The Unix-Like Build Pattern
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Tracking Known Security Vulnerabilities in Third-Party Components
Tracking known security vulnerabilities in third-party components Master’s Thesis Mircea Cadariu Tracking known security vulnerabilities in third-party components THESIS submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE in COMPUTER SCIENCE by Mircea Cadariu born in Brasov, Romania Software Engineering Research Group Software Improvement Group Department of Software Technology Rembrandt Tower, 15th floor Faculty EEMCS, Delft University of Technology Amstelplein 1 - 1096HA Delft, the Netherlands Amsterdam, the Netherlands www.ewi.tudelft.nl www.sig.eu c 2014 Mircea Cadariu. All rights reserved. Tracking known security vulnerabilities in third-party components Author: Mircea Cadariu Student id: 4252373 Email: [email protected] Abstract Known security vulnerabilities are introduced in software systems as a result of de- pending on third-party components. These documented software weaknesses are hiding in plain sight and represent the lowest hanging fruit for attackers. Despite the risk they introduce for software systems, it has been shown that developers consistently download vulnerable components from public repositories. We show that these downloads indeed find their way in many industrial and open-source software systems. In order to improve the status quo, we introduce the Vulnerability Alert Service, a tool-based process to track known vulnerabilities in software projects throughout the development process. Its usefulness has been empirically validated in the context of the external software product quality monitoring service offered by the Software Improvement Group, a software consultancy company based in Amsterdam, the Netherlands. Thesis Committee: Chair: Prof. Dr. A. van Deursen, Faculty EEMCS, TU Delft University supervisor: Prof. Dr. A. -
Apache Ant Best Practices
08_Lee_ch05.qxd 5/3/06 5:12 PM Page 81 C HAPTER 5 Apache Ant Best Practices This chapter looks in more detail at some best practices for using Ant on real projects. First I describe the use of property files to enable configuration of the build process depending on a user’s role and requirements. I then describe how best to integrate Ant with IBM Rational ClearCase. Finally, I look at some general best practices for supporting the build process on large projects. Aims of This Chapter Apache Ant is a powerful build tool with significant built-in capabilities. However, a few capabil- ities and best practices stand out; they are described here. After reading this chapter, you will be able to • Understand what Ant property files are and how they can be used to make build scripts more maintainable. • Understand how to use Ant’s capabilities to better integrate with IBM Rational ClearCase. • Implement Ant build files that support reuse and maintainability on large projects. This chapter assumes that you are familiar with the basic concepts of Apache Ant that were discussed in Chapter 4, “Defining Your Build and Release Scripts.” Property Files From the perspective of Chapter 4, an Ant build.xml file is a single centralized build file that defines a repeatable process for bringing together an application, usually producing some form of 81 08_Lee_ch05.qxd 5/3/06 5:12 PM Page 82 82 Chapter 5 Apache Ant Best Practices executable output. Although a single build.xml file can be enough to drive the build process, in practice it can quickly become large and unwieldy. -
Return of Organization Exempt from Income
OMB No. 1545-0047 Return of Organization Exempt From Income Tax Form 990 Under section 501(c), 527, or 4947(a)(1) of the Internal Revenue Code (except black lung benefit trust or private foundation) Open to Public Department of the Treasury Internal Revenue Service The organization may have to use a copy of this return to satisfy state reporting requirements. Inspection A For the 2011 calendar year, or tax year beginning 5/1/2011 , and ending 4/30/2012 B Check if applicable: C Name of organization The Apache Software Foundation D Employer identification number Address change Doing Business As 47-0825376 Name change Number and street (or P.O. box if mail is not delivered to street address) Room/suite E Telephone number Initial return 1901 Munsey Drive (909) 374-9776 Terminated City or town, state or country, and ZIP + 4 Amended return Forest Hill MD 21050-2747 G Gross receipts $ 554,439 Application pending F Name and address of principal officer: H(a) Is this a group return for affiliates? Yes X No Jim Jagielski 1901 Munsey Drive, Forest Hill, MD 21050-2747 H(b) Are all affiliates included? Yes No I Tax-exempt status: X 501(c)(3) 501(c) ( ) (insert no.) 4947(a)(1) or 527 If "No," attach a list. (see instructions) J Website: http://www.apache.org/ H(c) Group exemption number K Form of organization: X Corporation Trust Association Other L Year of formation: 1999 M State of legal domicile: MD Part I Summary 1 Briefly describe the organization's mission or most significant activities: to provide open source software to the public that we sponsor free of charge 2 Check this box if the organization discontinued its operations or disposed of more than 25% of its net assets. -
Inequalities in Open Source Software Development: Analysis of Contributor’S Commits in Apache Software Foundation Projects
RESEARCH ARTICLE Inequalities in Open Source Software Development: Analysis of Contributor’s Commits in Apache Software Foundation Projects Tadeusz Chełkowski1☯, Peter Gloor2☯*, Dariusz Jemielniak3☯ 1 Kozminski University, Warsaw, Poland, 2 Massachusetts Institute of Technology, Center for Cognitive Intelligence, Cambridge, Massachusetts, United States of America, 3 Kozminski University, New Research on Digital Societies (NeRDS) group, Warsaw, Poland ☯ These authors contributed equally to this work. * [email protected] a11111 Abstract While researchers are becoming increasingly interested in studying OSS phenomenon, there is still a small number of studies analyzing larger samples of projects investigating the structure of activities among OSS developers. The significant amount of information that OPEN ACCESS has been gathered in the publicly available open-source software repositories and mailing- list archives offers an opportunity to analyze projects structures and participant involve- Citation: Chełkowski T, Gloor P, Jemielniak D (2016) Inequalities in Open Source Software Development: ment. In this article, using on commits data from 263 Apache projects repositories (nearly Analysis of Contributor’s Commits in Apache all), we show that although OSS development is often described as collaborative, but it in Software Foundation Projects. PLoS ONE 11(4): fact predominantly relies on radically solitary input and individual, non-collaborative contri- e0152976. doi:10.1371/journal.pone.0152976 butions. We also show, in the first published study of this magnitude, that the engagement Editor: Christophe Antoniewski, CNRS UMR7622 & of contributors is based on a power-law distribution. University Paris 6 Pierre-et-Marie-Curie, FRANCE Received: December 15, 2015 Accepted: March 22, 2016 Published: April 20, 2016 Copyright: © 2016 Chełkowski et al. -
Installation Guide for Oracle Team Productivity Center Server 11G Release 2 (11.1.2.1.0)
Oracle® Fusion Middleware Installation Guide for Oracle Team Productivity Center Server 11g Release 2 (11.1.2.1.0) E17075-02 September 2011 This document provides information on: ■ Section 1, "Oracle Team Productivity Center Server System Requirements" ■ Section 2, "Installing the Oracle Team Productivity Center Server" ■ Section 3, "Installing an Oracle Team Productivity Center Connector" ■ Section 4, "Installing Oracle Team Productivity Center Server on a Production Oracle WebLogic Server" ■ Section 5, "Installing and Running CruiseControl Test Collection" ■ Section 6, "Documentation Accessibility" 1 Oracle Team Productivity Center Server System Requirements For the most current system requirements, please refer to the Oracle Fusion Middleware Installation Guide for Oracle JDeveloper. 2 Installing the Oracle Team Productivity Center Server The installation software for Oracle Team Productivity Center Server is distributed as a platform-independent JAR file. Download the Oracle Team Productivity Center Server installation JAR file from the Oracle Technology Network (OTN) web site: http://www.oracle.com/technetwork/developer-tools/tpc/downloads/ index.html The following sections describe how to install the Oracle Team Productivity Center Server: ■ Section 2.1, "Before You Begin" ■ Section 2.2, "Prerequisites for Installation" ■ Section 2.4, "Installer Screens for Server Installation" ■ Section 2.5, "Upgrading Oracle Team Productivity Center Server with Apache Tomcat 6.0.20" You can choose to install the Oracle Team Productivity Center Server either as a new installation or as an update to an existing server. The installation software is the same, but there are slight differences in the procedure for installing the server depending on whether you are creating a new installation or upgrading an existing one. -
Introduction to Cruisecontrol Agenda Benefits of Continuous Integration Success Factors
Ø Introduction to CruiseControl * Change the marked fields if you are presenting these slides yourself. Refer to the overview and instructions for details. Joe Schmetzer* http://www.exubero.com/* This work is licensed under a Creative Commons Attribution-ShareAlike2.5 License. Resources YouTube clip as motivation: Every Build You Break Agenda Continuous Integration o Benefits of Continuous Integration o Success Factors o Successful Build Defined CruiseControl o What is CruiseControl? o How Does CruiseControl Work? o CruiseControl Demonstration Summary Questions Benefits of Continuous Integration Removes integration sessions Minimizes number of integration bugs o If you build and test your software once an hour, no problem is more than an hour old. Improves team work Delivers latest best build product Reduces the overall development cost by: o making it easier to find and fix problems o provides valuable and timely information, letting the development be managed more tightly. Resources Refer to the original article on CI by Martin Fowler and Matthew Foemmel: http://www.martinfowler.com/articles/continuousIntegration.html Mike Clark's "Dear Manager" articles at http://www.clarkware.com/cgi/blosxom/DearManager give further information about the return on investment. Success Factors Single source code repository Automated build scripts Automated tests Developers' discipline o Synchronise often o Don't break the build o When you break the build, fix it. Resources Refer to the original article on CI by Martin Fowler and Matthew -
Rails for the “Enterprise”
Beam me up, Scotty! Rails for the “Enterprise” Charles Johnson Rick Bradley Director, IS Applications Project Manager Centerstone Centerstone 1 What Enterprise? 2 What Enterprise? • Enterprise system? 2 What Enterprise? • Enterprise system? •Enterprise software? 2 What Enterprise? • Enterprise system? •Enterprise software? •Enterprise platform? 2 Centerstone Enterprise 3 Centerstone Enterprise • 25 Counties 3 Centerstone Enterprise • 25 Counties • 150 Locations 3 Centerstone Enterprise • 25 Counties • 150 Locations • 40,000 Clients 3 Centerstone Enterprise • 25 Counties • 150 Locations • 40,000 Clients • 1,100 Staff 3 Centerstone Enterprise • 25 Counties • 150 Locations • 40,000 Clients • 1,100 Staff • Comprehensive Electronic Record 3 Centerstone Enterprise Requirements Dimension 4 Centerstone Enterprise Requirements Dimension Available & Reliable 4 Centerstone Enterprise Requirements Dimension Available & Reliable • All the time 4 Centerstone Enterprise Requirements Dimension Available & Reliable • All the time Accessible 4 Centerstone Enterprise Requirements Dimension Available & Reliable • All the time Accessible • Everywhere 4 Centerstone Enterprise Requirements Dimension Available & Reliable • All the time Accessible • Everywhere Scalable 4 Centerstone Enterprise Requirements Dimension Available & Reliable • All the time Accessible • Everywhere Scalable • 300 to 9000 users 4 Centerstone Enterprise Requirements Dimension 5 Centerstone Enterprise Requirements Dimension Maintenance 5 Centerstone Enterprise Requirements Dimension Maintenance -
Build Notifications in Agile Environments
University of Calgary PRISM: University of Calgary's Digital Repository Science Science Research & Publications 2008-01-14 Build Notifications in Agile Environments Ablett, Ruth; Maurer, Frank; Sharlin, Ehud; Denzinger, Joerg; Schock, Craig http://hdl.handle.net/1880/45854 unknown Downloaded from PRISM: https://prism.ucalgary.ca Build Notifications in Agile Environments Abstract. In an agile software development environment, developers write code that should work together to fulfill the wishes of the customer. Continuous integration (CI) ensures that code from different individuals integrates properly. CI compiles the entire codebase, deploys and tests it with each change. CI alerts developers of any problems as errors can be fixed more easily if caught earlier in the process. This paper compares the effectiveness of different types of mechanisms for notifying developers to a successful or unsuccessful build. Two different quantitative and qualitative user studies were performed testing the effectiveness of three types of notification devices – one virtual e-mail based mechanism, one using ambient lava lamps, and one robotic device. The results show that most developers preferred an easily visible but unobtrusive ambient device combined with an e-mail describing the problem in more detail. Keywords: Agile methods, information awareness, ambient display, continuous integration 1 Introduction Agile methods [1] are becoming popular in the software industry. In agile software development projects, there may be anywhere from one to hundreds of developers working concurrently on the code base, so it is imperative that all software written by each developer integrates properly into the entire project. To this end, most agile teams adopt Continuous Integration (CI). -
Continuous Integration (CI) Needs and Wishes for Developers of Proprietary Code
Continuous Integration (CI) Needs and Wishes for Developers of Proprietary Code Michael Hilton, Nicholas Nelson, Danny Dig Timothy Tunnell, Darko Marinov School of EECS, Oregon State University CS Department, University of Illinois {hiltonm,nelsonni,digd}@oregonstate.edu {tunnell2,marinov}@illinois.edu Abstract—Continuous integration (CI) systems automate the Open-source projects are often considered fundamentally dif- compilation, building, and testing of software. Despite CI being ferent from proprietary-code projects [6]. Differences between one of the most widely used processes in software engineering, open-source and proprietary-code projects include that open- we do not know what motivates developers to use CI, and what barriers and unmet needs they face. Without such knowledge source projects foster more creativity [7], have fewer defects [7], developers make easily avoidable errors, managers reduce the and assign work differently [8]. However, similarities have also productivity of developers by making misinformed decisions, tool been found, including how GitHub is used [9], overall project builders invest in the wrong direction, and researchers miss many complexity [7], and amount of modularity [7]. opportunities for improving the software engineering practice. There are still many gaps in our knowledge about why Given the large fraction of proprietary code development, un- derstanding how proprietary developers are using CI is vital to developers use CI, and what barriers they face, especially for improving it. projects of proprietary code. What motivates developers to use We present the first study of how CI is used in the proprietary CI? What are the barriers that developers face when using development of software. We conduct 16 semi-structured inter- CI? What needs do developers have that are unmet by their views with developers from different industries and development current CI system(s)? Do proprietary developers have the same scale. -
Generación, Gestión Y Distribución De Artefactos Java Con Técnicas De Integración Continua Y Software Libre
FACULTAD DE INFORMÁTICA UNIVERSIDAD POLITÉCNICA DE MADRID UNIVERSIDAD POLITÉCNICA DE MADRID FACULTAD DE INFORMÁTICA TRABAJO FIN DE CARRERA GENERACIÓN, GESTIÓN Y DISTRIBUCIÓN DE ARTEFACTOS JAVA CON TÉCNICAS DE INTEGRACIÓN CONTINUA Y SOFTWARE LIBRE AUTOR: Carlos González Sánchez TUTOR: Francisco Gisbert Canto Agradecimientos A la Comunidad de Software Libre, porque sin ella este trabajo difícilmente po- dría haberse llevado a cabo. A Javier Bezos por compartir generosamente su amplio conocimiento acerca de LATEX, y a Ignacio Estirado por su inestimable ayuda en el trabajo de campo. A Susana, a Martín y a mis padres, por todo. Facultad de Informática - UPM. Julio 2008. Carlos González Sánchez I Índice general Agradecimientos I Resumen VII 1. INTRODUCCIÓN1 1.1. Motivación.................................1 1.2. Objetivos..................................2 1.3. Alcance...................................3 2. MATERIAL DE ESTUDIO5 2.1. Ciclo de vida del software........................5 2.2. Control de versiones...........................6 2.3. Gestión de artefactos...........................7 2.4. Gestión de dependencias.........................8 2.5. Gestión de despliegues.......................... 10 2.6. Integración continua........................... 10 2.7. Virtualización............................... 11 2.7.1. Tecnologías de virtualización.................. 12 2.7.2. Ventajas de la virtualización................... 13 2.7.3. Inconvenientes.......................... 14 3. METODOLOGÍA 15 3.1. Arquitectura................................ 15 -
Apache Continuum 1.3.8 V
...................................................................................................................................... Apache Continuum 1.3.8 v. ...................................................................................................................................... The Apache Continuum Project Documentation i Documentation ....................................................................................................................................... 1 Index (category) . 1 2 Getting Started . 2 3 Installation/Upgrade Guides . 3 4 System Requirements . 4 5 Installation . 5 6 Standalone . 6 7 Tomcat . 10 8 Upgrade . 15 9 User's Guides . 17 10 Managing Projects . 18 11 Add a Project . 19 12 Edit a Project . 24 13 Remove a Project . 27 14 Managing Build Definitions . 28 15 Project Build Definition . 29 16 Project Group Build Definition . 31 17 Managing Notification . 33 18 Mail Notification . 35 19 IRC Notification . 36 20 Jabber Notification . 38 21 MSN Notification . 40 22 Wagon Notification . 41 23 Building a project . 43 24 Scheduled Build . 44 25 Forced Build . 45 26 Build Results Management . 46 26 Release Management . 48 26 Prepare Project Release . 50 26 Perform Project Release . 53 26 Release Results Management . 55 26 Administrator's Guides . 56 26 Managing Users and Security . 57 26 Security Configuration . 58 26 LDAP Configuration . 59 26 Managing Project Groups . 60 26 Managing Builders . 63 26 Managing JDKs . 65 26 Managing Build Environments . © 2 0 1 1 , • A L L R I G H T S R E S E R V E D . Documentation ii 26 Managing Schedules . 66 26 Managing General Configuration . 69 26 Managing Local Repositories . 71 26 Managing Purge Configuration . 72 26 Managing Parallel Builds . 74 26 Managing Build Queues . 75 26 Managing Build Agents . 77 26 Managing Build Agent Groups . 78 26 Managing Project Queues . 79 26 External databases . 81 26 Monitoring Continuum . 84 26 Log Files . 87 26 Audit Logs . -
Apache Maven Current Version User Guide
...................................................................................................................................... Apache Maven Current version User Guide ...................................................................................................................................... The Apache Software Foundation 2009-10-16 T a b l e o f C o n t e n t s i Table of Contents ....................................................................................................................................... 1 Table of Contents . i 2 What is Maven? . 1 3 Features . 3 4 FAQ . 4 5 Community Overview . 11 5.1 How to Contribute . 13 5.2 Getting Help . 15 5.3 Issue Tracking . 17 5.4 Source Repository . 18 5.5 Continuous Integration . 20 6 Running Maven . 21 7 Maven Plugins . 23 8 User Centre . 30 8.1 Maven in 5 Minutes . 31 8.2 Getting Started Guide . 35 8.3 POM Reference . 57 8.4 Settings Reference . 91 8.5 Guides . 100 8.5.1 The Build Lifecycle . 103 8.5.2 The POM . 111 8.5.3 Profiles . 123 8.5.4 Repositories . 133 8.5.5 Standard Directory Layout . 136 8.5.6 The Dependency Mechanism . 137 8.5.7 Plugin Development . 153 8.5.8 Configuring Plug-ins . 156 8.5.9 The Plugin Registry . 169 8.5.10 Plugin Prefix Resolution . 172 8.5.11 Developing Ant Plugins . 174 8.5.12 Developing Java Plugins . 188 8.5.13 Creating a Site . 198 8.5.14 Snippet Macro . 203 8.5.15 What is an Archetype . 205 8.5.16 Creating Archetypes . 207 8.5.17 From Maven 1.x to Maven 2.x . 210 8.5.18 Using Maven 1.x repositories with Maven 2.x . 213 8.5.19 Relocation of Artifacts . 214 8.5.20 Installing 3rd party JARs to Local Repository .