0

We need to enable some partners to work with us on some java projects, and we need to provide them with the ant build scripts.

However, if possible, we want to encrypt the ant build files (build.xml etc.) so that partners can do the build, but they cannot see the actual ant file content (I know it's weird).

Any good suggestions are appreciated. (we are on the Windows box)

foolhunger
  • 345
  • 2
  • 12

2 Answers2

1

Ant itself does not allow you to encrypt the build scripts (nor does any other build system AFAIK). What you can do is create a custom wrapper around Ant that will store the build script in an encrypted form, decrypt it during execution and pass the decrypted script to the Ant API. Then you can deliver that wrapper to your partners.

(Giving someone the source code to your system but encrypting the build script seems to be an extremely weird thing to do. If only some specific data in the build script is sensitive, you may want to focus on protecting only this data, using some other approach.)

yole
  • 92,896
  • 20
  • 260
  • 197
  • thanks, but does that mean during the build process, the decrypted build file will be available to the customer? – foolhunger Feb 11 '15 at 11:26
  • You don't have to write out the decrypted file to disk; you can decrypt it and pass it to Ant in memory. – yole Feb 11 '15 at 11:27
  • You can use Ant's `ProjectHelper` API to write that wrapper - `ProjectHelper` is responsible for parsing the build file, so you could decrypt it and then delegate to the default `ProjectHelper2`. See http://ant.apache.org/manual/projecthelper.html – Stefan Bodewig Feb 11 '15 at 12:15
  • @yole if more details can be provided will be helpful – foolhunger Feb 11 '15 at 14:55
  • @StefanBodewig after decrypting the file, it's in memory, how to pass it to ProjectHelper2 without writing to disk? – foolhunger Feb 11 '15 at 15:31
  • @foolh Just looked through the code and `ProjectHelper2` only supports `File` or `URL` sources. This is the case so Ant knows how to resolve relative paths. This means you cannot delegate to it easily (short of implementing your own URL protocol handler) - you will need to implement `ProjectHelper` completely. Maybe you can subclass `ProjectHelper2` and override the three-arg parse method - basically you only want to replace the line that opens the `FileInputStream` with one that adds decryption around such a stream. Note the class hasn't been designed for subclassing, here be dragons. – Stefan Bodewig Feb 11 '15 at 16:50
0

The music industry tries to solve the same problem. You want to let someone read the content in order to play music, but at the same time you want to hide the content for fear of copying. Unfortunately, these are two contradictory requirements....

My suggestion is not to hide your build logic. Instead pass credentials in as build properties. These credentials are specified at run-time and control access to external build systems like:

  • Source code repositories
  • Binary artefact repositories (for storing releases)

The objective is that only authorized build systems can make official changes.

If you absolutely must ship your code with some form of secret, then encrypt that data at rest (Never store plaintext secrets in source code repos). For an example:

Community
  • 1
  • 1
Mark O'Connor
  • 76,015
  • 10
  • 139
  • 185