| david_williams | 90169e8 | 2008-02-10 07:06:58 +0000 | [diff] [blame] | 1 | |
| 2 | Following is standard "form letter" sent to those given signing privileges. |
| 3 | Has some good description of basic mechanics of the process. |
| 4 | |
| 5 | See also http://wiki.eclipse.org/JAR_Signing |
| 6 | |
| david_williams | d08d74c | 2008-02-13 02:42:54 +0000 | [diff] [blame] | 7 | |
| 8 | See also |
| 9 | http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.phoenix/infra-scripts/jar_signing/?root=Technology_Project |
| 10 | |
| 11 | and Denis's description that "Essentially, sign puts it in the |
| 12 | queue, sign_queue_process.sh processes the queue, which calls |
| 13 | jarprocessor.jar, which then calls sign.sh, which |
| 14 | calls jarsigner." |
| 15 | |
| 16 | In particular, there I find the actual call to the jar processor is |
| 17 | |
| 18 | java /home/admin/jarprocessor.jar -outputDir $DIR -repack -verbose -processAll -sign /home/admin/sign.sh $FILE |
| 19 | |
| david_williams | 9b93c90 | 2008-02-23 08:13:42 +0000 | [diff] [blame] | 20 | = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = |
| david_williams | d08d74c | 2008-02-13 02:42:54 +0000 | [diff] [blame] | 21 | |
| david_williams | 9b93c90 | 2008-02-23 08:13:42 +0000 | [diff] [blame] | 22 | Remember, to watch signer, use |
| 23 | tail -F /tmp/jarsigner |
| david_williams | d08d74c | 2008-02-13 02:42:54 +0000 | [diff] [blame] | 24 | |
| david_williams | 90169e8 | 2008-02-10 07:06:58 +0000 | [diff] [blame] | 25 | = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = |
| 26 | |
| 27 | Hello, |
| 28 | |
| 29 | You have been granted a privilege to sign JAR and ZIP files for your |
| 30 | project. The signing process will allow you to sign individual JAR |
| 31 | files, or to sign all the JAR files recursively in a ZIP file. All the |
| 32 | signing operations are performed using an SSH shell on the |
| 33 | build.eclipse.org server. |
| 34 | |
| 35 | ** PLEASE NOTE: this privilege enables you to sign code on behalf of the |
| 36 | Eclipse Foundation, using the Eclipse Foundation's code signing |
| 37 | certificate. Please ensure that the code you will sign is sanctioned by |
| 38 | your project lead, your PMC Lead or the EMO. |
| 39 | |
| 40 | Here's how it works: |
| 41 | |
| 42 | 1. Using your favourite SSH application (such as Putty), log in to |
| 43 | build.eclipse.org using your CVS committer credentials. |
| 44 | |
| 45 | 2. Move or copy the files to be signed to the Downloads Staging area. |
| 46 | You cannot sign files anywhere else. The Staging Area is at |
| david_williams | a8d4214 | 2008-02-28 05:56:01 +0000 | [diff] [blame] | 47 | |
| 48 | /opt/public/download-staging.priv/ |
| 49 | |
| 50 | , and it is structured like the |
| david_williams | 90169e8 | 2008-02-10 07:06:58 +0000 | [diff] [blame] | 51 | downloads area. If you don't have a staging directory, or if you cannot |
| 52 | access it, please contact webmaster. |
| 53 | |
| 54 | 3. Use the 'sign' command, as such: |
| 55 | sign <file> <mail|nomail> [outputDir] |
| 56 | where file is the name of the ZIP or JAR file you want signed. Because |
| 57 | signing is computationally intensive work, wildcards are not supported. |
| 58 | mail|nomail will allow you to receive an e-mail notice that signing is |
| 59 | completed. |
| 60 | outputDir is optional: if specified, signed files will be placed in this |
| 61 | directory. If omitted, the original file will be overwritten with the |
| 62 | signed one. |
| 63 | |
| 64 | 4. When signing is complete, you can verify the signed JAR file with the |
| 65 | following command (to verify ZIP files, unzip them first, then verify |
| 66 | the JARs inside): |
| 67 | jarsigner -verify <file> |
| 68 | |
| 69 | 5. Move the signed files back to the downloads area, and delete any |
| 70 | other files in the Staging Area. |
| 71 | Please note: Files older than 14 days will be deleted from the staging |
| 72 | area automatically. |