Community
Participate
Working Groups
Now that there is a hudson job building Gemini JPA a good next step would be to sign the generated bundles and publish them on the download sever. I can make the necessary modifications to the build files for this. What would be the proper update site URL for the nightly / snapshot build results?
Created attachment 202061 [details] Patch to enable signing and publishing of the produced update site
The provided patch should enable the signing and publishing of the update side produced by the build. Before you try it, you need to do some modifications 1) specify the proper signing directory for Gemini JPA. I looked under /home/data/httpd/download-staging.priv/ on the build server, but there was no folder for gemini jpa. I guess you should request one, and the necessary sign permissions. See http://wiki.eclipse.org/IT_Infrastructure_Doc#Sign_my_plugins.2FZIP_files.3F Once this is ready, you can modify the value of the signer-input-directory property in /mvn_parent/pom.xml 2) specify the prefered update site location (the property download-publish-path). I put /gemini/jpa/updates-nightly for the moment. Once these are ready, you can try it out. For the purpose, you need to reconfigure the hudson job so that the build-server profile is passed to maven: -P build-server Let me know if you have some questions.
One more thing to mention - you need to change the permissions of the folder where the update site will be copied, so that everyone can write to it. Thus the hudson build user will be able to copy the files inside.
> 1) specify the proper signing directory for Gemini JPA. I looked under > /home/data/httpd/download-staging.priv/ on the build server, but there was no > folder for gemini jpa. I guess you should request one, and the necessary sign > permissions. I can't seem to look inside that .priv folder. Do you have special permissions to look inside there? I'm not sure if we even need to sign, if it isn't a requirement (see bug 354756) > Once this is ready, you can modify the value of the signer-input-directory > property in /mvn_parent/pom.xml > 2) specify the prefered update site location (the property > download-publish-path). I put /gemini/jpa/updates-nightly for the moment. I created some empty update site directories in download.eclipse.org/gemini/jpa: nightly-updates - for nightly builds milestone-updates - for milestone and release candidates updates - for releases > For the purpose, you need to reconfigure the hudson job so that the > build-server profile is passed to maven: > -P build-server Where can I access the hudson job config? > One more thing to mention - you need to change the permissions of the folder > where the update site will be copied, so that everyone can write to it. Thus > the hudson build user will be able to copy the files inside. Giving everybody write privileges seems a trifle dangerous. Seems like there should be a way to only give the hudson build user write permissions.
(In reply to comment #4) > I can't seem to look inside that .priv folder. Do you have special permissions > to look inside there? > I'm not sure if we even need to sign, if it isn't a requirement (see bug > 354756) Ok. I see that signing is a requirement only for the simultaneous release, where Gemini JPA dosn't participate currently. Is it planed to be part of a future simultaneous release? I think that if we would like to support the scenario to install gemini.jpa bundles from an update site, then it could still make sense to sign the bundles. Otherwise every user trying to install the stuff from the update site will get a pop-up with a warning that unsigned jars are being installed. But as you said - this is not a must have. > I created some empty update site directories in > download.eclipse.org/gemini/jpa: > nightly-updates - for nightly builds > milestone-updates - for milestone and release candidates > updates - for releases Fine. I will use the nightly-updates for the build. > Where can I access the hudson job config? You have to logon in Hudson (top-right corner) with your comitter accont (not bugzilla). Then you should see the Configure link in the menu on the left side. Now that I'm back in the office I could also do the modification, once the rest is ready. > Giving everybody write privileges seems a trifle dangerous. Seems like there > should be a way to only give the hudson build user write permissions. It is dangerous. According to the recent discussion on the cross-project mailing list http://dev.eclipse.org/mhonarc/lists/cross-project-issues-dev/msg06491.html there are several alternatives: 1) give write access to everyone - bad 2) give the Hudson user the correct permissions - according to the webmaster this is also not optimal 3) have a cron job copying the results, running under a committer's user With the proposed patch we can go for eiter 1) or 2), although I don't know yet how the adjust the ACLs for 2). But I guess I'll find it out. I would suggest also that only nightly builds get automatically copied to the download server, and that hudson has access only to this nightly folder. Promoting something as a milestone or a release I see rather as a manual copy after testing the nightly results for a while. I guess 3) is also possible. I haven't done it, but I believe I can get it to work. There are other Eclipse projects that do this. In such case we can forget the proposed patch and go the different way. What do you think will be a reasonable approach for gemini.jpa?
