Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Common Build Infrastructure/Jar Signing"
Line 7: | Line 7: | ||
Here's a snippet of [http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.dash/athena/org.eclipse.dash.commonbuilder/org.eclipse.dash.common.releng/tools/scripts/buildAllHelper.xml?root=Technology_Project&view=markup the buildAllHelper.xml code]: | Here's a snippet of [http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.dash/athena/org.eclipse.dash.commonbuilder/org.eclipse.dash.common.releng/tools/scripts/buildAllHelper.xml?root=Technology_Project&view=markup the buildAllHelper.xml code]: | ||
− | + | <target name="signMasterZip" if="sign"> | |
− | + | <antcall target="-timestamp" /> | |
− | + | <!-- if running as hudson, use simple path in workspace; if running commandline, connect over ssh to remote staging.priv dir --> | |
− | + | <if> | |
− | + | <or> | |
− | + | <contains string="${user.name}" substring="hudson" /> | |
− | + | <contains string="${user.home}" substring="hudson" /> | |
− | + | </or> | |
− | + | <then> | |
− | + | <property name="buildServerUser" value="" /> | |
− | + | <property name="signingDir" value="${writableBuildRoot}/signing" /> | |
− | + | <mkdir dir="${signingDir}" /> | |
− | + | </then> | |
− | + | <else> | |
− | + | <!-- user with write perms in staging dir & permission to run /usr/bin/sign --> | |
− | + | <property name="buildServerUser" value="dashBuild@build.eclipse.org" /> | |
− | + | <property name="signingDir" value="/home/data/httpd/download-staging.priv/commonBuild" /> | |
− | + | </else> | |
− | + | </if> | |
... | ... | ||
Revision as of 20:41, 12 May 2009
How does the Athena builder handle signing?
If the build is run in Hudson on build.eclipse.org, the Hudson user initiates the signing process from a folder within the job's workspace.
If the build is run as anyone else, the build will attempt to upload a zip of jars to be signed as some authorized user on build.eclipse.org.
Here's a snippet of the buildAllHelper.xml code:
<target name="signMasterZip" if="sign"> <antcall target="-timestamp" /> <!-- if running as hudson, use simple path in workspace; if running commandline, connect over ssh to remote staging.priv dir --> <if> <or> <contains string="${user.name}" substring="hudson" /> <contains string="${user.home}" substring="hudson" /> </or> <then> <property name="buildServerUser" value="" /> <property name="signingDir" value="${writableBuildRoot}/signing" /> <mkdir dir="${signingDir}" /> </then> <else> <!-- user with write perms in staging dir & permission to run /usr/bin/sign --> <property name="buildServerUser" value="dashBuild@build.eclipse.org" /> <property name="signingDir" value="/home/data/httpd/download-staging.priv/commonBuild" /> </else> </if> ...
By default, buildServerUser
is set to dashBuild@build.eclipse.org
, but this can be overwritten in your .releng/build.properties if you need to connect as you@build.eclipse.org
, using your CVS userid from dev.eclipse.org.