blob: 11b3a377aa131abf6b62f277f0944d1f9b6fa434 [file] [log] [blame]
Following is standard "form letter" sent to those given signing privileges.
Has some good description of basic mechanics of the process.
See also http://wiki.eclipse.org/JAR_Signing
See also
http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.phoenix/infra-scripts/jar_signing/?root=Technology_Project
and Denis's description that "Essentially, sign puts it in the
queue, sign_queue_process.sh processes the queue, which calls
jarprocessor.jar, which then calls sign.sh, which
calls jarsigner."
In particular, there I find the actual call to the jar processor is
java /home/admin/jarprocessor.jar -outputDir $DIR -repack -verbose -processAll -sign /home/admin/sign.sh $FILE
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Remember, to watch signer, use
tail -F /home/data/httpd/download-staging.priv/arch/signer.log
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Hello,
You have been granted a privilege to sign JAR and ZIP files for your
project. The signing process will allow you to sign individual JAR
files, or to sign all the JAR files recursively in a ZIP file. All the
signing operations are performed using an SSH shell on the
build.eclipse.org server.
** PLEASE NOTE: this privilege enables you to sign code on behalf of the
Eclipse Foundation, using the Eclipse Foundation's code signing
certificate. Please ensure that the code you will sign is sanctioned by
your project lead, your PMC Lead or the EMO.
Here's how it works:
1. Using your favourite SSH application (such as Putty), log in to
build.eclipse.org using your CVS committer credentials.
2. Move or copy the files to be signed to the Downloads Staging area.
You cannot sign files anywhere else. The Staging Area is at
/opt/public/download-staging.priv/
, and it is structured like the
downloads area. If you don't have a staging directory, or if you cannot
access it, please contact webmaster.
3. Use the 'sign' command, as such:
sign <file> <mail|nomail> [outputDir]
where file is the name of the ZIP or JAR file you want signed. Because
signing is computationally intensive work, wildcards are not supported.
mail|nomail will allow you to receive an e-mail notice that signing is
completed.
outputDir is optional: if specified, signed files will be placed in this
directory. If omitted, the original file will be overwritten with the
signed one.
4. When signing is complete, you can verify the signed JAR file with the
following command (to verify ZIP files, unzip them first, then verify
the JARs inside):
jarsigner -verify <file>
5. Move the signed files back to the downloads area, and delete any
other files in the Staging Area.
Please note: Files older than 14 days will be deleted from the staging
area automatically.