BTW, I'm afraid you are going to loose more old builds than you intend on the next run (all June builds, leaving your with 20040701 as the only one). Wouldn't -mtime +5 be the better selector?
uhm, yeah, I know. I want to keep the last five, plus one from last month, plus one from last year. Or something like that. I first had
-mtime +5 -or -mtime +30
but that won't work either so I gave up :-D
Its just some simple shell scripts. If you can give me the commands you enter in your shell I can run it ;)
Sure you can, that was the write a different shell script to put into nightlybuild's cron dir option.
Basically it would (1) setup the CLASSPATH, (2) unset ANT_HOME, (3) check out Ant, (4) run ./build.sh with the appropriate target inside the working copy, (5) copy the results to ~/public_html/ant/$DATE and (6) clean out old stuff.
The script is trivial, the thing disturbing me is (1) since I don't like to install additional stuff on brutus and I really don't want to download Ant's optional dependencies every night.
Ah, right. I have this idea where we build up our own private jar repository (currently ~/.ant-basic-profile and ~/.maven-basic-profile) that contains the trusted, released versions of the libraries.
I could write a shell script that copies over the results of dist-ant. We could add this to nightlybuild's cron directory easily.
uhm. You'll still have the security hole that way.
I tend to be on the paranoid side when it comes to security but I really don't see how using the result of the Gump build is a bigger security hole than using the Maven setup you currently use for excalibur.
agreed! But if/when there's a local repository that contains all the neccessary bits you can run maven in --offline mode. I guess I should've mentioned that!
The optional Ant dependencies needed in dist-ant all come from Apache's CVS repo or are installed packages with a single exception, JUnit. If I fear that either JUnit's module or any of the Apache modules (including Gump's own module) have been compromised, the same would apply to the Ant module I'm checking out in the first place - and it certainly applies to a jar repository on say ibiblio.
My idea was that the gump user should not get write access to any of the nightlybuild stuff, nor should the nightlybuild stuff utilize any gump stuff in any way.
I understand the first but not the second part, really. What security threat am I missing?
http://wiki.apache.org/gump/NightlyBuilds
"More importantly, gump retrieves code from "untrusted" sources and executes their builds without checking they don't tamper with anything. For example, imagine I was the author of a weird library that some weird commons code depended on...it is entirely possible to write a task in an ant build.xml file that recompiles a class in tomcat and opens a back door. That might take a while to notice."
the key is to make sure all the stuff we use in nightly builds /is/ "trusted".
-LSD
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
