Skip to main content
Jump to: navigation, search

IT Infrastructure Doc

< Development Resources


How do I setup my project website?

Project websites are hosted in a git repository separate from the actual project code. You can browse project website repositories using cGit. Once the webmaster adds a space for your project, files you commit to the website repository are automatically published to, where xyz is your project's short name. You are free to use HTML and PHP on your website.
Hosting a project website is normally done when the project proposal has been approved. If you suspect your files are not being checked out to the website, simply commit a small change to one file. This is usually enough to trigger a website refresh.

How do I use the Solstice theme?

Please see this document for information on using Solstice.

Use a database for my website?

We currently do not offer projects with database support.

I need to put a large file on my website. How should I do this?

Large (1 MB+) ZIP and JAR files must be put in the downloads area, using the Find A Mirror script to link to them. However, small files (less than 1 MB) can be put on the website directly without causing too much harm.

Remember to allow our mirrors at least 24 hours to sync up before using a transparent mirror redirect.

Use PHP on my website?

PHP support is available on only. Simply commit files with the .php file extension to your website's repository. Although some projects host PHP files on, we do not encourage or recommend it. is a high-traffic website. Please make sure your PHP code is optimized to run in this type of environment. See the next item.

Optimize my PHP code for large-scale use? is a high-traffic website. To improve PHP's functionality, we have set very liberal limits on how many resources PHP can consume. However. if if your project is very popular, bad PHP code can slow the entire site down.

Of course, we could harden PHP to protect our website, but that would cut some functionality. Some tips for you:

  • Never call the web service to include/open files - include("") and fopen("http://localhost/somefile.xml") are very costly to run, because they call the web service, and can lead to Denial-Of-Servicing itself under heavy load.
  • Never include/open remote files - include("") is forbidden, as someone could launch a Denial-Of-Service attack against a remote site. We don't allow you to establish remote connections from servers other than the build server.
  • Sanitize your incoming parameters - include($parameter) is particularly dangerous if $parameter is not sanitized. Someone could freely surf the web anonymously, hiding behind servers, or they could use your page to access local files, or launch Denial-Of-Service attacks against remote servers.
  • Cache aggregated, processor-intensive data - SQL aggregations, file system scans, Bugzilla lists can (and should) be cached to avoid redundant processor- and disk-intensive operations. For instance, scanning through directories to display the size of a build could be useful, but doesn't need to happen for each website visitor. Cache the results of this operation to a file, and update the file if the file is older than 12 hours.

There are many, many other security and PHP best-practices. These are just the basics.



  • Shell access on servers is not supported.

Upload my public key

Passwordless authentication (using keys) is the preferred way of logging in and using servers.

To upload your key from within Eclipse, simply use the Export to SFTP... button on the General > Network Connections > SSH2 > Key Management preference page:

One can also upload the key from the command line using sftp. First, copy the public key(s) you want to upload to a single file called "authorized_keys" in the current directory, and then:

sftp> mkdir .ssh (if .ssh subdirectory does not already exist)
sftp> put authorized_keys .ssh/authorized_keys
sftp> quit

You have to check that permissions of the .ssh folder are 700 and the permissions of authorized_keys file are 640. Otherwise, the passwordless authentication will fail and fallback to password authentication.

Next, tell Eclipse to use the corresponding private key in the preference page: General > Network Connections > SSH2 > General tab.


Create a new Component/Version/Milestone/Target?

For the forge, you can use the Bugzilla Manager tool. More info is documentated here.

For other forges, Bugzilla changes can be requested via a Bugzilla bug against the corresponding Working Group.


Upload files to the download server?

Downloadable files must be placed in the downloads area (~/downloads, or /home/data/httpd/ so they can be mirrored to our mirror sites worldwide. Please ensure only pertinent, current files are in the downloads area, as we cannot store an eternity of nightly, integration and stable builds. Production releases can be kept forever; however, we ask that you move archived releases to (see below).

To upload your files:

  • Use Jenkins to upload your files, see Milestone and Release Builds. (Formerly, SFTP or SCP client (in SFTP mode) was used to connect to using your committer account. The webmasters eventually want to get rid of "shell accounts" and have everyone do things through Jenkins).
  • Upload files to your project's directory in the downloads area . Ask your project lead or see Hudson > Server Storage. (If you have ssh access, then typically ~/downloads/toplevel/yourproject).
  • Please ensure that the file permissions include world-readable (664; rw-rw-r--) and directory permissions allow for world-executable (775, rwxrwxr-x).
  • If you have ssh access, then large projects with frequent builds may find it more convenient to use RSYNC over SSH.
  • Although you can link directly to, you can also use the Find a Mirror script (info below). Using this script allows you to view download statistics and allows users to pick a nearby mirror site for their download.

Once your files are on the server, they are immediately available to the general public. However, for release builds, we ask that you wait at least four hours for our mirror sites to fetch the new files before linking to them. It typically takes a day or two for all the mirror sites to synchronize with us and get new files.

Please note that although we tolerate PHP, HTML and JPG/GIF files on, we encourage you to put such files on Those files are not mirrored to public mirror servers.

SYMLINKS are not supported. We cannot ensure that all our mirror servers support and honour symlinks. For that reason, please avoid the usage of symlinks.

Move files to

Because our mirror sites don't have as much disk space for Eclipse files as we do, we have created an site for you to store older release builds.

The structure is similar to that of To move your files, we recommend using the SSH prompt as below. If you are not comfortable with the SSH prompt, you can ask WebMaster to move the files for you. You will need a shell account on If you do not have one, please ask webmaster.

   mv ~/downloads/your/project/oldrelease/ /home/data/httpd/

Note: if you preserve the exact path and filename from to, you don't need to change your links if your links use the Find a Mirror script.

This link will work if /path/to/a/ is on, or if it gets moved to the same place on

P2 repositories: P2 repositories are not normally accessed via the mirror selection script. Therefore, extra treatment is required when the move should be made transparently without affecting users who may still have the original URL.

Equinox/p2/ has a discussion how to achieve this (work in progress).

Use mirror sites/see which mirrors are mirroring my files?

Link to your download files like this:


Parameters for above script:

  • file (Required): specify the filename, relative to the downloads home, starting with a "/". This file must exist in the downloads area. Although you can specify a directory name, your mirror list will be more accurate if you specify a file.
  • format (Optional): specify html (default) or xml. Useful for building the mirrors.xml for Update sites.
  • protocol (Optional): ftp or http: list only ftp or http mirrors only (both are the default)
  • r (DEPRECATED): specify 1 to automatically redirect to the best mirror (the one that would normally be at the top) without asking the user to choose.
  • nf (DERECATED): specify 1 to get an actual 404 Not Found error if the file doesn't exist (instead of a lovely page saying so).

The script will examine the Last Modified timestamp of the given file and return only those mirrors that have synchronized with after that time.


   All mirrors of the Lepido project, in XML format:
   Get a file from a random mirror, without prompting

PLEASE NOTE: We have a list of excluded file patterns -- files that are *not* sent to our mirrors. Nightly and Integration builds are typically very large and don't get many downloads, therefore it's typically more costly (in terms of bandwidth) to mirror them than to support the few client downloads they generate. At time of writing, our exclusion list is:

  • .nfs*
  • apitools/
  • apidocs/
  • archive/
  • archives/
  • /athena
  • builds/N*
  • drops/I*
  • drops/N*
  • drops/M*
  • *.jpg
  • *.gif
  • callisto/*
  • compilelogs/
  • eclipse/testUpdates*
  • eclipse/updates/3.2milestones
  • /eclipse/updates/3.6-I-builds/
  • dev/TPTP*
  • /tools/cdt/builds
  • modeling/gmf/downloads/drops/B*
  • *drops/*/N*
  • *drops/*/I*
  • *javadoc/
  • *javadocs/
  • linuxtools/N*
  • *nightly*
  • *Nightly*
  • *staging*
  • /webtools/downloads/drops/*/M*
  • performance/
  • /releases/staging
  • /releases/europa
  • testresults/
  • /rt/eclipselink/nightly*
  • /technology/babel/update-site*
  • /technology/cosmos
  • /technology/ohf
  • /technology/tigerstripe
  • testcompilelogs/
  • testResults/
  • /tools/downloads
  • /tools/orbit/committers
  • */N201*
  • */I201*
  • */I.I201*
  • */I-*
  • */N-*
  • *integration*/
  • xref/
  • */M20*
  • /rt/eclipselink/maven.repo*

Use the Find a Mirror script?

See the section above.

Enable mirrors / use mirrorsURL for my p2 repo?

Your artifacts.xml (jar) should have a p2.mirrorsURL property. Here is a an example from

   <repository name='"Eclipse Project Test Site"' type='org.eclipse.equinox.p2.artifact.repository.simpleRepository' version='1'>
     <properties size='4'>
       <property name='p2.compressed' value='true'/>
       <property name='p2.timestamp' value='1297373227427'/>
       <property name='publishPackFilesAsSiblings' value='true'/>
       <property name='p2.mirrorsURL' value=''/>

A more detailed description can be found at Equinox/p2/p2.mirrorsURL.

Ideally, everyone, for all p2 repositories, should use this property, since even if not mirrored currently, it does not hurt anything in that case, and you never know when your repository might become mirrored. In fact, failure to use this property can result in too many requests for jar files coming directly to '' and greatly slow down the network and use too much bandwidth. If this happens for your project (or repository) measures may be taken to automatically redirect all such requests somewhere else, which often does not work well; for examples, see bug 368826.

Include a p2.index file at p2 repository site?

A little documented aide to p2 is to include a special file named "p2.index" at your p2 repository URL site. Every well-behaved, well-optimized p2 repository should have one. This is especially important for composite repository sites as it can save several unsuccessful round trips to download server looking for files that do not exist. For "how to" instructions, see the p2 wiki. For history and deeper technical discussion, see bug 347448.

See download statistics?

The Find a Mirror script tracks download requests once the user has picked a mirror site (or the main Eclipse download site). You can also view download stats for files downloaded via p2 if you enable your p2 repository for download statistics. To view these statistics, use the Live Download Statistics tool (Portal > Project Committer > Tools for all Committers).

For more information, please see the Project Download Stats page.

Sign my plugins/ZIP files?

The Eclipse Foundation allows committers to sign JAR and ZIP files on its behalf. Signing is done from any of the Jenkins servers, or on There are three ways to sign:

CBI Maven signing plugin

Please see:

It uses the web service in the background.

Web service (Instant)

Using a web POST method, individual JAR files can be signed from any of the internal Jenkins servers (or from with this service:

The output of that service will be the signed file. Please note that the web service does not pack or process jar files. You must condition/pack them yourself prior to signing if you wish to do so.

Resigning Jarsigner
Contrary to to the command line signing service the web service always resigns already signed jars. The maven jar signer plugin lets you specify strategy to avoid submitting already signed jar to the webservice. If you use the webservice directly, you need to do deal with it by yourself. You can see how the re-signing strategies are defined by looking at the code of the JarResigner

   # JAR FILES: Submit unsigned-jar.jar and save signed output to signedfile.jar
   curl -o signedfile.jar -F file=@unsigned-jar.jar
   # WINDOWS EXE: Submit Windows unsigned.exe and save signed output to signed.exe
   curl -o signed.exe -F file=@unsigned.exe
   # WINDOWS MSI: Submit Windows unsigned.msi and save signed output to signed.msi
   curl -o signed.msi -F file=@unsigned.msi
   # MAC: Submit unsigned and save signed output to
   # Note: You must zip your entire *.app directory for example: zip -r
   curl -o -F

Using the webservice is equally easy from Ant. Note that ${filename} cannot be a path. Input and output file name can be the same.

   <exec dir="${dirname}" executable="curl">
     <arg value="--output"/>
     <arg value="${filename}"/>
     <arg value="--form"/>
     <arg value="file=@${filename}"/>
     <arg value="--silent"/>
     <arg value="--show-error"/>
     <arg value="--fail"/>
     <arg value=""/>
Version of Jarsigner
The web service only signs with Java 8 version of jarsigner.

Using the web service to sign Mac and Windows applications is also easy from Tycho, see

Deprecated - ZIP and JAR files from the command line (queued or not)

Deprecated - will be shutdown on May 9th, 2018
This service will be shutdown on May 9th, 2018 (i.e., one month after Oxygen.3a - see bug 531263 for details). Most certainly, this will only affect you if you use Buckminster as a build system (because Buckminster can only sign jars via /usr/bin/sign service). If you use Tycho, you're not concerned. There are two strategies for Buckminster users:
  1. Migrate to a modern / maintained build plugin system (See Buckminster's activity). See Tycho documentation and CBI Jarsigner Maven plugin for how to add jar signing to a Tycho build.
  2. Deactivate signing in Buckminster and do the repacking and the signing phase as a post build step. You will need to do some shell scripting (in your CI instance) to browse all the jars, pack200/unpack200 them (aka repack) and then sign them. To sign a jar, you can use the webservice that the CBI maven plugin uses in the background (see Jar signing web service documentation for details).
If option 2 is chosen and highly motivated, we can provide some assistance with the shell script (fill a bug under CBI/Signing-Service).

From the command line (or from a script) invoke the following command:

   /usr/bin/sign <file> <mail|nomail|now> [outputDir] [skiprepack]
  • <file> refers to the name of the file, which must be located in the staging area (download-staging.priv). May be a single jar or a zip with multiple jars to be signed (with update site or p2 repo layout).
  • <mail|nomail|now> either queues up the files for signing and sends email to confirm signing is complete, or signs the file immediately, returning control to the caller once signing is complete
  • [outputDir] is an optional directory where the resulting file should be placed, leaving the originals intact
  • [skiprepack] optionally does not pack/process JAR files
About repacking
pack/unpack process (aka conditioning, aka repack) is still required before signing if pack200 will be used on the Java jars at any time in the future. This option to the signing service provides the opportunity to use build systems that already do the conditioning to not to have to also re-do it again, automatically, as part of the signing process (which is wasteful at best, and in theory could cause odd, rare problems). That is, using skiprepack leaves the responsibility entirely to the user of the signing service to do the conditioning themselves, before submitting for signing.

Jar files which are already signed (either submitted directly or within a zip file) are not repacked/resigned.

By default, repacking and jar signing is done with Java 6. You can influence the Java version in two ways:

  • Define (and export) an environment variable named JAR_PROCESSOR_JAVA. Its value should be java6, java7 or java8.
  • Move the file to be signed to a path that contains the string java6, java7 or java8 (e.g. /shared/download-staging.priv/path/to/your/project/java8/tobesigned.jar). This is useful when you don't manage the environment from which /usr/bin/sign. JAR_PROCESSOR_JAVA is ignored if java version is found from the path.
JDK and Jar Processor versions

Depending on how you influenced the Java version when running the command line signer, here are the JDKs use to run pack200 and jarsigner and also the version of jar processor:

  • java6 (default)
    • JDK /opt/public/common/ibm-java-x86_64-60
    • Jar Processor unreleased version of 2007
  • java7 (below is no mistake, JDK and Jar processor for java7 are the same as for java6).
    • JDK /opt/public/common/ibm-java-x86_64-60
    • Jar Processor unreleased version of 2007
  • java8
    • JDK /shared/common/jdk1.8.0_x64-latest
    • Jar Processor version 1.0.300.v20131211-1531 (from Luna SR0/SR1/SR2)

You can change the path to the JDKs and the Jar processors by exporting some environment variables:

  • DEFAULT_JAVA_VERSION to change the default java version to be used (currently set to java6). If JAR_PROCESSOR_JAVA is also defined, it overrides DEFAULT_JAVA_VERSION
  • JDKS_java6, JDKS_java7, JDKS_java8, path the JDK to be used for respective Java versions.
  • JAR_PROCESSORS_java6, JAR_PROCESSORS_java7, JAR_PROCESSORS_java8, path to the jar processor to be used for respective java version.

What about GPG signing?

JAR signing of the bundles and GPG-signing of the Maven artifacts are two different steps. Once a jar has been "jar-signed", you may or may not GPG sign the corresponding Maven artifact (.jar + .pom file) so as it can be deployed on Central. As you hinted, JAR signing has to be done before the GPG signing, since doing it the other way around would break the GPG signature.

So you first have to sign your JAR file with the Eclipse Fdn certificate, either using the Maven plugin from CBI, the command line utility, or the signing web service – see above. Once you have your signed JAR, you can GPG sign it and stage it on Central like this:

   mvn gpg:sign-and-deploy-file   \
       -DpomFile=target/myapp-1.0.pom  \
       -Dfile=target/myapp-1.0.jar  \
       -Durl=  \

Publish to Maven Central

To deploy to Maven Central from your HIPP/JIPP, you'll need webmaster's assistance to

  • Create a project specific account at Sonatype OSSRH
  • Generate a GPG keypair for your HIPP/JIPP user
  • Configure your HIPP/JIPP to GPG sign and upload artifacts

It takes a bit of time but afterwards, you will only be required to use a dedicated Maven settings on your HIPP/JIPP.

To get started, please file a bug against Community > CI-Jenkins asking for your HIPP/JIPP to be configured to let you publish to Maven central (don't forget the name of your Eclipse project).

If you want to publish jars from already released p2 repositories, consider using the strategy adopted by the Eclipse Platform. More info: Platform-releng/Publish To Maven Central


Access/use the Eclipse Build Server?

Build and Hudson storage layout

Although we strongly encourage the use of Jenkins for builds, committers can use the server to run builds and tests for their project. Unlike the other servers, committers are permitted to run software on this server, and to maintain running software in the background. If you need to run cron jobs, please contact the webmaster, stating the time and frequency at which these jobs are to run, and for how long they typically run. Server details:

  • host:
  • username: use your committer account
  • server: Intel Dual-Quad Xeon E5540 @ 2.53GHz, 24G RAM
  • architecture: x86_64

You can use an SSH client to connect to the server. For more information on SSH, please see the SSH section of this document.

Here are some directories that are of interest:

  • /gitroot -> the code repositories, connected to via a Gigabit connection. Your Build account cannot write to these files directly
  • /home/data/httpd/ -> the root, connected to via Gigabit connection.
  • /shared -> a shared disk to store your build files and applications. Please note, however, that we do not maintain backups of this directory. This path is structured like the downloads area, and is accessible via (That URL redirects to the Eclipse homepage, but browsing to a specific project URL will work:, etc.)
  • /shared/common -> a common location to store applications. Ant and various JDKs are located there.

If you have any questions, please contact the webmaster.

Access/request Jenkins services

Please see the Jenkins document.

Code Quality Analysis

Mailing Lists

Setup a new mailing list?

Because Mailing Lists are subject to SPAM and can adversely affect performance (imaging sending 200 e-mails to a list that contains 3000 members), proper care is taken in configuring each list. New mailing lists are set up by the WebMaster for this reason. Also, the webmaster creates an HTML view (called mailing list archives) of mailing list postings for archive and search purposes.

View list members?

Because mailing lists contain private information, such as a member's e-mail address, name and surname, we cannot publicly display this information. However, the PMC or Project Lead can become the list administrator, which would allow you to view the membership information for your lists. The PMC/Project lead can inquire about list administration to the WebMaster, stating which lists they would like to manage.

Eclipse Wiki

Create a new page in the Eclipse Wiki

To create a new page, simply type the page name at the end of "/" in the URL. The name can contain spaces. For instance, will allow you to create and edit this new page.

Eclipse Servers

Eclipse Foundation IT SLA

When you become committer, your default shell allows only CVS and SVN commands. If you need a 'real' shell for dealing with distribution files or working with automated builds, you'll need to have your project lead or the project PMC file a bug requesting the upgrade.

This page is moderated by the EMO

Back to the top