diff --git a/pipelines/build/common/openjdk_build_pipeline.groovy b/pipelines/build/common/openjdk_build_pipeline.groovy index 275d2e627..d4cb58dce 100644 --- a/pipelines/build/common/openjdk_build_pipeline.groovy +++ b/pipelines/build/common/openjdk_build_pipeline.groovy @@ -1563,57 +1563,64 @@ class Build { echo "Signing $f using Eclipse Foundation codesign service" dir=$(dirname "$f") file=$(basename "$f") - mv "$f" "${dir}/unsigned_${file}" - success=false - if [ "${base_os}" == "mac" ]; then - if ! curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" -F entitlements="@$ENTITLEMENTS" https://cbi.eclipse.org/macos/codesign/sign; then - echo "curl command failed, sign of $f failed" - else - success=true - fi - else + ms_file_skipped=false + if [ "${base_os}" == "windows" ]; then + # Check if file is a Microsoft supplied file that is already signed if [[ "$file" =~ api-ms-win.* ]] || [[ "$file" =~ msvcp.* ]] || [[ "$file" =~ ucrtbase.* ]] || [[ "$file" =~ vcruntime.* ]]; then echo "Skipping Microsoft file $file" - success=true - elif ! curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" https://cbi.eclipse.org/authenticode/sign; then - echo "curl command failed, sign of $f failed" - else - success=true + ms_file_skipped=true fi fi - if [ $success == false ]; then - # Retry up to 20 times - max_iterations=20 - iteration=1 - echo "Code Not Signed For File $f" - while [ $iteration -le $max_iterations ] && [ $success = false ]; do - echo $iteration Of $max_iterations - sleep 1 - if [ "${base_os}" == "mac" ]; then - if curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" -F entitlements="@$ENTITLEMENTS" https://cbi.eclipse.org/macos/codesign/sign; then - success=true - fi + if [ $ms_file_skipped == false ]; then + mv "$f" "${dir}/unsigned_${file}" + success=false + if [ "${base_os}" == "mac" ]; then + if ! curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" -F entitlements="@$ENTITLEMENTS" https://cbi.eclipse.org/macos/codesign/sign; then + echo "curl command failed, sign of $f failed" else - if curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" https://cbi.eclipse.org/authenticode/sign; then - success=true - fi + success=true fi - - if [ $success = false ]; then - echo "curl command failed, $f Failed Signing On Attempt $iteration" - iteration=$((iteration+1)) - if [ $iteration -gt $max_iterations ] - then - echo "Errors Encountered During Signing" - exit 1 - fi + else + if ! curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" https://cbi.eclipse.org/authenticode/sign; then + echo "curl command failed, sign of $f failed" else - echo "$f Signed OK On Attempt $iteration" + success=true fi - done - fi - chmod --reference="${dir}/unsigned_${file}" "$f" - rm -rf "${dir}/unsigned_${file}" + fi + if [ $success == false ]; then + # Retry up to 20 times + max_iterations=20 + iteration=1 + echo "Code Not Signed For File $f" + while [ $iteration -le $max_iterations ] && [ $success = false ]; do + echo $iteration Of $max_iterations + sleep 1 + if [ "${base_os}" == "mac" ]; then + if curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" -F entitlements="@$ENTITLEMENTS" https://cbi.eclipse.org/macos/codesign/sign; then + success=true + fi + else + if curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" https://cbi.eclipse.org/authenticode/sign; then + success=true + fi + fi + + if [ $success = false ]; then + echo "curl command failed, $f Failed Signing On Attempt $iteration" + iteration=$((iteration+1)) + if [ $iteration -gt $max_iterations ] + then + echo "Errors Encountered During Signing" + exit 1 + fi + else + echo "$f Signed OK On Attempt $iteration" + fi + done + fi + chmod --reference="${dir}/unsigned_${file}" "$f" + rm -rf "${dir}/unsigned_${file}" + fi # ms_file_skipped == false done ''' // groovylint-enable