问题
We need to enable some partners to work with us on some java projects, and we need to provide them with the ant build scripts.
However, if possible, we want to encrypt the ant build files (build.xml etc.) so that partners can do the build, but they cannot see the actual ant file content (I know it's weird).
Any good suggestions are appreciated. (we are on the Windows box)
回答1:
Ant itself does not allow you to encrypt the build scripts (nor does any other build system AFAIK). What you can do is create a custom wrapper around Ant that will store the build script in an encrypted form, decrypt it during execution and pass the decrypted script to the Ant API. Then you can deliver that wrapper to your partners.
(Giving someone the source code to your system but encrypting the build script seems to be an extremely weird thing to do. If only some specific data in the build script is sensitive, you may want to focus on protecting only this data, using some other approach.)
回答2:
The music industry tries to solve the same problem. You want to let someone read the content in order to play music, but at the same time you want to hide the content for fear of copying. Unfortunately, these are two contradictory requirements....
My suggestion is not to hide your build logic. Instead pass credentials in as build properties. These credentials are specified at run-time and control access to external build systems like:
- Source code repositories
- Binary artefact repositories (for storing releases)
The objective is that only authorized build systems can make official changes.
If you absolutely must ship your code with some form of secret, then encrypt that data at rest (Never store plaintext secrets in source code repos). For an example:
- How to use encrypted password in apache BasicDataSource?
来源:https://stackoverflow.com/questions/28452216/encrypt-ant-build-file