gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <>
Subject Re: Nightly Builds and Ant
Date Wed, 30 Jun 2004 06:47:50 GMT
On Tue, 29 Jun 2004, Leo Simons <> wrote:
> Stefan Bodewig wrote:
>> Unfortunately Ant's own build process won't fit into Leo's "build"
>> script at all, and I pretty much doubt we could ever make it fit.
> hehehe. I pretty much doubt you can think of an automatable build
> process that wouldn't fit!

... in your script.

BTW, I'm afraid you are going to loose more old builds than you intend
on the next run (all June builds, leaving your with 20040701 as the
only one).  Wouldn't -mtime +5 be the better selector?

> Its just some simple shell scripts. If you can give me the commands
> you enter in your shell I can run it ;)

Sure you can, that was the write a different shell script to put into
nightlybuild's cron dir option.

Basically it would (1) setup the CLASSPATH, (2) unset ANT_HOME, (3)
check out Ant, (4) run ./ with the appropriate target inside
the working copy, (5) copy the results to ~/public_html/ant/$DATE and
(6) clean out old stuff.

The script is trivial, the thing disturbing me is (1) since I don't
like to install additional stuff on brutus and I really don't want to
download Ant's optional dependencies every night.

>> I could write a shell script that copies over the results of
>> dist-ant.  We could add this to nightlybuild's cron directory
>> easily.
> uhm. You'll still have the security hole that way.

I tend to be on the paranoid side when it comes to security but I
really don't see how using the result of the Gump build is a bigger
security hole than using the Maven setup you currently use for

The optional Ant dependencies needed in dist-ant all come from
Apache's CVS repo or are installed packages with a single exception,
JUnit.  If I fear that either JUnit's module or any of the Apache
modules (including Gump's own module) have been compromised, the same
would apply to the Ant module I'm checking out in the first place -
and it certainly applies to a jar repository on say ibiblio.

> My idea was that the gump user should not get write access to any of
> the nightlybuild stuff, nor should the nightlybuild stuff utilize
> any gump stuff in any way.

I understand the first but not the second part, really.  What security
threat am I missing?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message