| |
| Following is standard "form letter" sent to those given signing privileges. |
| Has some good description of basic mechanics of the process. |
| |
| See also http://wiki.eclipse.org/JAR_Signing |
| |
| |
| See also |
| http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.phoenix/infra-scripts/jar_signing/?root=Technology_Project |
| |
| and Denis's description that "Essentially, sign puts it in the |
| queue, sign_queue_process.sh processes the queue, which calls |
| jarprocessor.jar, which then calls sign.sh, which |
| calls jarsigner." |
| |
| In particular, there I find the actual call to the jar processor is |
| |
| java /home/admin/jarprocessor.jar -outputDir $DIR -repack -verbose -processAll -sign /home/admin/sign.sh $FILE |
| |
| = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = |
| |
| Remember, to watch signer, use |
| tail -F /tmp/jarsigner |
| |
| = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = |
| |
| Hello, |
| |
| You have been granted a privilege to sign JAR and ZIP files for your |
| project. The signing process will allow you to sign individual JAR |
| files, or to sign all the JAR files recursively in a ZIP file. All the |
| signing operations are performed using an SSH shell on the |
| build.eclipse.org server. |
| |
| ** PLEASE NOTE: this privilege enables you to sign code on behalf of the |
| Eclipse Foundation, using the Eclipse Foundation's code signing |
| certificate. Please ensure that the code you will sign is sanctioned by |
| your project lead, your PMC Lead or the EMO. |
| |
| Here's how it works: |
| |
| 1. Using your favourite SSH application (such as Putty), log in to |
| build.eclipse.org using your CVS committer credentials. |
| |
| 2. Move or copy the files to be signed to the Downloads Staging area. |
| You cannot sign files anywhere else. The Staging Area is at |
| |
| /opt/public/download-staging.priv/ |
| |
| , and it is structured like the |
| downloads area. If you don't have a staging directory, or if you cannot |
| access it, please contact webmaster. |
| |
| 3. Use the 'sign' command, as such: |
| sign <file> <mail|nomail> [outputDir] |
| where file is the name of the ZIP or JAR file you want signed. Because |
| signing is computationally intensive work, wildcards are not supported. |
| mail|nomail will allow you to receive an e-mail notice that signing is |
| completed. |
| outputDir is optional: if specified, signed files will be placed in this |
| directory. If omitted, the original file will be overwritten with the |
| signed one. |
| |
| 4. When signing is complete, you can verify the signed JAR file with the |
| following command (to verify ZIP files, unzip them first, then verify |
| the JARs inside): |
| jarsigner -verify <file> |
| |
| 5. Move the signed files back to the downloads area, and delete any |
| other files in the Staging Area. |
| Please note: Files older than 14 days will be deleted from the staging |
| area automatically. |