RE: [platform-releng-dev] Please sign here

[John Arthorne <John_Arthorne@xxxxxxxxxx>]

I think it's important for us to be
signing nightly builds, at least for the first while.  The purpose
of nightly builds is to give us advance warning of any potential build
and integration problems.  Any difference between the nightly and
integration builds, in either build process or build output, decreases
our chances of finding these problems.  Also, verification can be
done at runtime as well as install/update time, so the update site scenario
isn't the only one of interest.  This is something that can be revisited
later if build machine resources become scarce.

As for announcing it to other projects,
Denis Roy already did that on his committer mailing list:

http://dev.eclipse.org/mhonarc/lists/eclipse.org-committers/msg00252.html

John

David M Williams <david_williams@xxxxxxxxxx>
Sent by: platform-releng-dev-bounces@xxxxxxxxxxx

06/11/2006 12:16 PM

Please respond to
"Eclipse platform release engineering list." <platform-releng-dev@xxxxxxxxxxx>

To	"Eclipse platform release engineering list." <platform-releng-dev@xxxxxxxxxxx>
cc
Subject	RE: [platform-releng-dev] Please sign here

This policy of signing each and every build gave me pause, as well. Partially,
as has been noted, it is not a good practice to use IT resources, if there
is no need to. 
So, I was wondering .... I'd originally thought that jar signing was only
needed for jars made available on an update site. Is it intended to be
more than that? Because as 
far as I know, you are not making each build available on an update site,
right? Similarly, are you producing .gz files with each build? The same
sort of questions on good 
IT usage would apply there, as well, so its just an example. 

One litmus test I have for builds is what effect/impact it would have on
developers doing "local builds". From, both ends .. is it easy
to "turn off", so not needed, and, is it easy to do with a developer
generated 
certificate, just in case some testing with signing was desired, without
going through the official route. 

I'd suggest this discussion be moved to cross-projects, or europa-build
list ... which ever you'd feel appropriate. I assume there's planned to
be some announcement of "how to"? Maybe that's  a good time
to introduce any issues, as well. 

[And, apologies in advance if I've already missed the discussion and rationale
for what you are doing .... this just caught my eye.]

John Arthorne <John_Arthorne@xxxxxxxxxx>
Sent by: platform-releng-dev-bounces@xxxxxxxxxxx

11/06/2006 10:04 AM

Please respond to
"Eclipse platform release engineering list." <platform-releng-dev@xxxxxxxxxxx>

To	"Eclipse platform release engineering list." <platform-releng-dev@xxxxxxxxxxx>
cc	webmaster@xxxxxxxxxxx
Subject	RE: [platform-releng-dev] Please sign here

I'm fairly sure the performance problems you were seeing last week were
related to the WTP 1.5.2 release announcement.  Bandwidth was saturated
after the announcement on Wednesday and continued for the rest of the week.
 It feels like SSH access to the build.eclipse.org machine needs some
tweaking to the QoS rules to make it usable in these situations.  Shelling
into that machine was also quite painful after the Callisto fall update.
 I think CPU power on build.eclipse.org isn't yet an issue - it's
a very powerful machine and I've rarely seen it higher than 50% total CPU
usage even during simultaneous Eclipse SDK signing and WTP builds.  However,
it may become an issue once all 16 Europa projects start packing/signing.

John

Kim Moir/Ottawa/IBM@IBMCA
Sent by: platform-releng-dev-bounces@xxxxxxxxxxx

06/11/2006 09:23 AM

Please respond to
"Eclipse platform release engineering list." <platform-releng-dev@xxxxxxxxxxx>

To	"Eclipse platform release engineering list." <platform-releng-dev@xxxxxxxxxxx>
cc
Subject	RE: [platform-releng-dev] Please sign here

If there is a problem with the performance on build.eclipse.org, I advise
you to follow up with the webmasters.  Signing wasn't turned on our
builds until last Friday and when I was testing the signing process I used
a smaller file to avoid the 45 minute wait.  If signing does impact
the performance of build.eclipse.org, the contribution that the platform
builds would have to the load average is small compared to the impact  when
all 16 and counting Europa projects enable signing in their builds :-)

Kim

"Oberhuber, Martin" <Martin.Oberhuber@xxxxxxxxxxxxx>
Sent by: platform-releng-dev-bounces@xxxxxxxxxxx

11/06/2006 05:37 AM

Please respond to
"Eclipse platform release engineering list." <platform-releng-dev@xxxxxxxxxxx>

To	"Eclipse platform release engineering list." <platform-releng-dev@xxxxxxxxxxx>
cc
Subject	RE: [platform-releng-dev] Please sign here

Hi Kim - 

I'm wondering whether it makes sense to sign the JARs for each and every
build. 
What about signing I- S- M- and R- builds only, but leave the N-builds
unsigned? 

As I understand, the 45-60 minutes that JAR signing takes for the Platform
builds 
is always done on build.eclipse.org. Which means that build.eclipse.org
is slower 
during that time for other work that other projects [like ours] need to
perform. 

I have experienced quite a big drop in performance working on build.eclipse.org
during the last week - up to a limit where it was really no fun working
on that 
machine any more. I'm not sure whether that was due to doing a lot of signing
on that machien (will ask the webmasters), but I'd not be surprised.

Thoughts?

Cheers,
--
Martin Oberhuber
Wind River Systems, Inc.
Target Management Project Lead, DSDP PMC Member
http://www.eclipse.org/dsdp/tm

 

---

From: platform-releng-dev-bounces@xxxxxxxxxxx
[mailto:platform-releng-dev-bounces@xxxxxxxxxxx] On Behalf Of Kim
Moir
Sent: Saturday, November 04, 2006 1:07 AM
To: platform-releng-dev@xxxxxxxxxxx
Subject: [platform-releng-dev] Please sign here


As of tonight's build, all non-test plugins will be signed by the eclipse.org
certificate as part of the build process.   With a few minor exceptions,
teams will not have to do anything to their plugins to accommodate signing.
 It will be handled transparently by the build process.  I'll
open bugs against teams who may have specify options in their plugins to
exclude certain jars from the signing process. 

Signing our build allows meets one of the requirements for participation
in Europa 

http://wiki.eclipse.org/index.php/Europa_Simultaneous_Release#Must_Do

As well, it will appease the many who have asked  "Hey, why don't
you sign your jars?" and the infamous "Why am I always prompted
in update manager about  installing unsigned  jars?"

For more information about JAR signing, please refer to these fine documents
written by the core team. 

http://wiki.eclipse.org/index.php/JAR_Signing 
http://wiki.eclipse.org/index.php/JarProcessor_Options

The signing process takes 45-60 minutes to complete.  The time that
the build process takes to generate the drops has increased accordingly.
  

Kim_______________________________________________
platform-releng-dev mailing list
platform-releng-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/platform-releng-dev
_______________________________________________
platform-releng-dev mailing list
platform-releng-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/platform-releng-dev_______________________________________________
platform-releng-dev mailing list
platform-releng-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/platform-releng-dev_______________________________________________
platform-releng-dev mailing list
platform-releng-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/platform-releng-dev