Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Platform-releng-signedbuild
Signing platform builds
You'll find below the latest copy of the ant targets that we use in our buildAll.xml script to complete the signing portion of the build. Please note
The process we use can be summarized as follows:
- Use scp to copy the eclipse-master-${buildId}.zip to the eclipse.org signing staging area using pserver.
- Invoke the signing script.
- Poll the server for the signed file in the output directory. Poll from the same server that you will be copying from. I initially polled build.eclipse.org but copied the file from dev.eclipse.org to take advantage of its QoS riles. This caused problems because of the lag in nfs synchronization across the nodes. So I changed it to poll dev.eclipse.org and copy from dev.eclipse.org.
- When available, scp the signed eclipse-master-${buildId}.zip back to the server.
- Delete the build specific signing files from build.eclipse.org.
- Invoke the packager against the eclipse-master-${buildId}.zip to create the the drops available for download, and continue with the remainder of the build.
<target name="compareAttribs"> <!--poll file for change in attributes--> <exec dir="${buildDirectory}" executable="ssh" outputProperty="polledAttribs"> <arg line="${sshline}"/> </exec> <echo message="original: ${originalAttribs}" /> <condition property="attribChanged"> <not> <contains string="${polledAttribs}" substring="No such file or directory" casesensitive="no" /> </not> </condition> <echo message="polled: ${polledAttribs}" /> <antcall target="writeDiffResult" /> <sleep seconds="120" /> <available property="attribs.changed" file="${buildDirectory}/attribDiff.txt" /> <antcall target="waitForChangedAttribs" /> </target> <target name="writeDiffResult" if="attribChanged"> <echo message="original: ${originalAttribs}" file="${buildDirectory}/attribDiff.txt" /> <echo message="new: ${polledAttribs}" file="${buildDirectory}/attribDiff.txt" append="true" /> </target> <target name="signMasterFeature" if="sign"> <property name="archiveName" value="eclipse-master-${buildId}.zip" /> <property name="packtmp" value="${buildDirectory}/packtmp" /> <property name="stagingDirectoryOutput" value="/our/staging/directory/${buildId}-out"/> <property name="stagingDirectory" value="/our/staging/directory" /> <property name="outputFile" value="${stagingDirectoryOutput}/${archiveName}"/> <mkdir dir="${packtmp}" /> <move file="${buildDirectory}/${buildLabel}/${archiveName}" tofile="${packtmp}/${archiveName}"/> <!-- add pack.properties file that specifies effort level --> <exec dir="${eclipse.build.configs}/../../extras" executable="zip"> <arg line="-r ${packtmp}/${archiveName} pack.properties" /> </exec> <!--push drop to staging directory--> <echo message="push drop to staging directory"/> <exec dir="${packtmp}" executable="scp" output="signing.txt"> <arg line="${archiveName} dev.eclipse.org:${stagingDirectory}"/> </exec> <exec dir="${buildDirectory}" executable="ssh" output="signing.txt" append="true"> <arg line="build.eclipse.org /bin/chmod ugo+rw ${stagingDirectory}/${archiveName} "/> </exec> <!--invoke sign script and wait--> <echo message="invoke sign script and wait"/> <exec dir="." executable="ssh" output="signing.txt" append="true"> <arg line="build.eclipse.org "cd ${stagingDirectory}; /usr/bin/sign ${stagingDirectory}/${archiveName} mail ${stagingDirectoryOutput}""/> </exec> <!--Wait for signed build to be available --> <antcall target="waitForChangedAttribs"> <param name="sshline" value="dev.eclipse.org "cd ${stagingDirectoryOutput};ls ${archiveName}"" /> </antcall> <!--copy zip back to build machine --> <echo message="copy zip back to build machine"/> <exec dir="." executable="scp" output="signing.txt" append="true"> <arg line="dev.eclipse.org:${stagingDirectory}/${buildId}-out/${archiveName} ${buildDirectory}/${buildLabel}"/> </exec> <!--delete files on build.eclipse.org--> <echo message="delete temp files on build.eclipse.org"/> <exec dir="." executable="ssh" output="signing.txt" append="true"> <arg line="build.eclipse.org "/bin/rm -rf ${stagingDirectory}/${buildId}-out ${stagingDirectory}/${archiveName}""/> </exec> </target>
After signing the master feature, we call the jar processor again to create the pack.gz files. This step could be completed on the build.eclipse.org server. However, this would mean that the eclipse-master-${buildId}.zip would be much larger file to copy back to our build machine and subsequently take longer. Consequently, we decided to run this task on our local build machine.
<target name="packMasterFeature"> <property name="archiveName" value="eclipse-master-${buildId}.zip" /> <property name="packtmp" value="${buildDirectory}/packtmp" /> <mkdir dir="${packtmp}" /> <move file="${buildDirectory}/${buildLabel}/${archiveName}" tofile="${packtmp}/${archiveName}"/> <!-- update location of jvm arguments --> <replace file="${eclipse.build.configs}/../../extras/pack200" token="@pack200@" value="${java15-home}/bin/pack200"/> <chmod file="${eclipse.build.configs}/../../extras/pack200" perm="755"/> <!--condition jar if it is not pushed to eclipse.org for signing--> <condition property="repack" value="-repack"> <not> <isset property="sign" /> </not> </condition> <property name="repack" value="" /> <!--pack200--> <java jar="${eclipse.home}/startup.jar" fork="true" timeout="10800000" jvm="${java15-home}/bin/java" failonerror="true" maxmemory="512m" dir="${buildDirectory}"> <jvmarg value="-Dorg.eclipse.update.jarprocessor.pack200=${eclipse.build.configs}/../../extras"/> <arg line="-application org.eclipse.update.core.siteOptimizer"/> <arg line="-jarProcessor -outputDir ${buildLabel} -processAll -pack ${repack} ${packtmp}/${archiveName}"/> </java> <delete dir="${packtmp}" /> </target>