Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Common Build Infrastructure/Jar Signing
Draft Content
This page is currently under construction. Community members are encouraged to maintain the page, and make sure the information is accurate.
This page is currently under construction. Community members are encouraged to maintain the page, and make sure the information is accurate.
How does the Athena builder handle signing?
If the build is run in Hudson on build.eclipse.org, the Hudson user initiates the signing process from a folder within the job's workspace.
If the build is run as anyone else, the build will attempt to upload a zip of jars to be signed as some authorized user on build.eclipse.org.
Here's a snippet of the buildAllHelper.xml code:
<target name="signMasterZip" if="sign">
<antcall target="-timestamp" />
<!-- if running as hudson, use simple path in workspace; if running commandline, connect over ssh to remote staging.priv dir -->
<if>
<or>
<contains string="${user.name}" substring="hudson" />
<contains string="${user.home}" substring="hudson" />
</or>
<then>
<property name="buildServerUser" value="" />
<property name="signingDir" value="${writableBuildRoot}/signing" />
<mkdir dir="${signingDir}" />
</then>
<else>
<!-- user with write perms in staging dir & permission to run /usr/bin/sign -->
<property name="buildServerUser" value="dashBuild@build.eclipse.org" />
<property name="signingDir" value="/home/data/httpd/download-staging.priv/commonBuild" />
</else>
</if>
...
By default, buildServerUser is set to dashBuild@build.eclipse.org, but this can be overwritten in your .releng/build.properties if you need to connect as you@build.eclipse.org, using your CVS userid from dev.eclipse.org.