Coming from older releases (like our product build on top of 2021.12 release of eclipse) will give problems when updating

[jcompagner]

I wonder if that can be helped somehow, or if in the future this can be avoided
We have LTS releases of our product that are maintained for 2 years. Those are mostly yyyy.03.x releases build on top of the yyyy-1.12 release of eclipse.

But now if i upgrade a 2022.03 release straight to our 2023.09 release i get the stuff below

if i then first upgrade that 22.03 release to a 23.03 release and then to a 23.09 release that kind of works (some times P2 cached stuff and i still get a weird artifact not found in a repo, which is really there but that is another thing)

An error occurred while collecting items to be installed
session context was:(profile=DefaultProfile, phase=org.eclipse.equinox.internal.p2.engine.phases.Collect, operand=, action=).
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 70b824d9a6b4ae29.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 70b824d9a6b4ae29.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 70b824d9a6b4ae29.
OK
Result of processing steps.
OK
OK
Public key not found for 70b824d9a6b4ae29.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK
Result of processing steps.
OK
OK
OK
Public key not found for 700e4f39bc05364b.
OK

[mickaelistria]

Is the public key made available in p2 metadata or other product preferences to enable verification? From https://help.eclipse.org/latest/index.jsp?topic=%2Forg.eclipse.platform.doc.isv%2Fguide%2Fp2_pgp.html

Both the artifact repository and the artifact metadata may specify a pgp.publicKeys property that represents a PGP armored block for one or more PGP public keys. The PGP public keys specified in the metadata are made available for further signature verification. It is recommended to store the keys on the p2 artifact metadata because in this manner the signature and the key will always follow the artifact from one artifact repository to the next, whereas properties stored on the overall artifact repository may be lost.

[merks]

There were versions of the PGP support shipped that were not 100% functional. Really old versions did not look for the key as a property on the artifact. Also, such older versions did not do a proper job mirroring the key from the source repository to the destination. It sounds like that's what you are seeing here. 😢

[jcompagner]

ah ok,
then it starts to makes sense

It is then funny that 2022.03 can update to 2023.03 (but not straight to 2023.09)
So maybe in the mean time eclipse added some more (used it some more) and now we are hitting that
(those versions are our product version. eclipse is always 3 months behind, because we release in the same cycle but then with with the "previous" release)

i wonder if i could tie something together, so this https://download.servoy.com/developer/latest/releasecandidate/artifacts.jar is 2023.09
and an 2022.03 release updating to that will bomb out with

Public key not found for 700e4f39bc05364b.

what is that 700e4f39bc05364b?

[merks]

Use https://keyserver.ubuntu.com/ to search for a key, i.e.

https://keyserver.ubuntu.com/pks/lookup?search=700e4f39bc05364b&fingerprint=on&op=index

[HannesWell]

Regarding the impossibility to update from certain versions #203 probably also plays its role.

[jcompagner]

ah yes, (looking at the reported versions, that is exactly what we are getting)
the only thing is that my error is a bit different:

!MESSAGE org.bouncycastle.openpgp.PGPPublicKey found where PGPPublicKeyRing expected
!STACK 0
org.bouncycastle.openpgp.PGPException: org.bouncycastle.openpgp.PGPPublicKey found where PGPPublicKeyRing expected
	at org.bouncycastle.openpgp.PGPPublicKeyRingCollection.<init>(Unknown Source)
	at org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection.<init>(Unknown Source)
	at org.eclipse.equinox.internal.p2.artifact.processors.pgp.PGPSignatureVerifier.readPublicKeys(PGPSignatureVerifier.java:176)
	at org.eclipse.equinox.internal.p2.artifact.processors.pgp.PGPSignatureVerifier$PGPPublicKeyStore.addKeys(PGPSignatureVerifier.java:60)
	at org.eclipse.equinox.internal.p2.artifact.processors.pgp.PGPSignatureVerifier.initialize(PGPSignatureVerifier.java:130)
	at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.addPGPSignatureVerifier(SimpleArtifactRepository.java:496)
	at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.addPostSteps(SimpleArtifactRepository.java:483)
	at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.processDestination(SimpleArtifactRepository.java:1151)
	at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.getArtifact(SimpleArtifactRepository.java:791)
	at org.eclipse.equinox.internal.p2.artifact.repository.MirrorRequest.getArtifact(MirrorRequest.java:328)
	at org.eclipse.equinox.internal.p2.artifact.repository.MirrorRequest.transferSingle(MirrorRequest.java:298)
	at org.eclipse.equinox.internal.p2.artifact.repository.MirrorRequest.transfer(MirrorRequest.java:234)
	at org.eclipse.equinox.internal.p2.artifact.repository.MirrorRequest.perform(MirrorRequest.java:156)
	at org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository.getArtifact(SimpleArtifactRepository.java:779)
	at org.eclipse.equinox.internal.p2.artifact.repository.simple.DownloadJob.run(DownloadJob.java:64)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)

but it just seems that older eclipse version are just a bit screwed up when updating to the latest stuff
But hopping one in between does fix at least that problem