FAQ
Dear List:

Is it possible for Ant to read build files from memory?

If possible, what will be the necessary steps, thanks.
This e-mail and any attachments thereto are intended for the sole use of the recipient(s) named above and may contain confidential and/or privileged material. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication, or dissemination in any form) by persons other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer.

Search Discussions

  • Martin Gainty at Feb 11, 2015 at 7:52 pm
    Hi Xiao-

    supposedly yes ...if you can get your File to extend apache jackrabbit MemoryFile
    https://jackrabbit.apache.org/api/1.5/index.html?org/apache/jackrabbit/core/fs/mem/MemoryFile.html

    I would not rely on any java implementor to guarantee your Java Object will be "in memory" vs "on disk"
    specifically a java object which implements Serializable will save the object to disk by the serializer..
    http://www.onjava.com/pub/a/onjava/excerpt/JavaRMI_10/?page=3
    (except your objects declared as transient of course)

    Did you have a specific requirement in mind for "Memory File" for your build.xml ?

    BR,
    Martin



    From: jackie.xiao@ebaotech.com
    To: user@ant.apache.org
    Subject: [Ant]Read buid.xml file in memory
    Date: Wed, 11 Feb 2015 16:07:11 +0000

    Dear List:

    Is it possible for Ant to read build files from memory?

    If possible, what will be the necessary steps, thanks.
    This e-mail and any attachments thereto are intended for the sole use of the recipient(s) named above and may contain confidential and/or privileged material. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication, or dissemination in any form) by persons other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer.
  • Jackie Xiao at Feb 13, 2015 at 4:51 am
    Hi, Martin

    The thing is, we need to enable customers to work with us, but we don’t want to share the build scripts (I know it’s weird).

    So, we want to encrypt the build.xml and give them the encrypted file.

    In the build process, we will decrypt build.xml in memory, and if Ant can read the content from memory, this should work.

    Thanks
    Best Regards

    From: Martin Gainty <mgainty@hotmail.com
    Date: 2015年2月12日 GMT+08003时52分04秒
    To: Ant Users List <user@ant.apache.org
    Subject: RE: [Ant]Read buid.xml file in memory
    Reply-To: "Ant Users List" <user@ant.apache.org
    Hi Xiao-

    supposedly yes ...if you can get your File to extend apache jackrabbit MemoryFile
    https://jackrabbit.apache.org/api/1.5/index.html?org/apache/jackrabbit/core/fs/mem/MemoryFile.html

    I would not rely on any java implementor to guarantee your Java Object will be "in memory" vs "on disk"
    specifically a java object which implements Serializable will save the object to disk by the serializer..
    http://www.onjava.com/pub/a/onjava/excerpt/JavaRMI_10/?page=3
    (except your objects declared as transient of course)

    Did you have a specific requirement in mind for "Memory File" for your build.xml ?

    BR,
    Martin





    From: jackie.xiao@ebaotech.com
    To: user@ant.apache.org
    Subject: [Ant]Read buid.xml file in memory
    Date: Wed, 11 Feb 2015 16:07:11 +0000

    Dear List:

    Is it possible for Ant to read build files from memory?

    If possible, what will be the necessary steps, thanks.
    This e-mail and any attachments thereto are intended for the sole use of the recipient(s) named above and may contain confidential and/or privileged material. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication, or dissemination in any form) by persons other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer.
  • Earl Hood at Feb 13, 2015 at 5:53 am

    On Thu, Feb 12, 2015 at 7:54 PM, Jackie Xiao wrote:

    The thing is, we need to enable customers to work with us, but we
    don’t want to share the build scripts (I know it’s weird).
    Then maybe you should consider using the Ant API directly to set your
    tasks and what not, or a different tool entirely.

    One method you can try, depending on how paranoid you are about your
    customers accessing your "build scripts" is the following:

       - Store your build script encrypted, maybe stored as a resource in
         a jar file.
       - Decrypt the file to a temp file, launch Ant with the temp file, then
         after it loads it, delete the temp file.

    This sets up a race condition, but I think this may be sufficient
    because a determined persion will be able to see your scripts even if
    they are all in memory. E.g. Run your program in a debugger and trace
    thru until the data is decrypted to access the raw script.

    Also, you mention "encrypt", but that requires a decryption key, so how
    would you prevent a customer from finding the key and decrypting the
    file(s)? Are you running as a service or privileged process and your
    customers do not have local access to the systems?

    So, we want to encrypt the build.xml and give them the encrypted file.

    In the build process, we will decrypt build.xml in memory, and if Ant
    can read the content from memory, this should work.
    Another possible approach is register your own URL protocol handler. It
    appears that Ant's builtin project helper does support a URL to a
    resource, so if you create your own custom protocol and handler, this
    will give you the opportunity to do your decryption phase when Ant
    requests the inputstream to the resource.


    Without knowing the full context of your operating environment and your
    relationship with your customers, you may be looking at the problem in
    the wrong way, where alternative approachs may exist that satisfy your
    business constraints.

    --ewh

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
    For additional commands, e-mail: user-help@ant.apache.org
  • Martin Gainty at Feb 13, 2015 at 1:25 pm

    Date: Thu, 12 Feb 2015 23:53:19 -0600
    Subject: Re: [Ant]Read buid.xml file in memory
    From: earlhood@gmail.com
    To: user@ant.apache.org
    On Thu, Feb 12, 2015 at 7:54 PM, Jackie Xiao wrote:

    The thing is, we need to enable customers to work with us, but we
    don’t want to share the build scripts (I know it’s weird).
    Then maybe you should consider using the Ant API directly to set your
    tasks and what not, or a different tool entirely.

    One method you can try, depending on how paranoid you are about your
    customers accessing your "build scripts" is the following:

    - Store your build script encrypted, maybe stored as a resource in
    a jar file.
    - Decrypt the file to a temp file, launch Ant with the temp file, then
    after it loads it, delete the temp file.

    This sets up a race condition, but I think this may be sufficient
    because a determined persion will be able to see your scripts even if
    they are all in memory. E.g. Run your program in a debugger and trace
    thru until the data is decrypted to access the raw script.

    Also, you mention "encrypt", but that requires a decryption key, so how
    would you prevent a customer from finding the key and decrypting the
    file(s)? Are you running as a service or privileged process and your
    customers do not have local access to the systems?

    So, we want to encrypt the build.xml and give them the encrypted file.

    In the build process, we will decrypt build.xml in memory, and if Ant
    can read the content from memory, this should work.
    Another possible approach is register your own URL protocol handler. It
    appears that Ant's builtin project helper does support a URL to a
    resource, so if you create your own custom protocol and handler, this
    will give you the opportunity to do your decryption phase when Ant
    requests the inputstream to the resource.


    Without knowing the full context of your operating environment and your
    relationship with your customers, you may be looking at the problem in
    the wrong way, where alternative approachs may exist that satisfy your
    business constraints.

    --ewh
    MG>a customised protocol would solve the problem but 99% of web app webmasters would
    MG>implement their webapps on a HTTPS connection implementing SSLv3/TLS
    http://yaksman.org/~lweith/ssl.pdf
    MG>the right way to implement secure connections are with certificate and public-key and private-key
    MG>so you can implement certificate with 1 key (symmetric key)
    MG>but symmetric is not as hardened as 2 way asymmetric which protects both sides of the exchange
    http://security.stackexchange.com/questions/7219/asymmetric-vs-symmetric-encryption
    MG>if your client is serious about encryption i would contact these folks for certs/keys on securing your site
    https://www.symantec.com/ssl-sem-page/?
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
    For additional commands, e-mail: user-help@ant.apache.org
  • Stefan Bodewig at Feb 12, 2015 at 5:43 am

    On 2015-02-11, Jackie Xiao wrote:

    Is it possible for Ant to read build files from memory?
    Yes, but it takes some effort. The entry point for this would be a
    custom ProjectHelper implementation[1].

    Note that there are several parts in Ant that assume there is some sort
    of File that defines the build - or at least a "base directory" so
    relative paths can get resolved. This means you will still need to set
    the basedir of the Project instance you create.

    My first instinct was to subclass Ant's own ProjectHelper2[2] but it
    isn't really subclass friendly. You'd need to override the three arg
    parse method to set the InputSource from a stream reading from memory
    (or a CipherInputStream wrapping the FileInputStream ;-).

    Unfortunately the machinery of ProjectHelper2 relies on AntXMLContext
    knowing the buildfile and you don't get hold of the context inside the
    three arg parse method as there is no accessor for it in RootHandler.
    There are ways that require knowledge of ProjectHelper2's internals.

    One thing making things even more complex is that Ant itself loads some
    antlibs when starting and uses the same ProjectHelper - these should be
    read from the "real" URLs.

    I ended up with a simple proof of concept, but wouldn't want to use
    something like this in production. You may want to open an enhancement
    request for making ProjectHelper2 more sub-class friendly for your real
    use case (wrapping the input stream).

    Stefan

    [1] http://ant.apache.org/manual/projecthelper.html

    [2] https://git-wip-us.apache.org/repos/asf?p=ant.git;a=blob;f=src/main/org/apache/tools/ant/helper/ProjectHelper2.java;h=67e1decb9f01d7496a11b0745359d61b5c2694b8;hb=HEAD

    [3] https://gist.github.com/bodewig/7909d63fc887b908a56a

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
    For additional commands, e-mail: user-help@ant.apache.org

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupuser @
categoriesant
postedFeb 11, '15 at 4:34p
activeFeb 13, '15 at 1:25p
posts6
users4
websiteant.apache.org

People

Translate

site design / logo © 2018 Grokbase