will ask for a URL. Point to the p2 location you want to install stuff from. Leave Type to Combined. If you do not know about repository types you definitely do not need to change this setting.
When you are working with a p2 site provided by eclipse, Oomph can help to identify update site locations.

Step 2: Add features

Once you added the repository you can start to add features to be installed from that site. The manual way requires you to create a new child node of type Requirement. Go to its Properties and set Name to the feature id you want to install. You may add version ranges or make installs optional (which means do not throw an error when the feature cannot be installed).
The tricky part is to find out the name of the feature you want to install. I like to use the target platform editor from Mickael Barbero with its nice code completion features. An even simpler way is to use the Repository Explorer from Oomph:

Right click on your Repository node and select Explore. The Repository Explorer view comes up and displays features the same way as you might know it from the eclipse p2 installer. Now you can drag and drop entries to your P2 Director task.