Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Common Build Infrastructure/Jar Signing"
| Line 7: | Line 7: | ||
Here's a snippet of [http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.dash/athena/org.eclipse.dash.commonbuilder/org.eclipse.dash.common.releng/tools/scripts/buildAllHelper.xml?root=Technology_Project&view=markup the buildAllHelper.xml code]: | Here's a snippet of [http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.dash/athena/org.eclipse.dash.commonbuilder/org.eclipse.dash.common.releng/tools/scripts/buildAllHelper.xml?root=Technology_Project&view=markup the buildAllHelper.xml code]: | ||
| − | + | <target name="signMasterZip" if="sign"> | |
| − | + | <antcall target="-timestamp" /> | |
| − | + | <!-- if running as hudson, use simple path in workspace; if running commandline, connect over ssh to remote staging.priv dir --> | |
| − | + | <if> | |
| − | + | <or> | |
| − | + | <contains string="${user.name}" substring="hudson" /> | |
| − | + | <contains string="${user.home}" substring="hudson" /> | |
| − | + | </or> | |
| − | + | <then> | |
| − | + | <property name="buildServerUser" value="" /> | |
| − | + | <property name="signingDir" value="${writableBuildRoot}/signing" /> | |
| − | + | <mkdir dir="${signingDir}" /> | |
| − | + | </then> | |
| − | + | <else> | |
| − | + | <!-- user with write perms in staging dir & permission to run /usr/bin/sign --> | |
| − | + | <property name="buildServerUser" value="dashBuild@build.eclipse.org" /> | |
| − | + | <property name="signingDir" value="/home/data/httpd/download-staging.priv/commonBuild" /> | |
| − | + | </else> | |
| − | + | </if> | |
... | ... | ||
Revision as of 20:41, 12 May 2009
How does the Athena builder handle signing?
If the build is run in Hudson on build.eclipse.org, the Hudson user initiates the signing process from a folder within the job's workspace.
If the build is run as anyone else, the build will attempt to upload a zip of jars to be signed as some authorized user on build.eclipse.org.
Here's a snippet of the buildAllHelper.xml code:
<target name="signMasterZip" if="sign">
<antcall target="-timestamp" />
<!-- if running as hudson, use simple path in workspace; if running commandline, connect over ssh to remote staging.priv dir -->
<if>
<or>
<contains string="${user.name}" substring="hudson" />
<contains string="${user.home}" substring="hudson" />
</or>
<then>
<property name="buildServerUser" value="" />
<property name="signingDir" value="${writableBuildRoot}/signing" />
<mkdir dir="${signingDir}" />
</then>
<else>
<!-- user with write perms in staging dir & permission to run /usr/bin/sign -->
<property name="buildServerUser" value="dashBuild@build.eclipse.org" />
<property name="signingDir" value="/home/data/httpd/download-staging.priv/commonBuild" />
</else>
</if>
...
By default, buildServerUser is set to dashBuild@build.eclipse.org, but this can be overwritten in your .releng/build.properties if you need to connect as you@build.eclipse.org, using your CVS userid from dev.eclipse.org.