Common Build Infrastructure/Jar Signing

From Eclipsepedia

Jump to: navigation, search

How does the Athena builder handle signing?

If the build is run in Hudson on build.eclipse.org, the Hudson user initiates the signing process from a folder within the job's workspace.

If the build is run as anyone else, the build will attempt to upload a zip of jars to be signed as some authorized user on build.eclipse.org.

Here's a snippet of the buildAllHelper.xml code:

<target name="signMasterZip" if="sign">
  <antcall target="-timestamp" />
  <!-- if running as hudson, use simple path in workspace; if running commandline, connect over ssh to remote staging.priv dir -->
  <if>
    <or>
      <contains string="${user.name}" substring="hudson" />
      <contains string="${user.home}" substring="hudson" />
    </or>
  <then>
    <property name="buildServerUser" value="" />
    <property name="signingDir" value="${writableBuildRoot}/signing" />
    <mkdir dir="${signingDir}" />
  </then>
  <else>
    <!-- user with write perms in staging dir & permission to run /usr/bin/sign -->
    <property name="buildServerUser" value="dashBuild@build.eclipse.org" />
    <property name="signingDir" value="/home/data/httpd/download-staging.priv/commonBuild" />
  </else>
</if>
...

By default, buildServerUser is set to dashBuild@build.eclipse.org, but this can be overwritten in your .releng/build.properties if you need to connect as you@build.eclipse.org, using your CVS userid from dev.eclipse.org.